Possible malware / virus with logs

Discussion in 'Malware Help (A Specialist Will Reply)' started by tozer9, Aug 5, 2012.

  1. tozer9

    tozer9 Private E-2

    My parents PC is not responding to double clicks on the desktop, AVG is not updating (getting a General Error at the end of an Update). Search and Destroy is missing it's uninstall.dat file. Things are much slower than normal.

    I've ran through the steps to follow and have attached logs.

    Also, when running the Malware Bytes install I got an error but the install completed and the scan finished: (error below)
    CoCreateInstance failed; code 0x80040154.
    Class not registered.

    When trying to upgrade Malware Bytes through Malware the application supposedly installed but, asked to reboot but upon logging back on no shortcuts were found. Malware Bytes did not seem to work until I ran the install suggested by MG.

    Uninstall of AVG does not seem to work from the Start -> Program Files -> AVG 2011 as I wanted to reinstall 2012 as I suspect there is something infecting this PC.

    Thanks,
    Joel
     

    Attached Files:

    tozer9, Aug 5, 2012
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    The version of Spybot and AVG that are installed are out of date anyway. You should uninstall them and install current versions AFTER doing the below.

    Uninstall the below old versions of software:
    Java(TM) 6 Update 21

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
    O2 - BHO: (no name) - {053F9267-DC04-4294-A72C-58F732D338C0} - (no file)

    After clicking Fix, exit HJT.

    Rescan with HitmanPro
    • When it finds services.exe - Virus, allow it to Replace by clicking the down arrow next to the detection and choosing Replace.
    • Leave any other detections alone (Ignore them).
    • Afterwards, click the Next button.
    • HitmanPro may want to reboot the PC in order for the changes to take affect, please do so.
    • After reboot and when you are back in Windows, run another scan with HitmanPro and then attach the latest hitmanpro.zip log See: HOW TO: Attach Items To Your Post.
    Then run RogueKiller and run a scan. After it finishes the scan, select the Registry tab and then select any of the below that exist and then click the Delete button.

    Then immediately reboot your PC.

    After reboot, run a new scan with RogueKiller and save a log as in original instructions and attach the new log.
    Now install the current version of Sun Java from: Sun Java Runtime Environment

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the new RogueKiller log
    • C:\MGlogs.zip
    How are things working now?
     
    chaslang, Aug 5, 2012
    #2
  3. tozer9

    tozer9 Private E-2

    I had to re-register the msiexec.exe app to be able to uninstall Java. The MSCONFIG key had been removed from the registry as well, I added that back.

    I ran through the steps on MGTools\analyse.exe to remove the two BHOs mentioned.

    HitmanPro did not find a services.exe - Virus, so I continued on in the steps.

    I ran Rogue Killer and deleted the SUSP PATH entry rebooted and the post reboot log is included.

    I ran MGtools\GetLogs.bat and attached that log as well.

    Java install completed successfully.

    I'm going to uninstall AVG and Spybot and reinstall AVG 2012. Would you recommend AVG 2012 or another free product? Parents are used to AVG so unless there are some obvious issues, I'd like to stay with it for their convenience.

    Thanks for your help so far.
     

    Attached Files:

    tozer9, Aug 6, 2012
    #3
  4. tozer9

    tozer9 Private E-2

    Hi,

    Some reg issues on this PC as well. msiexec.exe was not registered anymore, neither was msconfig. I had to resolve the msiexec issue in order to uninstall Java.

    Followed the steps as you described, removed the BHOs mentioned.

    There was no mention of a services.exe - virus so I carried onwards to the next steps.

    Ran Rogue Killer and deleted the SUSP PATH item.

    Ran Rogue Killer again.

    Reinstalled an updated version of Java JRE, and ran the GetLogs.bat file.

    Both logs attached. Still having issues where I cannot double click on desktop icons to start the app, I have to right click and select Open.

    Thanks for your help so far,

    Joel
     

    Attached Files:

    tozer9, Aug 6, 2012
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Aug 7, 2012
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds