´fonts´folder assaulted

Welcome to Major Geeks!

The READ & RUN ME does not ask for a HijackThis log. We don't require separate HijackThis logs because it is embedded into the MGtools procedure. This way it is installed and run properly.


Now Disable Spybot's TeaTimer as requested in the READ & RUN ME

• Run Spybot and click Mode
• Select Advanced Mode.
• Then click Tools and select Resident.
• Now in the right window pane, uncheck TeaTimer.
• Also while this is open, in the left column now select IE Tweaks
• and then in the right pane make sure all the Miscellaneous locks are unchecked.
• Now quit Spybot!

I strongly recommend the you remove all the below files from your C:\Program Files folder and that you stop saving files here. This folder should be used only for the installed programs not the files you download inorder to install the programs. Save your downloads in appropriately named folders for the Downloads. (Ex: C:\Downloads\Antivirus or C:\Downloads\Antispyware....etc)

Code:

"C:\Program Files\"
a2free~1.exe  28 Dec 2007    21263712  "a2FreeSetup.exe"
antiho~1.msi  24 Dec 2007     3536384  "AntiHookWorkstationSetup30.msi"
aswclnr.exe   27 Dec 2007      407680  "aswclnr.exe"
aswclnr.log   27 Dec 2007        2002  "aswclnr.log"
avgas-~1.exe  28 Dec 2007    12413440  "avgas-setup-7.5.1.43.exe"
ccsetu~1.exe  28 Dec 2007      662824  "ccsetup203_slim.exe"
dcsetup.exe   28 Dec 2007      372204  "dcsetup.exe"
hjtins~1.exe  24 Dec 2007      812344  "HJTInstall.exe"
mcafee~1.zip  24 Dec 2007     1721043  "McafeeRootkitDetective.zip"
moveonb.exe   23 Dec 2007      610232  "moveonb.exe"
ms2200fr.exe  28 Dec 2007     7099542  "ms2200fr.exe"
mvtapp.exe    24 Dec 2007      260976  "mvtapp.exe"
quickt~1.exe  15 Nov 2007    21321008  "QuickTimeInstaller.exe"
spybot~1.exe  29 Dec 2007     7467056  "spybotsd15.exe"
supera~1.exe  24 Dec 2007     5797152  "SUPERAntiSpyware.exe"
trojan~1.exe  24 Dec 2007    14463048  "TrojanHunterSetup.exe"

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\Anthony\Local Settings\Temp


Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Make sure you tell me how things are working now!

 

Your logs are clean. I believe your questions will be answer by the below.


If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN
   • Now type combofix /u in the runbox and click OK.
   • Note: The space between the X and the U, it must be there.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
7. If we had you run Avenger, you can delete all files related to Avenger now.
8. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
9. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
10. If you are running Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely!

HNY!