Finished all the "Read Me First" Items..What next?

Discussion in 'Malware Help (A Specialist Will Reply)' started by d76dots, Feb 19, 2010.

  1. d76dots

    d76dots Private E-2

    I've finished all of the read me first things. I can't seem to find the files from the MGTools though..I did run it though.
    I have a Compaq Presario 6000 that runs Windows XP Home Edition. I started having problems about a month or so ago and didn't realize what was going on with the google search. I'd try to search something and it would take me to something completely different. One of my first mistakes was to ignore it. Next I started getting some pop up things even though I had them blocked. Then I got messages saying I had a trojan horse and to click to fix it...I didn't do that though and it finally "woke me up" that there was something really wrong. I left on vacation to come back to a computer that was totally taken over and I couldn't use anything..it was all frozen and even my desk top was taken over. After running all the things you suggested and following it all to a "T", it seems that it may be fixed...but I'm not sure and I'm afraid to not have it looked at by you (and could you please tell me where I got this thing or things from so I can try to stop it from happening again?) Thanks for your help!
    I have Zone Alarm for my firewall...the free version and I have AVG for my anti-virus. I do have Ad-aware and spy bot loaded and run them at different times. I try to keep my temp folder emptied as much as possible also and run the defrag about monthly or every 2 months. I know my computer is considered old, but I would like to try to retrieve my files and pictures from it but don't want to do that while there is something wrong with it. I now have my son's "old" laptop that I will begin using, which is newer and I think better than this desktop. I guess I'll see.
    I will attach the logs I have and if you tell me how to find the MGlogs, I'll attach it too.
    Thanks again for looking this over and helping me figure out what to do next. As you can see I know some things about computers.
    Thanks!
    Debbie
     

    Attached Files:

    d76dots, Feb 19, 2010
    #1
  2. d76dots

    d76dots Private E-2

    Here is the last of the logs.
    Thanks!
     

    Attached Files:

    d76dots, Feb 19, 2010
    #2
  3. d76dots

    d76dots Private E-2

    Sorry...I finally got the search to work on my computer and now I found the Zip file for what I couldn't find before. I've now attached it.
    You're great!
    Thanks again!
    Debbie
     

    Attached Files:

    d76dots, Feb 19, 2010
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Combo shows that you are running two AV programs:

    Let's just do this:

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

Driver::
jmtuaqfyu

File::
c:\windows\TEMP\labjiesuhqtld.sys
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the prvevious file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Feb 20, 2010
    #4
  5. d76dots

    d76dots Private E-2

    Ok, I did what you wanted me to do with running the ComboFix and MGtools (I thought I turned off the Zone Alarm and AVG anti-virus the first time, but I did it again this time...but with the Combo Fix, as it was scanning, it quit part of the way through and rebooted the computer and then ran the scan again. When it rebooted, it started up all my Zone Alarm and AVG again and I quit them as they came up, but I think the scan was running already...not sure). As of right now, I have my wall paper back. My Internet Explorer does not work, but Mozilla does. There have been no messages popping up that I have any virus or trojan horse yet, either.
    Does this mean I'm ok now? If so, how do you think I got this stuff to begin with?

    I hope I did it right and sent the right things.
    Thanks again!
    Debbie
     

    Attached Files:

    d76dots, Feb 20, 2010
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What I was pointing out was that you have TWO anti-virus programs running, so either remove the Zone Alarm virus part of it or uninstall AVG.

    I also suggest that if you have multiple users on this computer, you create user accounts for each one, but make the limited accounts. Use those accounts for web surfing and everyday tasks.

    I want you to do this:

    Please use add/remove programs to uninstall:
    Ocucom PreCast 1.4 --> uses system resources with out much benefit.
    I would also suggest you uninstall Ad-Aware as it is pretty useless these days as well.

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

DirLook::
c:\windows\4E8390903B68436AB3CFA2A08C38DD26.TMP

File::
C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
C:\WINDOWS\Tasks\Registration reminder 1.job
C:\WINDOWS\Tasks\Registration reminder 2.job
C:\WINDOWS\Tasks\Registration reminder 3.job
C:\WINDOWS\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the prvevious file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    You may need to uninstall IE and after a reboot, reinstall it.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Feb 21, 2010
    #6
  7. d76dots

    d76dots Private E-2

    Ok, here we go....I thought the Zone Alarm was only my firewall and AVG was anti-virus. I'm not sure which is better, so for now I just got rid of the AVG. Please let me know your opinion on this, thanks!

    I also removed the Ad-aware and the Ocucom that you suggested.

    In the past there was 4 users on my home computer (this one); however, the kids are grown and gone and my husband uses his laptop all the time so it's just me on this computer. I have 3 different email addresses and use one for emails, one for my surfing, and the other I use for surveys that I do. I've not gotten rid of the other account names because we don't remember the passwords for them..they've not been used in quite awhile now.

    ComboFix.exe is downloaded to my desktop and I followed the instructions you gave for doing that part of the program (saving the txt into notebook and dragging over to ComboFix.exe on my desktop..I followed prompts and saved log to my desktop also). I turned off the Zone Alarm before doing it; however, the program did reboot my computer again while running so I had to turn it off again after the reboot. It did not ask me to uninstall IE8 that I have on my computer (I was going to just go ahead and uninstall it before running everything; however, when I clicked to uninstall, it gave me a message saying that many items I have on my computer will not work properly if I do this because they were all downloaded with IE, so I left it alone).

    Next I ran the C:\MGtools\Getlogs.bat file. I have the log saved and I'll be attaching both of the above logs to this message.

    So far the computer seems to be running good. Since the start up is in normal mode (not sure I'm using the right term for this...but where everything loads and I didn't use the MSconfig settings), it does take quite awhile to get everything loaded. There are some things that I'd like not to load upon start up, but other than MSconfig, I'm not sure how to stop them.

    Thank you so much for all of your help!
    p.s. I have no need for AIM. I don't use it at all (the kids did); however, I can't find anything under add/remove to get rid of it. I also have Blubster on my add/remove list and when I try to uninstall it, it says I can't because a file is missing? Any help with these matters would be appreciated also.

    Thanks again!
    Debbie
     

    Attached Files:

    d76dots, Feb 23, 2010
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I was referring to user accounts, not email accounts. But if you are the only one using the computer, then it is not an issue.
    I did not have Combo set to remove IE8, what I was referring to, was if you were having problems with IE browser, to try uninstalling it ( yes, you will get that warning pop up but just allow it) and then after a running of CCleaner, reinstall it.

    We will stop a few now, but in the future, you can use this:
    Startup_CPL
    any questions you have regarding this program, please post in the software forum.
    You can try running CCleaner to try to remove those ( AIM and Blubster) items.

    Now, you should see about adding a gig of RAM to your system, this is partly why it is slow:
    Code:
    Total Physical Memory    768.50 MB    
Available Physical Memory    349.62 MB
    . 1 GB would help immensely.

    Finally, copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to tahe cleaning procedures ian step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
      a
    9. After doing the above, you should work thru the below link:
     
    TimW, Feb 23, 2010
    #8
  9. d76dots

    d76dots Private E-2

    Let me start with such thanks! I think whatever I had is all gone now and the computer seems to be running well...much better than it has for a long time.

    I'm not sure if I can add anymore memory to my computer. It's old (Compaq 6020US) and I've added some once already. I'm not sure if there is another place to plug in more or not.

    Since my IE8 wasn't running at all, I did uninstall it and run the CCleaner (when I did this, it did not remove AIM or Blubster though). I then reinstalled IE8 and it still is not running. I get an error message saying "Internet Explorer cannot display the webpage".

    I did the REGEDIT4 thing and got a message saying it was successful.

    I kept the SUPERAntiSpyware and Malwarebytes Anti-Malware and got rid of everything else. I then disabled the system restore and re-enabled it.

    I will load the Startup CPL to manage my start up things this weekend and I will also follow the instructions in step 9 to see what else I should be doing to stop Malware.

    I think I've done all the things you covered for me to do. If not, please let me know.

    Thanks for getting my computer running better. Any suggestions on how to get IE8 running now? Should I uninstall it again and try to install all over again?

    I also would like your thoughts on Zone Alarm vs. AVG...which do you feel is better to run?:confused
     
    d76dots, Feb 24, 2010
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You can go to crucial.com and have them auto scan your system to tell you how much your computer will support.

    I would uninstall IE8 once more, and after a reboot, you should have IE7 to try to run. If that still doesn't work, you need to post in the software forum for that issue.

    Both ZoneAlarm and AVG are pretty resource heavy. Again, you may wish to post in software to get other opinions on the best and lightest AV and or firewall programs people prefer.
     
    TimW, Feb 25, 2010
    #10
  11. d76dots

    d76dots Private E-2

    Tim,
    Thanks for all of your help! My computer is up and running way better than it has for a very long time. I will do the program for start up and will check in on the software forum on how to do all of that too. Thanks again...you're great!
     
    d76dots, Mar 6, 2010
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. Safe surfing. :)
     
    TimW, Mar 7, 2010
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds