Anti malware software won't load

Discussion in 'Malware Help (A Specialist Will Reply)' started by pamo619, Jan 16, 2010.

  1. pamo619

    pamo619 Private E-2

    Hello,
    Thank you in advance for any assistance you can provide as I'm pretty stuck at this point, and I know you all are always very helpful. I'm sorry for the long post, but I'm hoping that being thorough helps...
    About 2 weeks ago I clicked on a link that took me to some site that I tried to immediately close out of (too late). After that, my Symantec Anti Virus detected a Trojan which I had to manually remove (in safe mode) because Symantec wasn't deleting it.
    Now, I cannot update my Anti Virus, and it will not autoprotect. I also cannot load any of the Anti-Malware software. (I'm running WindowsXP Home if it matters). Also, when I run a general search engine search and click on a link, I am getting re-directs to random websites. (This does not occur if I follow a link on a specific website, only in a google search for example)

    I've followed all the steps in the Read-Me thread. I have detailed what did and did not work for me.

    For the SAS, I finally got it to install, but when I try to run it, I immediately get an error: SUPERAntiSpyware Application has encountered a problem and needs to close. We are sorry for the inconvenience.

    For Malwarebytes, it installs, but the actual program will not start/run. (although the mb.exe and mbam.exe processes show they are running in my task manager)

    I cannot download combofix.exe. (the link is not working)

    I have attached my RootRepeal and MGTools logs, which both seem to have run without a problem.

    Thanks again for anything you can do for me.
    Pam
     

    Attached Files:

    pamo619, Jan 16, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please double-click the RootRepeal.exe previously downloaded.

    * Select File then Scan
    * On the Select Drives form select drive C by "ticking" the box for drive C and click OK
    * When the scan is complete - highlight each of the following file(s) (one at a time if more then one is listed) by left clicking it. Then use right mouse click and select the Wipe File option only for each file.
    C:\WINDOWS\system32\H8SRTbbwqgkvxux.dll
    C:\WINDOWS\system32\H8SRTdlvrodlsmt.dll
    C:\WINDOWS\system32\h8srtkrl32mainweq.dll
    C:\WINDOWS\system32\H8SRTouiugyqbar.dat
    C:\WINDOWS\system32\H8SRTtoirrskwns.dll
    C:\WINDOWS\Temp\H8SRT93ee.tmp
    C:\WINDOWS\system32\drivers\H8SRTxbqjlkjtnq.sys
    c:\documents and settings\pam\local settings\temp\~df152.tmp
    c:\documents and settings\pam\local settings\temp\~dfab47.tmp
    C:\Documents and Settings\Pam\Local Settings\Temp\H8SRTd72d.tmp
    C:\Documents and Settings\Pam\Local Settings\Temp\h8srtmainqt.dll
    C:\Documents and Settings\Pam\Local Settings\Temp\H8SRTd72d.tmp
    C:\Documents and Settings\Pam\Local Settings\Temp\h8srtmainqt.dll
    * After Wiping all files, immediately reboot your pc!

    After reboot, download/install/update and run the scanning tools you couldn't run! Attach those logs as well as a new logs from running the C:\MGtools\GetLogs.bat file.
     
    TimW, Jan 17, 2010
    #2
  3. pamo619

    pamo619 Private E-2

    Thank you SO much, Tim. You're wonderful. I removed the files that you suggested and ran or re-ran the original 5 programs. Everything seems to be going much more smoothly. I have attached the logs for all the programs.

    Could you tell me anything about the programs that were on my computer? Or is there somewhere I can go to read about them? I'm just wondering if I should be worried about any security threat as far as identity theft situations.

    Thanks again, and please let me know what else I need to do. I honestly, can't thank you enough!!
    Pam
     

    Attached Files:

    pamo619, Jan 17, 2010
    #3
  4. pamo619

    pamo619 Private E-2

    And here's the MGlog
     

    Attached Files:

    pamo619, Jan 17, 2010
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Looks much better.....run this: Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Now use windows explorer to find and delete:
    C:\Documents and Settings\All Users\Application Data\sysReserve.ini


    You need to, at least, double your amount of RAM:
    Total Physical Memory 512.00 MB
    Available Physical Memory 90.67 MB

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    TimW, Jan 19, 2010
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds