Words of Thanks

Discussion in 'Malware Help (A Specialist Will Reply)' started by homes4you, Apr 24, 2007.

  1. homes4you

    homes4you Private E-2

    After viewing many posts and not finding a discription of the specific browser hijacker that had me ("asafetywarning.com"), I went to the "basic cleaning procedure" section of your site. There I downloaded all the cleaning tools recommended and the instructions and followed them as well as possible.
    I was not able to use getrunkey or shownew as a message kept popping up saying that I had to follow the installation instructions in order to use these. Anyway... The hijacker is gone and my pc seems to be working GREAT. Thanks a million MG. :D
     
    homes4you, Apr 24, 2007
    #1
  2. homes4you

    homes4you Private E-2

    What I should have said is that I got the help from the "Read and run me first" section. Question: should I be concerned that I did not use the getrunkey and shownew software? confused
     
    homes4you, Apr 24, 2007
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    I'm happy to hear you got your problems resolved.

    No! It just means that you did not follow the directions as the messages were telling you. It means you did not extract all the files file the ZIP file or that you were trying to run the GetRunKey.bat and ShowNew.bat files from inside of the ZIP file. The directions clearly state this will not work.
     
    chaslang, Apr 24, 2007
    #3
  4. homes4you

    homes4you Private E-2

    In a folder named C:\My Documents\utilities is the getrunkey.zip folder. In the same subdirectory (utilities) is the folder that was created to unzip the getrunkey files. In that folder are the following files, grep.exe, Itime.exe, locate.com, and Getrunkey.bat. Also in that folder is the patch for windows 2000, w2kfiles.exe. When I attempt to run the getrunkey.bat file it opens a dos type window and says that my operatiing system is not supported.

    I get similar results with shownew.bat

    Where am I missing the mark? :)
     
    homes4you, Apr 25, 2007
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay so I therefore assume that your OS is Windows 2000. First the w2kfiles patch does not belong in this folder. Did you need the patch? If so, where did you extract the files from the patch too.

    Please do exactly the below:
    • create a folder named C:\MGtools
    • put the below files and only the below files into C:\MGtools
      • GetRunKey.bat
      • ShowNew.bat
      • grep.exe
      • Itime.exe
      • locate.com
    • now click Start, Run and enter cmd and click OK! This will open a command prompt window.
    • In the command prompt window, enter the below commands.
      • cd C:\MGtools
      • dir > c:\filelist.txt
      • env >> c:\filelist.txt
      • ver >> c:\filelist.txt
      • GetRunKey.bat
    • what happened when you ran the above.
    • now in the same command prompt window, enter the below commands.
      • ShowNew.bat
    • what happened when you ran the above
    Now come back here and attach the C:\filelist.txt log that was created while doing the above.
     
    chaslang, Apr 25, 2007
    #5
  6. homes4you

    homes4you Private E-2

    Ok the w2kfiles patch is extracted to the winnt\system32 folder. It seemed to default to that location.

    I have created the mgtools folder and placed the files there that you ask for. I have entered the Mgtools folder via the cmd prompt and ran the dir command. The results of that command are: directory of c:\ 04/28/2007 10:19a
    540 filelist.txt,
    1 file(s) 540 bytes,
    0 Dir(s) 13,069,245,440 bytes free.

    The system says that 'env' is not recognized as an internal or external command, operable program or batch file.

    the ver command provides the following results, c:\filelist.txt Microsoft Windows 2000 [Version 5.00.2195]


    When running The getrunkey.bat I get the following information, 'reg' is not recognized as an internal or external command, operable program or batch file. Below that it says,
    c:\xtmpsysccs.txt
    c:\xtmpsyscs1.txt
    c:\xtmpsyscs2.txt

    1 file copied.

    Bad command or file name, your OS is unsupported. all finished getting run keys the logfile is in c:\runkeys.txt.

    The runkeys.txt folder does not appear to exist even though I have unchecked hidden folders in the folder options window of explorer.

    When I attempt to run shownew.bat the system says that it is a bad command or file name and that My OS is not supported.

    These are all the results that I can find at this time, tell me what else you need?
     
    homes4you, Apr 27, 2007
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please do not post logs inline. Please attach the files as requested with their full contents.

    You are not in the correct folder if the above is the result you got! In addition, you also could not have been at a C:\ prompt. It would appear that you did not do the cd C:\MGtools command . Make sure you are running the commands exactly as written. For example the dir command was dir > c:\filelist.txt It is not dir C:\filelist.txt


    Sorry about that! Use the set command, not env.

    Normal for your Windows 2000 OS.

    Now this is nor correct and your Windows 2000 OS is supported. For reference purposes, what you should see in the command prompt window once GetRunKey has completed properly is below. However USERNAME will be your user account name.
    Also the output from the dir command should look similar to below if you are in the correct folder and all the files are there:
    Code:
     C:\MGtools>dir
 Volume in drive C has no label.
 Volume Serial Number is 9CB1-BECF
 Directory of C:\MGtools
04/27/2007  07:04p      <DIR>          .
04/27/2007  07:04p      <DIR>          ..
04/22/2007  10:38p              62,762 GetRunKey.bat
04/14/2003  01:00a              80,412 grep.exe
01/13/2005  10:41p              11,254 locate.com
10/28/1986  12:51p              13,184 ltime.exe
04/09/2007  12:13a              49,556 ShowNew.bat
               5 File(s)        217,168 bytes
               2 Dir(s)   2,834,325,504 bytes free
    runkeys.txt is not a folder. It is a file and it would be located in the root folder of drive C. In other words the full file path would be C:\runkeys.txt However, the file is not being created on your PC due to the program being aborted.


    From the command prompt window, what do you get if you just type find and hit enter.


    Download the attached GRK.zip file and extract the contents (GRK.bat) to the C:\MGtools folder. Now run GRK.bat. Attach the c:\runkeys.txt log that I'm assuming it will create.
     

    Attached Files:

    • GRK.zip
      File size:
      8.9 KB
      Views:
      2
    Last edited: Apr 30, 2007
    chaslang, Apr 27, 2007
    #7
  8. homes4you

    homes4you Private E-2

    Well, I'm trying, Here's how I'm getting to the command prompt and what I am seeing there. I click start then run and then type in cmd and click ok. There opens a dos window with the following line showing, C:\Doucments and Settings\default> . From there, I type in cd c:\ and hit enter. then I type in cd c:\mgtools and hit enter. then I see C:\mgtools> From there when I type in dir I get the contents that you specified in your last post.

    In that same c:\mgtools folder when I type in dir > c:\filelist.txt and hit enter I get nothing. I get the same results with set >> c:\filelist.txt and ver >> c:\filelist.txt

    When I type in find at the command prompt, I get "find: Parameter format not correct"

    After downloading the grk.bak file and extracting to the c:\mgtools> folder I am able to provide you with the attached files.

    Also attached is the newfiles.txt file that I found from April 28th.

    Thanks for your attention, I hope this helps!
     

    Attached Files:

    homes4you, Apr 30, 2007
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You were not supposed to see anything. You were just supposed to run the commands and then attach te c:\filelist.txt file here. The output from the commands was being put into that file.

    Please delete two files you mistakenly created

    C:\MGtools\cd
    C:\MGtools\dir


    Please run is the below:

    In the command prompt window, enter the below commands.
    • cd C:\MGtools
    • dir > c:\filelist.txt
    • set >> c:\filelist.txt
    • ver >> c:\filelist.txt
    Now attach the c:\filelist.txt file here.
     
    chaslang, Apr 30, 2007
    #9
  10. homes4you

    homes4you Private E-2

    I don't believe that I have the two files you spoke of. I have looked both at the command prompt and in windows explorer and found no files called mgtools\cd or mgtools\dir. Anyway, the text file you asked for is attached. Thanks a Bunch
     

    Attached Files:

    homes4you, May 1, 2007
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There were in your newfiles.txt log in message # 8. Look for youself. Now they are gone. I guess you had already deleted them.


    Please download the attached OStest.zip file and extract the OStest.bat file to the C:\MGtools folder.

    The open a command prompt windows and get into the MGtools folder by running the cd C:\MGtools command. Then enter the below command:

    OStest.bat

    Tell me what message you receive.


    Question: I assume that you are not having any malware problems and that we are just trying to find out why the original unmodified GetRunKey.bat would not run on your PC when it runs on all others. In fact I'm on a Windows 2000 PC right now and it runs find without and modifications.
     
    chaslang, May 1, 2007
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds