Antivirus 2010, please advise

Discussion in 'Malware Help (A Specialist Will Reply)' started by mzmully, Nov 6, 2010.

  1. mzmully

    mzmully Private E-2

    Hello, I just signed up for the forums, but have used your basic computer maintenance and malware removal guides in the past. It is great. But now I think I need some help:

    On 11-5 I was searching for information regarding UFC fighting and clicked on a link to read an article that basically said something like "click here to read entire article", and instantly I knew I had a virus. I was bogged down with "Antivirus 2010" malware. Unfortunately I did not have my Webroot as it recently expired and I had yet to renew it because I am out on maternity leave and have no money (well now I just know better to spend the money now, and purchased the current version of Webroot Internet Security Essentials 2011 at Best Buy yesterday). I have read and "run" first all the information posted in the thread. Here are my logs:

    Thanks for your help,
    mzmully
    (second post contains MGTools log)
     

    Attached Files:

    mzmully, Nov 6, 2010
    #1
  2. mzmully

    mzmully Private E-2

    My computer seems to be running ok now. I think it is slow when I log on because of all of the programs that are loading on start up.
     

    Attached Files:

    mzmully, Nov 6, 2010
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions in the next post I make to you.
     
    Kestrel13!, Nov 7, 2010
    #3
  4. mzmully

    mzmully Private E-2

    Thank you :) I appreciate it.
     
    mzmully, Nov 7, 2010
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Did you have Malware Bytes fix it but perhaps did not attach the log showing this? I am not seeing alot left to do now.

    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
    Code:
    KILLALL::

DirLook::
c:\users\cynthia\AppData\Local\lptmp21244
Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{24735BE4-9E1F-4FFD-B8F4-BBD05126FD2B}]
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe

      http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

    Let us know of any problems you may have encountered with the above instructions and also let me know how things are running now!
     
    Kestrel13!, Nov 8, 2010
    #5
  6. mzmully

    mzmully Private E-2

    I will check my Malware Bytes logs to see if I had run another previously. Before I had access to the internet I had installed Webroot and ran, and it picked up 2 high-level threats which I removed, but I wasn't sure if it got rid of everything. At the moment Webroot is uninstalled because Windows is not recognizing I have any Malware protection when it was installed, so I was going to try re-installing it.

    Do I double-click, or right click and select Run As Administrator? I have Windows Vista.

    I will follow the above instructions for ComboFix now (it was saved on my desktop, and I had run it from that location the first time). Thanks so much for your help!
     
    mzmully, Nov 8, 2010
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes, I couldn't see it listed in your uninstall list in the newfiles.log yet it shows up in the GetUnKey.log. A reinstall sounds like a good idea. But let's finish up here first.
    Just double click it.
    You're welcome, I will be here waiting. :)
     
    Kestrel13!, Nov 8, 2010
    #7
  8. mzmully

    mzmully Private E-2

    Attached are the following:

    1. MalwareBytes log (I did run this one first before the other Malware log I posted, done in SafeMode - it wouldn't let me run any other way). This was a full scan I believe.

    2. ComboFix log, after pasting Notepad doc. on top (the log was saved on C:, but I also saved log it produced to Desktop to upload).

    3. MGtools log zip file (produced by double-clicking GetLogs.bat).

    Please let me know when I can re-enable my UAC and CD Emulation. Then I will try to reinstall my Webroot. Also, I believe my Webroot is a 3-user, will it still work on 2 other computers if I reinstall it again, or does it take away a user because I have to use the CD again?

    Thank you!
     

    Attached Files:

    mzmully, Nov 8, 2010
    #8
  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Not just yet, I'll let you know when.

    Could you please get this: lp_dbghelp.dll into a zipped file and attach it for me in your next post? To do this, see the below:

    Please go to start > Run and paste in the following:
    log retrievable @ C:\collect.zip

    Please go to virustotal and upload the following files for analysis, and let me know the results.

    c:\users\cynthia\AppData\Local\lptmp21244\lp_dbghelp.dll

    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
    Code:
    KILLALL::

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe

      http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.
     
    Kestrel13!, Nov 8, 2010
    #9
  10. mzmully

    mzmully Private E-2

    Attached are the following:

    1. lp_dbghelp.dll in c:\collect.zip file

    2. uploaded lp_dbghelp.dll to VirusTotal, I attached a .txt file of the results. I don't think it is malware.

    3. used ComboFix (pasted Notepad on top), log saved to Desktop and attached.

    4. ran CCleaner (only the default options were checked which included all of the Windows Explorer section, and part of System section).

    5. ran MGtools GetLogs.bat file, zip file attached.
     

    Attached Files:

    mzmully, Nov 9, 2010
    #10
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Ok, reinstall webroot at this point and complete a full system scan with it. What are the results?
     
    Kestrel13!, Nov 9, 2010
    #11
  12. mzmully

    mzmully Private E-2

    Okay I reinstalled Webroot and ran a full scan, it only picked up 18 cookies. Thank you for your help (I really appreciate it!!), my computer appears to be working normally. I'll always make sure I renew my antivirus software now!

    :-D
     
    mzmully, Nov 9, 2010
    #12
  13. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    :-D You're welcome. Safe surfing!

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    Kestrel13!, Nov 9, 2010
    #13
  14. mzmully

    mzmully Private E-2

    No my computer has been working properly.

    I performed the above steps, and after rebooting, my recycling bin icon disappeared, however the words "recycling bin" are still on my desktop.

    I also noticed I have a dead "Viewpoint Manager" icon in my Control Panel that will not delete.

    There is also a "Qoobox" folder in my C: drive, with ComboFix items in it- should I just right-click and delete?

    Thanks!
     
    mzmully, Nov 11, 2010
    #14
  15. mzmully

    mzmully Private E-2

    Oh no, also all of my pictures on my computer will not display unless i click to open the file (usually there is a thumbnail). Also when I open the picture and right-click on it and click "set as background" my computer desktop screen is just black. Also see below post.
     
    Last edited: Nov 11, 2010
    mzmully, Nov 11, 2010
    #15
  16. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Take a look at this, see if this helps. Not a malware issue, so if that does not work you will need to post in the software forum about it.

    Try the below options. (Again, not a malware issue)

    If the program was installed using Windows Installer, then you may use Windows Installer Cleanup Utility to remove the installer information for that program, and also the corresponding entry in Add or Remove programs.

    Add/Remove program Cleaner is a free and useful program that allows you to clean up the Add/Remove programs list in the control panel. It should only be used to remove entries that are broken and cannot be removed by running the uninstall program.
    The uninstall instructions I gave should have got rid of that but yes, just delete it manually yourself.
    Sorry, but you are going to have to ask about this in the software forum.
     
    Kestrel13!, Nov 11, 2010
    #16

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds