Another classic Malware attack...

Welcome to Major Geeks!


Please see the instructions again. You need to ATTACH all of the logs we requested which were:

• SUPERAntiSpyware
• Malwarebytes
• ComboFix - Note you ran ComboFix from G:\ComboFix.exe It must be on your Desktop
• RootRepeal
• MGtools - which is the C:\MGlogs.zip file and nothing else. This should not have been run before ComboFix. And also note that you must not be using MSconfig to control startups! You must put your PC into Normal Startup mode before running MGtools.

We did not ask for a HijackThis log and you must attach logs.
(See: HOW TO: Attach Items To Your Post ) ( Or View: How to Attach Items to Your Posts)

Also you need to tell us what problems you are having?

 

You only attached one (Combofix) of the requested logs. Please read my instructions again and attach the logs I asked for.

Also as stated in the instructions, you MUST run MGtools.exe from the C: drive not from the G drive like you did. And ComboFix.exe MUST be put on your Desktop for possible future use. It should not be on the G drive either.

 

Okay let me repeat this again. You must run MSConfig and select Normal Startup as I stated previously and as stated in the READ & RUN ME. Do this right now. Do not continue until you do this. Reboot your PC after changing this setting.


No please answer the below questions:

1. How many antivirus programs do you have installed? I see signs of Avira, AVG, Comodo, Kaspersky, Norton, and perhaps others. Which ones are currently installed? Do not install anymore.
2. Is your only problem that you cannot uninstall programs?

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

After clicking Fix, exit HJT.

Now download The Avenger by Swandog46, and save it to your Desktop.

See the download links under this icon http://www.majorgeeks.com/images/dll.gif

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

1. Go to Start ==> Run (or Windows key+R)
   • Type the following in the run box and click OK: notepad c:\windows\inf\nettcpip.inf
     (note that there is space after notepad)
   • The above file will open in the notepad.
   • Under TCP/IP Primary Install section find the following: Characteristics = 0xA0
   • Edit 0xA0 and replace it with 0x80 (replace A with 8)
   • Under File menu click Save and close the notepad.
2. Go to Start ==> Control Panel. Double-click Network Connections. Right-click Local Area Connection, and select Properties.
   • On the General tab, click Install a popup window opens.
   • Select Protocol from the list and then click Add.
   • A new window opens, click Have Disk....
   • In the browse... box type c:\windows\inf
     
   • Click OK.
   • Select Internet Protocol (TCP/IP), and then click OK.
   • On the Local Area Connection Properties screen select Internet Protocol (TCP/IP) and click Uninstall, and then click Yes.
   • Wait until it asks to restart, and then restart as requested. Continue with the below after restarting.
3. Go to Start ==> Run (or Windows key+R)
   • Type the following in the run box and click OK: notepad c:\windows\inf\nettcpip.inf
     (note that there is space after notepad)
   • A file opens in the notepad. Under TCP/IP Primary Install section find the following: Characteristics = 0x80
   • Edit 0x80 and replace it with 0xA0 (replace 8 with A)
   • Under File menu click Save and close the notepad.
4. Go to Start ==> Control Panel. Double-click Network Connections. Right-click Local Area Connection, and select Properties.
   • On the General tab, click Install
   • A popup window opens. Select Protocol.
   • A new popup window opens. Select Internet Protocol (TCP/IP), and then click OK.
   • Wait until it asks to restart, and then restart as requested. Continue with the below after restarting.
5. After restart please run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).
6. 
   Then attach the below logs:
   • the avenger.txt log
   • C:\MGlogs.zip