exe file disassociation problem please help

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by cadyer, Jul 31, 2011.

  1. cadyer

    cadyer Private E-2

    I have been having an exe file disassociation problem for about 2 weeks now. I have performed your suggested steps from another post - rkill.exe, avpfind.bat, exehelper.com. I ran the superspywarescan as suggested and it found some cookies and two trojan items in the temp folder. I deleted, rebooted and then attempted the mgtools.exe but that wouldn't run. I restarted in safe mode with networking and did the whole process over again, except for the online scan as I couldn't get to the internet. No connection. Anyway I went ahead and ran the mgtools from there and I am attaching the log here to see if anyone can tell me what to do. I'd prefer not to blow my drive away and reformat if at all possible. Thanks for your help and advice.
     

    Attached Files:

    cadyer, Jul 31, 2011
    #1
  2. cadyer

    cadyer Private E-2

    Update - in normal mode I was able to get online and when I ran the superantispyware scan it found the following AGAIN!

    Trojan.Agent/Gen-IExplorer[Fake] - 4 incidents, previous scan onlyfound 1
    Trojan.Agent/Gen-PEC - 4 incidents, previous scan only found 1

    So this thing is multiplying after each reboot it appears. Thanks again for any help to get rid of these things and advice on how to protect myself in the future.

    PS my son uses my computer for runescape - I thought that was a safe thing but if its not please let me know and I'll make sure that ceases!
     
    cadyer, Jul 31, 2011
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please use add/remove programs to uninstall:
    Conduit Engine

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now use windows explorer to find and delete:
    C:\Documents and Settings\Cher\Local Settings\Temp\3698391322485140.tmp
    C:\Documents and Settings\Cher\Local Settings\Temp\4017103072486015.tmp
    C:\Documents and Settings\Cher\Local Settings\Temp\41530318192489343.tmp

    Now go HERE and scroll down to the exe file fix.

    Now please run and attach the logs for:
    SAS
    MBAM
    RootRepeal --- If it runs
    ComboFix

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below log:

    • C:\MGlogs.zip
     
    TimW, Jul 31, 2011
    #3
  4. cadyer

    cadyer Private E-2

    analyse.exe did not find the two files that you mentioned. The regedit was successful. SAS and MBAM did not find anything this time around but the logs are attached anyway. I have not rebooted as yet so I don't know if the problem is fixed yet. Also, I can't seem to locate the SAS log file. Thanks.
     

    Attached Files:

    cadyer, Jul 31, 2011
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not finding any malware in your logs. Did you apply the exe fix I linked you to? Tell me what issues you are still having, if any.
     
    TimW, Aug 1, 2011
    #5
  6. cadyer

    cadyer Private E-2

    So far so good! Thanks so much for your help.:)
     
    cadyer, Aug 1, 2011
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know and you are most welcome.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:


    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0

    Help Support MajorGeeks
    Buy Discounted Software @ Majorgeeks Store. Giveaways Too!

    Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

    MajorGeeks on FaceBook
     
    TimW, Aug 2, 2011
    #7
  8. cadyer

    cadyer Private E-2

    Since our last modifications I'm still having some issues. I've done scans and found nothing but programs won't start up after a reboot. After a while programs will start but the pc has to sit for some time - maybe an hour or so. It appears that something is going on in the background that is stopping exe files from working. That's just my amateur opinion. I've run CCleaner and that didn't help. Everything loads in the system tray normally, Avast, Comodo etc. but no programs will load. The hourglass appears for a few seconds and then disappears. Any ideas will be appreciated. Thanks.
     
    cadyer, Aug 13, 2011
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Download the latest version of MGtools and save it to your root folder. Then run the exe file and attach the resultant C:\MGLogs.zip.
     
    TimW, Aug 13, 2011
    #9
  10. cadyer

    cadyer Private E-2

    I've attached the log. I turned off Avast and Comodo and while the scan was running I was getting some errors that "access is denied" to certain files. I hit ignore each time. I ran the scan again and didn't get those errors the next time. The log attached is the one from the last run without the errors.
     

    Attached Files:

    cadyer, Aug 13, 2011
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I need the C:\MGLogs.zip.
     
    TimW, Aug 13, 2011
    #11
  12. cadyer

    cadyer Private E-2

    Sorry - had to look at your original post to remind myself what to do. Also had to keep rebooting until the exe file would run but anyway - here it is. Thanks for your help. Honestly I'm just about ready to reformat and start over but I haven't done that in a while and I'm not really sure how to do that with my XP disc. The disc is not the original that came with the pc. But that's for another thread.
     

    Attached Files:

    cadyer, Aug 13, 2011
    #12
  13. cadyer

    cadyer Private E-2

    I seem to be having better performance when Comodo is disabled. Do you think that might be part of the problem?
     
    cadyer, Aug 13, 2011
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Since I am not seeing any specific malware issues, it very well may be Comodo. Some systems have trouble with it. I suggest you uninstall it and see how the system runs then. Let me know.

    Also, you need to run CCLeaner to remove some temp files.
     
    TimW, Aug 14, 2011
    #14
  15. cadyer

    cadyer Private E-2

    Thanks. I'm going to do just that because now that I think about it I started having issues after I installed it. Not right away or I'd have made the connection - it seemed to have taken a couple of weeks before issues started. Thanks again.
     
    cadyer, Aug 14, 2011
    #15
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let me know what happens. ;)
     
    TimW, Aug 14, 2011
    #16
  17. cadyer

    cadyer Private E-2

    So far so good - I uninstalled, rebooted and BAM - everything works! No hangups! I have my router secure and I use Avast so do I really need a firewall? I activated windows firewall even though I know its about as good as a three dollar bill. I might try another one from the list in the thread but I'll wait awhile.
     
    cadyer, Aug 14, 2011
    #17
  18. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know. You might wish to ask for advice on a good firewall in the software forum since you definitely don't want Comodo.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:


    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0

    Help Support MajorGeeks
    Buy Discounted Software @ Majorgeeks Store. Giveaways Too!

    Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

    MajorGeeks on FaceBook
     
    TimW, Aug 14, 2011
    #18

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds