Having trouble with Browsers

Hi there and welcome.

No, I do not wish to see a log from ccleaner as one was not requested. Only attach what our procedures require.

1. You neglected to attach one of the most important logs, that being: C:\Mglogs.zip from running MGTools.exe.

Also...


2. Important Notice: A new version of SUPERAntiSpyware is available.

• Please uninstall your current version (this is necessary).
• Then download this SUPERAntiSpyware
• Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
• After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
• Now run a new full scan of your system. And attach this log later.

3. Please also open up Malware Bytes > update > re scan > fix all it finds and attach the requested log.

4. You have combofix running from inside a directory which it should not be. You need to take it out of the folder and place it directly on your desktop as requested in the instructions.

So to summarise:

• Attach the logs from both MBAM and SAS
• Ensure combofix is on your desktop
• Attach the Mglogs.zip.

And then I can build a complete fix for you.

 

OK. I will be here waiting

 

You're not entirely out of the woods just yet.

1. Please disable BitTorrent from running at start up whilst I am helping you remove malware! Thankyou

2. I see that you are using avg 8.5. The latest version is 9, so you can either upgrade to that or opt for a different anti-virus. Either way this is something to do after we have finished malware removal.

3. Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix exit HJT.

4. Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:

Code:

KILLALL::

DirLook::
c:\program files\schtml

File::
c:\program files\skynet.dat
C:\Your PC Protector.lnk
C:\horj.exe
C:\ojjw.exe
C:\dqccpnq.exe
c:\windows\system32\lukopijo.dll
c:\windows\system32\vusiluya.dll
c:\documents and settings\Owner\Start Menu\Programs\Startup\AntiVirus Plus.lnk
c:\documents and settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
  http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
  
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

5. You are using an outdated version of MGTools.exe. I do not understand why as we always host the latest version and if you followed the R&R correctly you would already have it and not this old one.

Please do this:

Now go to this link Using MGTools and download the new version of MGtools.exe using the black bold print link in the first sentence. Overwrite your previous MGtools.exe file with this one.

6. Run the new MGTools.exe and attach the C:\Mglogs.zip that it creates (Before we continue I would like for you to ensure that MGTools.exe is indeed directly on your C Drive and not in any other location, such as the below like you had it running from before.

7. Attach the log from combofix and MGTools into your next reply.

8. Let me know how the computer is behaving now.

 

Not familiar with logmein, but you can certainly try yes I have done similar through TeamViewer I believe it was.

 

And describe to me in more detail exactly what's wrong?

1. You didn't disable BitTorrent from running at start up as requested. Please do this before we continue.


2. Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:

Code:

KILLALL::

Folder::
c:\program files\schtm
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=-
"AntiVirus Plus"=-
"SansaDispatch"=-
"TomTomHOME.exe"=-
"Aim6"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"C-Media Mixer"=-
"SunJavaUpdateSched"=-
"QuickTime Task"=-
"KernelFaultCheck"=-
"WinampAgent"=-
"Adobe ARM"=-
"tokogariyo"=-

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
  http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
  
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

3. Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Combofix.

Let us know of any problems you may have encountered with the above instructions and also tell me exactly what's wrong with the machine now.

 

Yes wait until you can get there and run the procedures again. You can stay in this thread. Or have your son himself run the procedures. The he may well see what's involved and not be tempted to download willy nilly off the net

 

If he cannot even log in then this then becomes a software problem. You can post in software and receive assistance until you are in a fit state to run logs again. Then start a new thread in malware removal