Vista AntiVirus keeps loading

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Plank Melody, May 18, 2011.

  1. Plank Melody

    Plank Melody Private E-2

    I couldn't get the RootRepeal to run, kept crashing my system I tried twice..

    I was directed to website that had mp3s.. and when I downloaded the Vista AntiVirus kept popping up and I pretty much knew I had contracted a malware..

    After all these steps, I still have the red shield and the pop up..
     

    Attached Files:

    Plank Melody, May 18, 2011
    #1
  2. Plank Melody

    Plank Melody Private E-2

    and the Combo fix.. Should I try the RootRepeal again and record the Blue screen error?

    Is the Combofix.txt attached?
     
    Last edited: May 18, 2011
    Plank Melody, May 18, 2011
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not seeing it in your logs. You can use windows explorer to find and delete:
    C:\Users\David\AppData\Local\{04274B56-24DF-4764-BE9B-FA946DD3FEED}
    C:\Users\David\AppData\Local\{082785AC-3C20-42D9-A69F-BA6B884C3819}
    C:\Users\David\AppData\Local\{1F085FCD-DB5C-45B8-8070-A535408B56ED}
    C:\Users\David\AppData\Local\{1F3B8931-5010-4BB2-B581-D281C04956B1}
    C:\Users\David\AppData\Local\{3814662C-FF3D-4090-A2B6-BE8068D4D764}
    C:\Users\David\AppData\Local\{3DE7FA3F-BD92-43D5-ABA3-A9B24A09BCED}
    C:\Users\David\AppData\Local\{4275E7AB-84BB-44A8-AC0A-47291DBC5B21}
    C:\Users\David\AppData\Local\{5BC49D49-BC21-428F-AA55-2DE42C2D8E74}
    C:\Users\David\AppData\Local\{6D1F8C61-439C-4A72-A2BF-4544F9CA17DE}
    C:\Users\David\AppData\Local\{6E84BDF8-4890-4ABC-B8FE-C73BE86903BC}
    C:\Users\David\AppData\Local\{88D4360F-E2A6-49CA-AF92-B915562AC5F0}
    C:\Users\David\AppData\Local\{8E15BA39-F5B2-49A0-A525-5ABC6BF0AAF1}
    C:\Users\David\AppData\Local\{9BAD16CE-D29B-4AC4-9369-63E0B791E7F5}
    C:\Users\David\AppData\Local\{B6FB5D9D-CFC0-44E2-AA08-9A1D1350B031}
    C:\Users\David\AppData\Local\{CA8F4672-7E27-4AB0-97A6-606BD0CC7692}
    C:\Users\David\AppData\Local\{D6DE5FA0-9F06-4795-A421-F99BBF6A1F62}
    C:\Users\David\AppData\Local\{E1EA4305-67ED-463A-AA52-8368F0DEC7DC}
    C:\Users\David\AppData\Local\{F030DAA0-7E8B-4E60-8E9A-4218AB80D9F9}
    C:\Users\David\AppData\Local\{FE0A8249-9D1B-4AC1-BA74-D9B9D8F830F1}

    Tell me what is happening.
     
    TimW, May 18, 2011
    #3
  4. Plank Melody

    Plank Melody Private E-2

    I'm getting two pop up, one is the Windows Security Center, and Firewall (Off), Malware protection (Check Settings) and Other security settings (Check Settings) are highlighted in red, and Automatic updating is on..

    Has been wanting me to upgrade with a pop up to Vista antivirus claiming had 26 infections..

    I found the Read and do these steps first, and have posted with the logs, but have been just waiting .. haven't rebooted or anything..

    and I deleted those files..
     
    Plank Melody, May 18, 2011
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, May 18, 2011
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Also run this and attach the results for TimW

    I want you to run TDSSKiller so refer to the below for how to do so.

    TDSSkiller - How to run
     
    Kestrel13!, May 18, 2011
    #6
  7. Plank Melody

    Plank Melody Private E-2

    C:\MGtools\Process.exe Win32/PrcView application cleaned by deleting - quarantined
    C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\78fcee10-456ef6ce multiple threats deleted - quarantined
    C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\ef079c2-763b3729 a variant of Win32/Kryptik.NVE trojan cleaned by deleting - quarantined
    C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\69f9b7e3-27d62572 multiple threats deleted - quarantined
    C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\780405ea-3bf73f01 multiple threats deleted - quarantined
    C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-172e4456 multiple threats deleted - quarantined
    C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\384ba27d-38b975b3 multiple threats deleted - quarantined
    C:\Users\David\AppData\Roaming\OpenCandy\OpenCandy_C79B4B8D0CE74072AF6214E4A4B3C498\registrybooster(2).exe a variant of Win32/RegistryBooster application deleted - quarantined
    C:\Users\David\Downloads\winamp5581_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined
     

    Attached Files:

    Plank Melody, May 18, 2011
    #7
  8. Plank Melody

    Plank Melody Private E-2

    k, will do running now..
     
    Plank Melody, May 18, 2011
    #8
  9. Plank Melody

    Plank Melody Private E-2

    k, here's the log for boot sectors and drives also tried reattaching teh combofix..
     

    Attached Files:

    Plank Melody, May 18, 2011
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Are you still getting the pop ups? If so, please run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).Make sure that you watch for the license agreement for TrendMicro HijackThis and click on the Accept button TWICE to accept ( yes twice ).

    Then attach the below logs:

    * C:\MGlogs.zip
     
    TimW, May 19, 2011
    #10
  11. Plank Melody

    Plank Melody Private E-2

    I have the Red shield in the tray (as previously described in a below post), but I don't seem to be getting the vista antivirus pop up upgrade request..

    Ran MSLogs.bat .. attached the file..
     

    Attached Files:

    Plank Melody, May 19, 2011
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your red shield is telling you to install your AV software. Your logs are clean. You do need to uninstall your old version of Java:
    Java(TM) SE Runtime Environment 6 Update 1
    Reboot and download and install:
    Java Runtime 6

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:


    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0

    Help Support MajorGeeks
    Buy Discounted Software @ Majorgeeks Store. Giveaways Too!

    Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

    MajorGeeks on FaceBook
     
    TimW, May 19, 2011
    #12
  13. Plank Melody

    Plank Melody Private E-2

    Thanks TimW so much :)
     
    Plank Melody, May 19, 2011
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. Safe surfing. :)
     
    TimW, May 19, 2011
    #14
  15. Plank Melody

    Plank Melody Private E-2

    Didn't see HiJack This in add/remove .. Did a partition search also only found the log..
     
    Plank Melody, May 19, 2011
    #15
  16. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Don't worry about it. :)
     
    Kestrel13!, May 19, 2011
    #16

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds