Zynga removed, now programs don't load

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by simrick, Jul 2, 2011.

  1. simrick

    simrick Private E-2

    Hi. I've got a Dell 1545 W7SP1-64bit system with 4GB RAM and a 320GB hard drive that's only about 20% full. My friend was complaining of slowness, and asked for a tune-up. Upon running MBAM, I found parts of Vundo and a Zynga Toolbar installation, both of which have been removed. MBAM comes up clean. SuperAntiSpyware finds nothing now, and Avast! AV is protecting the system now.

    Here is my problem. I tried to uninstall Zynga through the uninstall program function in Ccleaner, and got an error that it could not be found. I then went to the UNWISE.EXE in the Zynga program folder and uninstalled it that way. I did a complete uninstall. Now, most of the programs on the computer won't start - the links are broke, the programs are unregistered.

    I've reinstalled MBAM, SAS, Ccleaner; repaired Windows Live Mail and MSOffice. All settings, logs, contacts, emails and other info are there, once I get the programs working. But, I don't have disks for every program on the machine (Roxio, MSWorks - factory pre-installed, etc.). Is there a way for me to re-register the programs? They still show up in the installed programs list.

    Thanks for your help!
     
    simrick, Jul 2, 2011
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm sorry but this is not a malware problem. I suggest that you try doing a system restore to before you started making changes and see if that helps.

    Zynga is just an unwanted toolbar that many people have installed without knowing it. It is not really malware.
     
    chaslang, Jul 2, 2011
    #2
  3. simrick

    simrick Private E-2

    yes, but system restore will bring back the Vundo infection (?)
     
    simrick, Jul 2, 2011
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Possibly, but it is easy to clean. Just don't do things on your own. Follow our instructions in the below:

    READ & RUN ME FIRST. Malware Removal Guide
     
    chaslang, Jul 2, 2011
    #4
  5. simrick

    simrick Private E-2

    Well, the restore point I set before cleaning is gone. Evidently W7 restore points are huge. The system was set to max amount of space for restore points, but it was gone in less than 2 days, and there are only 4 restore points total. So now I am re-installing every program that was affected.

    MBAM had removed the Vundo easily enough, but the Zynga would not uninstall - it was like it had most of the programs running in its own shell. A hijack was identified by either MBAM or SAS (I can't remember which); I've seen alot on the web about problems uninstalling Zynga and some refer to it as hijackware. What a pain. Some programs I don't know how to reinstall (like MSWorks), so we'll just have to do without them, I guess.

    Silverlight is a problem though. It shows in Programs and Features as a Windows Update but the "uninstall" feature is not available, nothing using Silverlight will work, but it won't install because it says it's already installed. Ccleaner doesn't find anything in the registry about it....not sure how to handle this one. Any ideas? Thanks.
     
    simrick, Jul 4, 2011
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Not likely. Zynga does not do this. It is just an undesirable program/toolbar for gaming that frequently installs without some people knowing it. It does not do what you are saying nor is it really known to be that malicious. Something else happened.

    If you don't follow our instructions and attach ALL of the logs we asked for, there is nothing we can do for you except send you to the Software Forum to try and help you with your software issues. It's possible you uninstalled or removed more than you think. Many many programs ( legit ones ) use the unwise program to install/uninstall.

    How do you know programs are unregistered. Did you try directly running the programs without using a link? What message do you get? Perhaps they problem is not what you think. Could it be that files, folders and links have been set to hidden?
     
    chaslang, Jul 4, 2011
    #6
  7. simrick

    simrick Private E-2

    When I tried to run some programs, the links would be missing. When I ran ccleaner registry eval, lots of issues would be identified for those programs. The unwise I used was in the Zynga folder, so I assumed this was for that program only(?). I have attached the files you requested. I did not run RootRepeal, as this is a 64-bit system. Thanks very much for your help!
     

    Attached Files:

    simrick, Jul 5, 2011
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not run ComboFix but I don't think we need it since your logs are basically clean. Please attach the below two logs from Malwarebytes so we can see what was found during those scans:

    C:\Users\Daniel\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\SUPERAntiSpyware Scan Log - 06-30-2011 - 23-41-32.lo
    C:\Users\Daniel\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\SUPERAntiSpyware Scan Log - 07-05-2011 - 19-30-37.log


    Also please download and save the below tool from Grinler @ bleepingcomputer to your Desktop or anywhere else you can find it ( if the Desktop is not showing )

    http://download.bleepingcomputer.com/grinler/unhide.exe

    Now run it.
     
    chaslang, Jul 6, 2011
    #8
  9. simrick

    simrick Private E-2

    Hi Chaslang.
    No, I didn't run Combofix, as I think the instructions said to download, but not run unless asked to.

    I am attaching the log files. Not sure if you're wanting MBAM or SAS, so I am attaching both.

    Grinler has been run. "Your files are now visible..."

    Thanks!
     

    Attached Files:

    simrick, Jul 7, 2011
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay those logs just showed mywebsearch and funwebproducts junk being removed. This is just nuisance adware stuff. There has been no real malware in any of your logs. Not sure what happen with Zynga but we have remove it hundreds of times without any incident. If you are still having problems, I suggest that you write up the specific details and post them in a thread in the Software Forum.


    Since you do appear to be having malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Jul 7, 2011
    #10
  11. simrick

    simrick Private E-2

    Hi. Thanks very much for having a look for me. I did want to mention, that the first scan with MBAM found something called Searchscopes-Trojan.Vundo, but appears to be resolved.

    I very much appreciate your help! Maybe I will head on over to the software forum if I can't get the balance of the programs working, or if the computer seems unstable.

    Thanks again.
     
    simrick, Jul 7, 2011
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Jul 7, 2011
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds