Help Please and problem MG Tools showing as Trojan?

Discussion in 'Malware Help (A Specialist Will Reply)' started by mladyraven, Sep 13, 2013.

  1. mladyraven

    mladyraven Corporal

    Have been having issues for a week now, browsers crashing, computer freezing, certain sites unable to open, the icon just keeps spinning and spinning without ever opening.

    I started to do a few scans and then thought I better use the malware forum.
    So, I have two files on two of the scans, one before major geeks and the other after.
    I downloaded MG Tools from the page and got this message
    Whoa!
    Are you sure you want to go there?
    http://forums.majorgeeks.com/chaslang/files/MGtool... may be risky to visit.

    Why were you redirected to this page?

    When we visited this site, we found it exhibited one or more risky behaviors.
    McAfee SiteAvisor. Red!
    I was not concerned at first, however, when I did one of the scans it came up with a Trojan on the desktop.
    I cannot go any further at this time so I am posting what I have and will then will take action after I get more information from whomever looks at this.
    Thank you for your time.
    Dell Inspiron Desktop
    Window 7 64 bit
    The ones I did before coming to major geeks today are either the first file or say before major geeks. I followed all instructions once I got to the site.
     

    Attached Files:

    mladyraven, Sep 13, 2013
    #1
  2. mladyraven

    mladyraven Corporal

    Last of the files I had to upload. Will wait to hear about MG tools and if I should finish the cleaning once you have looked at my files.
    Thank you
    raven
     

    Attached Files:

    Last edited: Sep 13, 2013
    mladyraven, Sep 13, 2013
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Obviously your protection software is wrong. You need to download and run MGtools as requested.
     
    chaslang, Sep 13, 2013
    #3
  4. mladyraven

    mladyraven Corporal

    Hitman says it is a Trojan. I did download it, I did try to run it. I am having a challenge getting it to work and I was not sure if there was something wrong with it.

    I am 68. I teach myself how to work on the computer and come for help and to read and learn. I have been off the computer for awhile I was very ill.

    I will attach what I got , however, I have run this program before and know it is not running the way it used to. I followed ALL the steps you have to before you run it and the other programs.
    If you could please tell me what my next step would be to make MG Tools work. I got it from the C drive and I ran it as admin.
    Thank you
    Raven
    PS please ck the Hitman file it is calling MG Tools malware. I tried to add the file again but the site would not let me. I don't know what the next step is.
     

    Attached Files:

    mladyraven, Sep 14, 2013
    #4
  5. mladyraven

    mladyraven Corporal

     

    Attached Files:

    mladyraven, Sep 14, 2013
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes Hitman Pro does say MGtools.exe is malware but it is completely incorrect. It will say the same thing for many other scan tools too. Many scanners/protection software will say things like this due to the type operations MGtools performs in scanning your file system and registry. MGtools could easily say the same about these other tools for the exact same reasons but we know better! ;) This is part of the reason we tell you not to fix anything with Hitman Pro and RogueKiller. There are many false detections.

    But you were not supposed to be uploading this anyway. You should only be looking for and uploading he MGlogs.zip file from C:\ or from your Desktop or the C:\MGtools\MGlogsR.zip ( only rxists when C:\MGlogs.zip fails to create).

    Yes this is what the instructions tell you to attach.;)

    I will be deleting all of the below from your Desktop now:
    C:\Users\Nicole\Desktop\GetUnKey.txt
    C:\Users\Nicole\Desktop\MGlogs
    C:\Users\Nicole\Desktop\MGtools
    C:\Users\Nicole\Desktop\MGtools (1).exe
    C:\Users\Nicole\Desktop\MGtools.exe

    Uninstall the below program. If you do not find it or it will not uninstall, just keep going.
    Search Protect by conduit

    Please download OTM by Old Timer and save it to your Desktop.
    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe
:Files
C:\ProgramData\Conduit
C:\Program Files (x86)\Conduit
C:\Program Files (x86)\GUMB1C1.tmp
C:\Program Files (x86)\GUTB1C2.tmp
C:\SetACL.exe
C:\subinacl.exe
C:\TDSSKiller*.*
C:\ProgramData\Conduit
C:\Program Files (x86)\SearchProtect
C:\Users\Nicole\AppData\Roaming\SearchProtect
C:\Users\Nicole\AppData\Local\Conduit
C:\Users\Nicole\AppData\LocalLow\Conduit
C:\Program Files (x86)\LinkSwift
C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bt8xd3ix.default\CT3310511
C:\Users\Nicole\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx
C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bt8xd3ix.default\searchplugins\MyStart Search.xml
C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\bt8xd3ix.default\searchplugins\conduit.xml
C:\Windows\tasks\ReclaimerUpdateFiles_Nicole.job
C:\Windows\tasks\ReclaimerUpdateXML_Nicole.job
C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Nicole.job
C:\Users\Nicole\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*.*
C:\Users\Nicole\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\*.*
C:\Users\Nicole\Desktop\MGlogs
C:\Users\Nicole\Desktop\MGtools
C:\Users\Nicole\Desktop\MGtools (1).exe
C:\Users\Nicole\Desktop\MGtools.exe
C:\Users\Nicole\AppData\Local\Temp\*.*
:Reg
[-HKEY_USERS\S-1-5-21-3059927136-4257225899-107717202-1000\Software\AppDataLow\Software\SmartBar]
[-HKEY_USERS\S-1-5-21-3059927136-4257225899-107717202-1000\Software\Conduit]
[-HKEY_USERS\S-1-5-21-3059927136-4257225899-107717202-1000\Software\Softonic]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{33D4D02F-31F7-4B4C-873E-A73E19F9ADD7}"
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6DE478B8-93F8-4BC2-83EE-883380B33CA3}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{39DB012E-8860-4A7C-9CED-FC1BCCD48336}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{373A8D4D-90F9-4B4E-826C-F6483C44082C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"=-
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.

    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the JRT.TXTlog
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Sep 14, 2013
    #6
  7. mladyraven

    mladyraven Corporal

    Yes, that's why I after I did Hitman ( before I came to the malware site last night) and it said a bunch of items were Trojan's I got concerned and realized I better check in before I really mess stuff up.
    I want to check something before I go any further
    To find the logs in C
    I go to computer C open and then when I find the file I bring it to the desktop and then attach to the post? Is there a better way to do this? Sorry I know this is a dumb question, however, I had trouble finding logs that do not go to the desk top and attaching them and want to do it correctly.
    I just down everything you said to when I do my scans including my antivirus program and my malware software.
    Thank you so much for your help. Greatly appreciated. I will work on the computer once I get your go ahead. I will check back tonight after the grandchildren area asleep. They are all here helping me while I am sick..:) Thanks
     
    Last edited by a moderator: Sep 14, 2013
    mladyraven, Sep 14, 2013
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes just browse to the files in the Manage Attachments window. See the instructions in the link given in the READ & RUN ME which I will repost here:

    (See: HOW TO: Attach Items To Your Post )
     
    chaslang, Sep 14, 2013
    #8
  9. mladyraven

    mladyraven Corporal

    Search Protect by conduit - uninstalled.
    Please download OTM by Old Timer and save it to your Desktop.
    Done followed instructions. Did not find log in C , however, I found it on the desktop. There was no log in the C directory. That log will be first attachment.
    Have attached all logs- followed instructions, rebooted when asked to.
    Hopefully I have done it right this time..;)
    Thank you.
     

    Attached Files:

    mladyraven, Sep 15, 2013
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes it is in the directory noted too. I can see the below file in your logs. ;)

    Code:
    71,822 2013-09-15 19:11:40  C:\_OTM\MovedFiles\09152013_120925.log
    Your logs are clean.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    9. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Sep 15, 2013
    #10
  11. mladyraven

    mladyraven Corporal

    Hmm, you could see it, so clearly I am not going into the right place. I do not know how to get to the registry or the files that go there. I went to my computer, then clicked on C and then it opened up , however, I did not see the file you mentioned.
    So, not exactly sure how to do this, I just sent you the zip file I found. The computer seems to be working better. It is not crashing , however, I need to do you final steps. Sorry to be a bother, however, I want to do them correctly.
    Question. I am using MSSE for my antivirus. I had been using McAfee, however,it was having problems working with my Win 7 and was so buggy that I switched. Should I go back to McAfee? Or stay with what I am using? I am using Iobit free antimalware is that OK. Or do I need to save up for something better next month?
    Again thank you for all your time. It seems site advisor was giving me all kinds of wrong malware messages. :(
     
    mladyraven, Sep 15, 2013
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    As stated, it is not in the C:\ folder. It is in the C:\_OTM\MovedFiles folder which you can navigate to by double clicking the _OTM folder and then the MovedFiles folder. Or you can just copy and past the C:\_OTM\MovedFiles into the address bar and hit enter.

    If you had problems with McAfee, why would you want to go back to it?


    It is not one of my favorites and I don't like the junkware they will install unless you opt out during installation and possibly during updates. It you want an additional layer of antispyware protection on top of MSE then I would suggest purchasing Malwarebytes.
     
    chaslang, Sep 16, 2013
    #12
  13. mladyraven

    mladyraven Corporal

    Thanks, I found the right folder a few hours after I wrote to you. I was able to fix everything, and follow the rest of your instructions.

    I was thinking re McAfee that the problems with it had been fixed and that it was now working with Win 7 , that they had fixed the problems, however, I don't know if that is true. However, it comes free from with my internet service provider so I considered it.
    I will save up and try to buy Malwarebytes next month when my disability check comes in.

    I read all of the how to keep your computer clean and I am just not sure if what I have on my computer is enough.

    Iobit- I opted out of all the junk when downloading. I am sometimes confused when it asks whether to block or allow something ...
    However, that program is the one that first found the Trojan, before any of my other programs. Which is the reason I started the cleaning using Major Geeks protocol.

    I want to thank you for you time! I truly appreciate it. The computer is working beautifully!

    You guys are the best! And very patient!!!






    Iobit- It is not one of my favorites and I don't like the junkware they will install unless you opt out during installation and possibly during updates. It you want an additional layer of antispyware protection on top of MSE then I would suggest purchasing .
     
    mladyraven, Sep 24, 2013
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Make sure that you have completed my final instructions from a few messages ago.
     
    chaslang, Sep 24, 2013
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds