malware issues

Hi.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

• O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
• O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
• O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

After clicking Fix exit HJT.



Delete these:

• C:\Documents and Settings\HP_Administrator\Application Data\Search Settings
• C:\Program Files\Common Files\Spigot

Give Ccleaner a run, not the reg scanner, just the cleaner itself to be rid of some temp files.



Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
• Now select the Start Repairs tab.
• The click the Start button.
• Create a System Restore point if prompted.
• On the next screen, click the Unselect All button to first deselect all repairs.
• Now select the following repair options:
  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Repair Windows Firewall
  • Remove Policies Set By Infections
  • Repair Winsock & DNS Cache
  • Repair Proxy Settings
  • Repair Windows Updates
  • Set Windows Services To Default Startup
• Now on the lower right side check the box to Restart/Shutdown System When Finished
• Then make sure the Restart System radio button is enabled.
• Shutdown any other programs that you are running now before continuing.
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• It should reboot automatically when finished.

After reboot, check to see if your firewall is working.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

 

You are most welcome. The logs look good. Ready for final steps?

 

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
   
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
   
   
7. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

What Spigot file exactly? :confused

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

 

Well I'm not seeing anything else spigot related.

What happens when you try to update Windows? Any error messages? This may be topic for the software forum though.

 

What happens when you go to start > all programs > Windows Update and try that way? :confused

 

If you keep installing too many protection programs, nothing is going to work.

• You have 3 antivirus programs install
  • Microsoft Security Client
  • Privatefirewall 7.0
  • AVAST
• You have 4 antispyware protection programs installed
  • Microsoft Security Client
  • Privatefirewall 7.0
  • AVAST
  • IObit Malware Fighter

I suggest that you recover from this mess by uninstalling ALL of them right now include uninstalling this too Advanced SystemCare 7. In fact, all of the below are from IObit and should be removed to recover from this mess.


Advanced SystemCare 7
Driver Booster
IObit Apps Toolbar v8.4
IObit Malware Fighter
IObit Uninstaller
Smart Defrag 2
Surfing Protection

You need to uninstall all of them to hopefully fix the chaos cause by installing all of these.


Then reboot your PC.

After reboot and before reinstalling anything, check if Windows Update works. Make sure that you have not block Windows Update in your firewall. If Windows Update works then pick one and only one Antivirus and antispyware program protection and install it.

 

Avira or Avast are fine as are several others. You must have caused some issues due to too many being installed and it wound up blocking Windows Update. PrivacyFirewall is a better firewall than the Windows firewall so you could use it but I do not add back all the IObit stuff on top of this. In reality Privacy can probably run along side Avast of Avira even though Privacy has anti-virus-spyware-malware protection due to the fact that it is more in the firewall realm.

I suggest running the below though so we can check to make sure everything was cleaned up.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file

 

You're e welcome. Looks good so onto final instructions again.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
9. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
   • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore​
   • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
   • Then we want you to Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!