This should be a quick one..

Discussion in 'Malware Help (A Specialist Will Reply)' started by p45cal, Jun 8, 2015.

  1. p45cal

    p45cal Private E-2

    My brother was almost successfully scammed by someone calling him and posing as a Microsoft Technical Assistant. He allowed them to gain access to the computer using TeamViewer (they had him install the desktop version but TeamViewer had already been installed by me - so references in the logs to TeamViewer could be legit).
    When he was asked for money, he got suspicious and rang me and I suggested he immediately cut the power to the computer, which he did.. and that's how it is now, with me scanning it in case malware was put on to it.
    The various scans seemed to be pretty much all clear, but here are the logs anyway.
    I'd be grateful if you'd have a peep please.
    regards, p45cal.

    (mgtools log in next post)
     

    Attached Files:

    p45cal, Jun 8, 2015
    #1
  2. p45cal

    p45cal Private E-2

    ..and the mgtools log.
     

    Attached Files:

    p45cal, Jun 8, 2015
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Those logs are clean :)



    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

    7. After doing the above, you should work thru the below link:
     
    Kestrel13!, Jun 9, 2015
    #3
  4. p45cal

    p45cal Private E-2

    Thank you very much!
    but…
    there's been a development and I've been in a minor panic:
    While checking the computer out, about an hour ago, I got an incoming Teamviewer remote control session (different Teamviewer ID but same IP address) and the mouse started doing its own thing. I stopped Teamviewer and disconnected from the internet (I'd forgotten that TeamViewer started with Windows on a reboot and he must have given himself access rights the previous time he was connected). He was on for 36 seconds. I'm worried he may have used a batch file or some such to do things - know anyone good with Teamviwer logs?

    Can you confirm that I should start again? :(

    I'm so sorry about this.

    ps. in all these scans, are changes to the MBR flagged?
     
    p45cal, Jun 9, 2015
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Disable TeamViewer from running at start up or uninstall it completely. Re do all the malware removal instructions and attach all of the requested logs. I will check if any malware is present.

    MBR is fine from what I can see....
     
    Kestrel13!, Jun 9, 2015
    #5
  6. p45cal

    p45cal Private E-2

    Right, I disabled Teamviewer (even after doing that I looked in the running Services and it was still running, so I end tasked it but still I didn't trust my machine to be connected to the internet so did the scans again using the downloads and updates I did less than 24 hours ago (it meant running one of the scans a little differently as per the instructions) and I attach the logs.

    I await your advice! Thanks.

    ps if all clear, should I repeat them while connected to the internet before I finish up?
     

    Attached Files:

    p45cal, Jun 9, 2015
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    No, not seeing any malware in those logs. :) If you wish to further discuss anything relating to TeamViewer I would post about it in the software forum.
     
    Kestrel13!, Jun 10, 2015
    #7
  8. p45cal

    p45cal Private E-2

    Thank you.
    I'll have a search of the forum.
    In the meantime, is it worth my doing a third set of scans while on the internet before moving on to the final steps?
     
    p45cal, Jun 10, 2015
    #8
  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    If you wish we can do that no problem. :)
     
    Kestrel13!, Jun 10, 2015
    #9
  10. p45cal

    p45cal Private E-2

    So here we are:
    Thanks,
    p45cal
     

    Attached Files:

    p45cal, Jun 11, 2015
    #10
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    The logs are clean. :) You can follow final steps.
     
    Kestrel13!, Jun 11, 2015
    #11
  12. p45cal

    p45cal Private E-2

    Thank you very much!
     
    p45cal, Jun 12, 2015
    #12
  13. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Most welcome. Safe surfing ;)
     
    Kestrel13!, Jun 12, 2015
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds