antispywarexp2009 Infection

Good afternoon, I thank you in advance for any help you can give me regarding this infection! I am currently posting from another computer - when I try to access this site from mine, it redirects me to ad sites. Can you give me a starting point? I am looking forward to getting rid of this virus but do not know how to proceed since I cannot get here from my home computer. Hope this makes sense! Thanks!

 

http://www.majorgeeks.com/images/grenade.gifWelcome to MajorGeeks.com!http://www.majorgeeks.com/images/grenade.gif

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

• READ & RUN ME FIRST. Malware Removal Guide

• If something does not run, write down the info to explain to us later but keep on going.

• Do not assume that because one step does not work that they all will not.

Notes:

1. If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

Hello, I was able to copy the programs from another computer and begin to run them on mine...although my computer kept freezing during the start up. I went into safe mode and ran superantispyware which found over 200 infections. I then restarted and went into normal mode but found there was no log when I opened the program again. I went ahead and ran the program again in normal mode and continued through the process. I ran spybot and malwarebytes also. Attached are the logs from each process. I do not have the windows CD for combofix and the microsoft support website would not come up for me when I tried. So I stopped there and did not proceed with combofix or MGtools. I am running XP home edition 2002 with service pack 2. Not sure how to proceed from here. Thanks.

 

You need to download and run ComboFix and MGTools. They are required for us to continue in the cleaning process.

BTW, ComboFix, you just download and run, no need to do anything else. You can skip the install of the Recovery Console for now.

 

Ok, here is the log from combofix. I ran mgtools and it showed a log but I can't find it...? I ran a search for mglogs.zip but it didn't find it either. Suggestions? Thanks.

 

You have to download MGTools.exe and run it to get the file.

 

I appreciate your patience with me....I ran mgtools.exe and it stated at the end that my logs were located at c:\mglogs.zip, just as your guide says. But I guess I don't fully understand how to post the log, because when I go to my computer>c: drive, I don't see a zip file there by that name. There is the mgtools folders and mgtools.exe. Am I way off here?

 

Download the file MGTools.exe, save to the root of your C drive. (C:\) and run it from here. It will create a folder "C:\MGTools" and once it thru running it will create a log "MGLogs.zip" in the root of the C:\ drive.

Disable all antispy and antivirus programs before running it. It may be blocking parts of it.

 

Thanks for the direction. I disabled Avast and ran the program again, but got the same results: yes, the mgtools.exe was in the C: drive and it created the mgtools folder, but there is no zip file. Throughout the process of running the mgtools, it kept saying 'could not create output file' - is that normal?

 

No, something is more than likely causing this. For now, look for the following files and attach them if you find them.

 

Here are those items...

 

Pre-Instructions:

1. First, please disable any antivirus and/or antispy programs you have installed so they will not block this fix.
   
2. Print out these instructions or save them to a text file so that you can operate with All Browser Windows CLOSED.

Step 1:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

Again, make sure ALL browser windows are closed when you click FIX.

Step 2:
Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Step 3:
Default Security Settings

To Default Security Settings:
For Internet Explorer 6 users:
Click Start > Run > type inetcpl.cpl and press ENTER, when Internet Properties comes up navigate to the Security Tab and click Default Level for the following:

• Internet
• Local Intranet
• Trusted Sites
• Restricted Sites.

Click OK to exit.

For Internet Explorer 7 users:
Click Start > Run > type inetcpl.cpl and press ENTER, when Internet Properties comes up, navigate to the Security Tab and simply click the "Reset all zones to default level" button. Click OK to exit.

Step 4:
Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


Step 5:
Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\Avenger.txt
• C:\MGlogs.zip

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Everything seemed to go well, although when I changing security settings to default, the 'default' box wouldn't light up unless I changed the level on each item (only the custom box would light up). Then when I returned to click the 'reset all zones to default level' it didn't light up either. Plus, again, the mglogs.zip could not be created due to some type of error. Here is the avenger log.

 

Try once again to run the C:\MGtools\GetLogs.bat file by double clicking on it. If successful, attach the new log it creates.

 

Looks like I finally got a log to create. My pc is running much better, thank you, although its speed is a little disappointing.

 

Thanks again for your time....I ran through your directions and got the avenger log. You mentioned that we would download a new mgtools but didn't give a link. Obvioulsy getlogs.bat wasn't there so I didn't run it. I am attaching the avenger.txt and will await your direction on the mgtools. Also, after running analyse.exe, the last three lines to select weren't there, so only the first, O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime, was selected.

 

I downloaded mgtools and ran it and I'm apparently back to the issue I had before because it wouldn't generate an output log. It runs through the program but I see lines like "zip error: could not create output file" and "zip I/O error: permission denied". The only file at c: is the original mgtools.exe. These error messages are the same I was receiving before. I ran the program twice; once without disabling avast and again after I turned it off.

My pc is running light years better than when I first contacted you guys. Also I did order some additional memory. Thanks again.

 

I found the following in regards to symatec: NIS071030.exe, a symantec shared folder, and an empty live update folder under program files. Can I assume it's safe to delete all of these? I installed the additional memory and there is a huge improvement.

 

Thanks to all who have helped me over the past month! I am very thankful that I found this website and will continue to use it as a resource in the future. Thanks again!