will not let me use your tools

Discussion in 'Malware Help (A Specialist Will Reply)' started by william02812, Aug 20, 2009.

  1. william02812

    william02812 Private E-2

    Good Morning,

    I got hit pretty hard yesterday with something, a screen popped up and it was some type of av virus software that tried to install on my machine...

    I had superantispyware and malwarebytes anti-malware already on my machine - but what hit me disabled both of them along with my mcafee security center.

    what steps do I need to ake, or what information do I need to get to you so you can help me?
     
    william02812, Aug 20, 2009
    #1
  2. william02812

    william02812 Private E-2

    I have used your malware removal description before - but now that I can not use the software, I am at a loss....

    do you need a hijack log? - avenger log?...I just need some pointers to get started.

    the virus also disabled spybot search and destroy, I have run the ccleaner, but that is about it.
     
    william02812, Aug 20, 2009
    #2
  3. william02812

    william02812 Private E-2

    well I could not get any of your programs to run due to the virus or malware - but I did get the MGtools to work...so I have attached the log file for it...I hope that helps.

    I tried to follow the malware removal guide that you have posted on the forum, but the only programs I could get to work was Ccleaner and the MGtools

    Combo fix, malewarebytes, and superantispyware were disabled
     

    Attached Files:

    william02812, Aug 20, 2009
    #3
  4. william02812

    william02812 Private E-2

    Good Morning, I posted this yesterday at 8:00am or so, and I have been reading through the post trying to figure out what I need to do…with little or no luck.

    I am using windows xp pro, and have been hit by a pretty bad virus / malware.

    The virus will not allow me to do your removal tutorial – well it will not let me install or uninstall or even use (regular and safe mode) superantispyware, malwarebytes, spybot search and destroy, and combo fix …the only thing it will let me do is run the MGTools, and I have done that and created a log.

    It seems like whoever developed this virus was targeting the software that a lot of malware removal sites use, like bleepingcomputers.com and pcpitstop.com – and I am at a loss, although I have read through a ton of posts on this site, I can not make heads or tails of what is going on.

    I tried rootrepeal, with no luck, the scan comes up with all kinds of X’s and errors when I run it, I also tried rootkitbuster and it reboots my pc halfway through the scan.

    I have found that there are things I can not delete from my temp folders
    (C:\Documents and Settings\my name\Local Settings\temp), and these are or were related to a file called (b.exe) the file names are ~DF7C05.tmp, ~DF4025. tmp, ~WRF0000. tmp, IMG7. tmp, IMGF. tmp, IMG6. tmp - I was able, I think to get ride of the b.exe with killbox…well at least it does not show up in the temp folder any more.

    I need to know where to start, if I could do your tutorial then I would be ok, I even uninstalled Mcafee to try and run Kaspersky – but the problem with that is I have uninstalled Mcafee and got Kaspersky installed and updated – it runs for a few minute and disappears then the icon on my start bar says that the “service part of the program was unloaded from computer memory” and it will not work and when I try to run it again an error dialog box comes up with “windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item”

    I am at a loss – and I am not trying to bump or anything like that – but I have sent a MGTools log previously- because that is about all I can do…please help
     
    william02812, Aug 21, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Where and who have you been working on this problem? I can see you have been using some specialty tools like Avenger before coming here. These are not tools you should be using on your own and you should never use fixes that were given to another person.

    I strongly advise you to cleanup your Desktop. Remove eveything but links to run programs. Do not download and save programs here and defintely do not use it for long term storage. You need to keep ComboFix.exe here for now as we need it, but we will be removing it when we are finished with your cleanup. A cluttered Desktop is malware's playground and it can also cause performance degradation.


    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    Now try to run SUPERAntiSpyware, Malwarebytes and ComboFix per the cleaning instructions.

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\avenger.txt
    • the logs from SUPERAntiSpyware, Malwarebytes and ComboFix if they ran
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Aug 25, 2009
    #5
  6. william02812

    william02812 Private E-2

    I have been mostly reading the forums on this site that are similarly related to the problems I am having – I downloaded avenger because I thought I might need it.

    Yes, I do have a large amount of files on my desktop; I am in the process of backing them up on a portable drive.

    I have downloaded avenger and ran the script – everything ran fine. I did the fixme.reg , and everything seemed to go well.

    I ran SUPERantispyware, and it found 21 tracking cookies and on reboot I was not able to get the program to work again….but this morning I was able to get a log.

    Malwarebytes and combo fix ran with no problems – as did Cleaner and mgtools.bat

    I have attached the log files for avenger, superantispyware, malwarebytes, and mglogs.zip

    Thank you for your help
     

    Attached Files:

    william02812, Aug 26, 2009
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    We have a little more to do.


    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator ) Make sure you let it finish running. Last time it appears you stopped it before it was finished. It will tell you when it is finished.
    Now attach the below log:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Aug 29, 2009
    #7
  8. william02812

    william02812 Private E-2

    Things seem to be running a little better....firefox browser is still slow to load...I have attached my logs - missing some program icons?

    Thank you for your help
     

    Attached Files:

    william02812, Aug 31, 2009
    #8
  9. william02812

    william02812 Private E-2

    I have not gotten any news about my log files...any luck with them? - I just needed to check back in, it has been a week and a half....I am still having problems, after the last logs I sent you

    thanks
     
    william02812, Sep 4, 2009
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    I guess you did not read all the links you were given including this one: Don't Bump! It Only Hurts You!!!

    This post cost you at least 7 more days since the message with your last logs was probably just about to be answered after working its way thru the queue. You put yourself all the way back to end of the work queue when you posted this.

    Firefox is always slow to load up the first time. And the more plugins/addons you add, the slower is loads.

    I don't know what you are referring to.

    Your logs are clean, but you do need to uninstall Viewpoint Media Player as requested in the READ & RUN ME.
     
    chaslang, Sep 8, 2009
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds