Won't let me run any removal. please help

Download and save the below to your PC (save it anywhere you can find it. The Desktop is fine). Then double click on it to run it.

AVPFind.bat

It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the avplog.txt file that is will hopefully be created on your Desktop as long as the malware does not block the batch file from running. (See: HOW TO: Attach Items To Your Post)

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator


You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

1. Rkill.exe
2. Rkill.com
3. Rkill.scr
4. Rkill.pif

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.

If you are having problems running Rkill, you can download iExplore.exe or eXplorer.exe, which are renamed copies of Rkill.com, and try them instead.

* If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run then try to immediately run the following.

Now download and Run exeHelper from Raktor

• Please download exeHelper to your desktop.
• Double-click on exeHelper.com to run the fix.
• A black window should pop up, press any key to close once the fix is completed.
• A log file named log.txt will be created in the directory where you ran exeHelper.com
• Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

If you already have them installed, be sure to update Malwarebytes and SUPERAntiSpyware before the scan!

Now run this: Using Malwarebytes Anti-Malware

Now run this: SUPERAntiSpyware - running & getting a log

Now run this: Using MGtools



Now you need to attach (See: HOW TO: Attach Items To Your Post ) the below logs created while running the above scans

• exeHelper log
• Malwarebytes Anti-Malware log
• MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.

 

Just reply when you have finished those set of instructions and have the logs.

 

Now download The Avenger by Swandog46 to your Desktop.

See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif
Extract avenger.exe from the Zip file and save it to your desktop.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

1. Run avenger.exe by double-clicking on it.
2. Click OK at the warning to continue to use The Avenger
3. Do not change any of the check box options!
4. Shut down your protection software now to avoid possible conflicts.
5. Copy everything in the Quote box below, and paste it into the Input script here: part of The Avenger
   
6. Now click the http://img33.imageshack.us/img33/9159/executeavenger.jpg button
7. Click Yes to the prompt to confirm you want to execute.
8. Click Yes to the Reboot now? question that will appear when The Avenger finishes running.
9. Your PC should reboot, if not, reboot it yourself.
10. A log file from The Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot.
11. Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

Now see if you can run the other scans, including combofix.exe

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below log:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Uninstall both SAS and MBAM, run CCleaner and then reinstall them both and see if they will now run.

Use windows explorer to find and delete:
C:\Documents and Settings\dalyt\Templates\75pg32uc86hns2rqtr4c

Use add/remove programs to uninstall:
Java(TM) 6 Update 17

Reboot and download and install:
Java Runtime 7

Tell me how things are running now.

 

The infection was a ZeroAccess infection. globalroot\systemroot\system32\mswsock.dll was in the first logs. ComboFix and Avenger have help to fix part of this.

The permissions on many files have been changed and will need to be restored.

 

I didn't see that in the logs. Where and which log?

 

Now we need to reset the permissions altered by the malware on some files.

• Download this tool and save it to your Desktop: Inherit.exe
• It must be in your Desktop or the below fix will not work!

Now run the C:\MGtools\FixPerm.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Now see if you can run scans with Malwarebytes and SUPERAntiSpyware.

 

The first procdll.txt

 

No worry. We'll still be here when you are ready.

 

Go ahead and install Java 7. Is the excel the only program you are having issues with? If you right click it and choose properties, can you reset the permissions?

 

You are most welcome.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
     
     
   
   
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
   
   
10. After doing the above, you should work thru the below link:
    
    • How to Protect yourself from malware!

Malware removal from a National Chain = $149
Malware removal from MajorGeeks = $0

Help Support MajorGeeks
Buy Discounted Software @ Majorgeeks Store. Giveaways Too!

Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

MajorGeeks on FaceBook

 

You're welcome. Safe surfing.