Am I Infected

Hi,

I have followed all the info before posting in here and carried out the requests of what to turn on, turn off, etc.

I have been given a laptop by a mate who said 'can I help, I think it has a virus'. It is his daughters laptop. I had a quick look and used it for a couple of days to see if it has any issues, but to be honest I can't find anything really wrong with it. The Avast antivirus seemed to be turned off but that came back ok.

I have run all the 5 malware checkers as requested and have the posts attached. Could someone please take a look at the logs to verify whether or not this laptop has an infection. It is a Dell Inspiron 1545, running Win Vista Home Basic.

Kind regards

viral

 

Last attachment with this post

Kind regards

viral

 

Hi and welcome to Major Geeks, viral!

http://img205.imageshack.us/img205/4783/regeditb.gif Attached is regfix.zip

• Inside is regfix.reg
• Extract regfix.reg onto your desktop
• Double-click regfix.reg to allow it to merge into the registry
• Let me know if this was successful or not.

The rest of your logs look fine.

If the regfix merged successfully, you can follow these cleanup steps:

__

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

Be safe

 

Hi Thisisu,

Thanks for thre quick response. Good to know that the rest of the logs were clean.

I ran your regfix, which worked sucessfully. I have uninstalled ComboFix, re-enable Disk Emulation and re-enabled UAC.

Everytime I try to go into Control Panel I get a Microsoft Visual C++ Runtime Libary pop-up message box. Within it it says 'This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information .'

After hitting Ok I then get a Microsoft Windows pop-up message box. Within this it says 'Windows Explorer has stopped working. Windows is checking for a solution to the problem.'

This will disappear followed by another pop-up message box saying 'Windows Explorer is restarting'.

The desktop then clears and about 3 seconds later comes back again.

I have carried out your instructions up to and including No.8; I have not yet done 9 and 10, nor have I yet re-enabled Avast.

Do you have any idea what is causing this. I have also noticed an iTunes Helper pop-up message box after bootup each time that says 'iTunesHelper was not installed correctly. Please re-install iTunes. Error 7'.

Any advice you can offer on this would be greatly appreciated. Thanks in advance.

viral

 

It's not an error I have seen before but after some research it could be a corrupt installation of Visual C++ (See below)

• Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
• Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
• Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
• Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
• Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
• Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

For troubleshooting purposes I would uninstall each of the above, and then only install this one: Microsoft Visual C++ 2010 Redistributable Package (x86)

Another thing I would do is upgrade to Vista SP2 and Internet Explorer 8. See: Windows6.0-KB948465-X86.exe and IE8-WindowsVista-x86-ENU.exe

You are currently using Vista SP1 and Internet Explorer 7.

Last not but not least, it could be an issue with Software you have installed. I am not sure which one though. Questions like these would be better suited for the Software forum.

Good luck and be safe !

 

Hi thisisu,

Thanks for your help so far. I have done all that you specified apart from install Vista SP2. The laptop now seems to boot without bringing up errors.

The reason for not installing SP2 is that the machine refuses to do it; it gets all the way through to 100%, reboots, and then says 'Installation was not successful - Error Code E_Fail(0x80004005)' and proceeds to uninstall. I will post this error in the software section to see if anyone can help.

Thanks again

Kind regards

viral

 

You're welcome