Hackers from China? Remote Access on My Computer Enabled

Note: You do not need to keep making MGlogs1.zip, MGlogs2.zip ...etc. In fact I don't want you to do this. Each time I have you run either MGtools.exe or the GetLogs.bat file, the ZIP file is automatically update with new logs. Also all of the below folders should not exist either. I will be deleting all of these in my next fix.

Code:

MGTOOLS2      Dec 23 2010              "MGtools2"
MGTOOLS3      Dec 25 2010              "MGtools3"
MGTOOLS4      Dec 25 2010              "MGtools4"

You will make final cleanup more difficult by making files that we do not ask for.

Okay we made some progress. Now let's take care of some additional unnecessary items.

First iTunes! Earlier said you don't need it ( basically you said your iPod was brokem ), if this is true, then uninstall iTunes to get rid of the service related to it.

• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now! How is your startup time?

 

Kestrel13! was only referring to renaming the original MGtools.exe file to see if that would help you to get it to run.

Just skip the uninstall of iTunes and continue; however, you may need to reinstall it to fix the problems you were having anyway, but that is a topic for the Software Forum not the Malware Forum. Actually we are not even currently working on removal of any malware either.

 

This error just happens sometimes when using Avenger.

Your PC went into hibernation mode. You can post about this in the Software Forum if you need help, but you just need to change your power settings by right clicking on the Desktop and select Properties and then the Screen Saver tab. The select the Power button in the Monitor Power area and change it to what you want. If you don't want it to go into standby or hibernation then change the setting to Never. NOTE: You can also quickly get to Power Options from within Control Panel

Happy Birthday but this is also not a malware issue. Please post this and any other malware issues in the Software Forum. I'm sorry but we need to finish up as you have no malware problems and we are spending too much time on many things just related to normal windows operations. Dr Watson is a Windows program that runs when you have applications that crash or hang. This is a normal Windows function.

Because you never got Kaspersky fully uninstalled and components of it are still registered in Windows Security Center. You could see this in the ComboFix log you posted much earlier, but since you don't seem to be able to run ComboFix, we cannot easily fix it. Either way, not a malware problem and it will go away when you make Norton your firewall again.

We are finished with all the non-malware tweaks. I suggest that you do the below and after finishing all of the below, reinstall your Norton security suite and get a router installed in your setup.



If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Not related to what we were doing.

Yes! Anything that does not actually install ( like MGtools, ComboFix, RootRepeal, registry patches.... etc can simply be deleted. We provide you with commands for ComboFix and MGtools (MGclean.bat) to help ease the cleanup.

On the contrary, Suninacl is installed. See Windows Resource Kit Tools - SubInAcl.exe in Add/Remove Progams. However you should keep this tool as it could be useful in the future as it provides many helpful features. It is not running/using any system resource other than a small amount of disk space. The Reset.Cmd file can be deleted as it was just a script to make the resetting of the permissions easier.

Neither of these showed in your logs so we cannot specifically comment on what you were seeing. If you are really correct that it was for Wild Tangent and Viewpoint Media then yes you could delete them since you don't have them installed.

We don't advocate using regsistry cleaning which is why the READ & RUN ME specifically states just to clean the temp files with CCleaner. It can be dangerous to just remove everything shown by a registry cleaner as a problem. In many many cases they are not problems. If you want to manually select INDIVIDUAL items that you are sure have been removed then you can do so but make sure you do make the registry backup that it requests.

Malwarebytes did not find any malware. It only showed the uninstall.exe file in your root folder which was there from some program you installed at some time and some how managed to get the files into your root folder like you did with SUPERAntiSpyware. In fact it is likely that this was just from SUPERAntiSpyware just like the uninstall.dat file.

You're welcome. Surf safely!

 

Well after the uninstall/reinstall, it may have needed to perform a lot of updates. Hopefully after this initial time it is not so bad.

You don't need wireless for the firewall to work. The firewall is there for all connections to the router. My point earlier about wireless is that you would then have the ability to added things that can use wireless. Like a laptop, an iPhone, iPad, Kindle, etc and they all would benefit from the routers firewall too. The firewall should be enabled by default. You can find additional info in their user guide on setting up the wireless network for security ( like SSID ) in the future when/if you need wireless. Until that time, you can just disable the wireless feature to avoid having an unsecured wireless signal. These are things you can talk about in our Networking Forum when you need to.'

By the way, online users guides and other info for this router are here: http://homesupport.cisco.com/en-us/wireless/linksys/E2000 but you should have received this with the router.