Unable to run Comboxfix / SuperAnitivurs / Hijackthis

Discussion in 'Malware Help (A Specialist Will Reply)' started by moe458, May 23, 2009.

  1. moe458

    moe458 Private E-2

    Hi,


    Earlier I ran Avira antivirus and it told me there is TR/PATCHED.GE virus found which was deleted/removed.

    Following the Guide: Windows XP Cleaning Procedure
    http://forums.majorgeeks.com/showthread.php?t=139313

    I still have problems with Combofix, SuperAnitivirus and Hijackthis in Safe Mode and Normal Mode(not being able to run the applications).

    Comboxfix does not run(after double clicking disappers).
    SuperAnitivirus says it encountered an error and needs to be closed. Hijackthis does not run. I double click on it and it disappears.

    I was able to run the MGLogs which as created a MGLogs.zip file.


    Any help or suggestion would be greated appriecated.

    Thank You,

    Moe.
     

    Attached Files:

    moe458, May 23, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please use add/remove programs to uninstall:
    Java 2 Runtime Environment, SE v1.4.2_02

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Run CCleaner and make sure these are gone afterwards:
    C:\WINDOWS\Temp\149890.tmp
    C:\WINDOWS\Temp\84390.tmp

    Now see if you can run the other scans and get me those logs:
    SAS
    MBAM
    ComboFix

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\MGlogs.zip
     
    TimW, May 24, 2009
    #2
  3. moe458

    moe458 Private E-2

    Hi,
    Thanks for your help and time.

    Seems like the system is working fine. However the problem i see is that browser is still acting a bit wierd.

    When I do the google search, search results are coming a bit unsual and after clicking it opens up a new window on each click of result.

    When I was trying to goto the Spybot Website it telling me "Internet Explorer cannot display the webpage"

    Something is on here but i can't seem to figure it out.:confused

    by the way the system configuration is:
    windows xp professional xp3
    IE7 7.0.5730.13
    Java 2 Runtime Environment SE 1.6.0_13


    CLEANING COMPLETE - (0.959 secs)
    ------------------------------------------------------------------------------------------
    2.12MB removed.
    ------------------------------------------------------------------------------------------

    Details of files deleted
    ------------------------------------------------------------------------------------------
    IE Temporary Internet Files (295 files) 1.92MB
    C:\Documents and Settings\Moe\Cookies\moe@75.102.7[1].txt 82 bytes
    C:\Documents and Settings\Moe\Cookies\moe@majorgeeks[1].txt 96 bytes
    C:\Documents and Settings\Moe\Cookies\moe@yahoo[1].txt 490 bytes
    C:\Documents and Settings\Moe\Cookies\moe@symantec[1].txt 109 bytes
    C:\Documents and Settings\Moe\Cookies\moe@www.stopzilla[1].txt 77 bytes
    C:\Documents and Settings\Moe\Cookies\moe@forums.majorgeeks[2].txt 564 bytes
    C:\Documents and Settings\Moe\Cookies\moe@quantserve[2].txt 199 bytes
    C:\Documents and Settings\Moe\Cookies\moe@stopzilla[2].txt 571 bytes
    C:\Documents and Settings\Moe\Cookies\moe@google[3].txt 131 bytes
    C:\Documents and Settings\Moe\Cookies\moe@google[1].txt 131 bytes
    C:\Documents and Settings\Moe\Cookies\moe@google[2].txt 130 bytes
    C:\Documents and Settings\Moe\Cookies\moe@groups.google[2].txt 431 bytes
    C:\Documents and Settings\Moe\Local Settings\History\History.IE5\MSHist012009052520090526\index.dat 32.00KB
    Marked for deletion: C:\Documents and Settings\Moe\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    Marked for deletion: C:\Documents and Settings\Moe\Cookies\index.dat
    Marked for deletion: C:\Documents and Settings\Moe\Local Settings\History\History.IE5\index.dat
    C:\Documents and Settings\Moe\Recent\BDOSCAN8.lnk 483 bytes
    C:\Documents and Settings\Moe\Recent\ComboFix.txt.lnk 415 bytes
    C:\Documents and Settings\Moe\Recent\combofix_og.txt.lnk 492 bytes
    C:\Documents and Settings\Moe\Recent\combofix_og1.txt.lnk 497 bytes
    C:\Documents and Settings\Moe\Recent\combo_fix_log.txt.lnk 502 bytes
    C:\Documents and Settings\Moe\Recent\live.ini.lnk 614 bytes
    C:\Documents and Settings\Moe\Recent\Local Disk (C).lnk 293 bytes
    C:\Documents and Settings\Moe\Recent\mbam-log-2009-05-25 (03-52-06).txt.lnk 587 bytes
    C:\Documents and Settings\Moe\Recent\MGlogs.zip.lnk 395 bytes
    C:\Documents and Settings\Moe\Recent\software.LOG.lnk 690 bytes
    C:\Documents and Settings\Moe\Recent\subs.lnk 531 bytes
    C:\Documents and Settings\Moe\Recent\SUPERAntiSpyware Scan Log - 05-25-2009 - 01-44-48.log.lnk 682 bytes
    C:\Documents and Settings\Moe\Recent\system.LOG.lnk 678 bytes
    C:\WINDOWS\system32\wbem\Logs\FrameWork.log 782 bytes
    C:\WINDOWS\system32\wbem\Logs\NTEVT.log 2 bytes
    C:\WINDOWS\system32\wbem\Logs\wbemcore.log 4.41KB
    C:\WINDOWS\system32\wbem\Logs\wbemess.log 57.27KB
    C:\WINDOWS\system32\wbem\Logs\WBEMSNMP.log 2 bytes
    C:\WINDOWS\system32\wbem\Logs\wmiprov.log 1.36KB
    C:\WINDOWS\0.log 0 bytes
    C:\WINDOWS\setupapi.log 31.17KB
    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log 60.54KB
    C:\WINDOWS\Debug\Netlogon.log 0 bytes
    C:\WINDOWS\Debug\UserMode\userenv.log 3.52KB
    C:\WINDOWS\security\logs\scecomp.old 2.67KB
    C:\Documents and Settings\Moe\Application Data\Microsoft\MSN Messenger\433826094\sqmdata00.sqm 416 bytes
    C:\Documents and Settings\Moe\Application Data\Microsoft\MSN Messenger\433826094\sqmdata01.sqm 416 bytes
    C:\Documents and Settings\Moe\Application Data\Microsoft\MSN Messenger\433826094\sqmdata02.sqm 416 bytes
    C:\Documents and Settings\Moe\Application Data\Microsoft\MSN Messenger\433826094\sqmnoopt00.sqm 304 bytes
    C:\Documents and Settings\Moe\Application Data\Microsoft\MSN Messenger\433826094\sqmnoopt01.sqm 304 bytes
    C:\Documents and Settings\Moe\Application Data\Microsoft\MSN Messenger\433826094\sqmnoopt02.sqm 304 bytes
    C:\Documents and Settings\Moe\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 405 bytes
    ------------------------------------------------------------------------------------------
     

    Attached Files:

    Last edited: May 25, 2009
    moe458, May 25, 2009
    #3
  4. moe458

    moe458 Private E-2

    I just download and installed Spybot. Intially I was having problems downloading the updates immediately, however i downloaded and ran the manual updates and it started to work.

    I found quite a few problems. I'm attaching the log of that as well for review.

    Thanks,

    Moe.

     

    Attached Files:

    moe458, May 28, 2009
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are clean. But they won't stay that way without an AV program installed. You had at one time AVG and Norton. You need to at least re-install AVG.

    All that spybot found where cookies.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, May 30, 2009
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds