AntiVirus Malware

Welcome to MajorGeeks, ElephantShoe

I'll refer you to this page for an explaination of the Prefetch folder:

http://windows.microsoft.com/en-US/windows-vista/What-is-the-prefetch-folder

*Please attach the last requested log - C:\MGlogs.zip

dr.m

 

Hello, ElephantShoe

*Other than the tools our guide instructed you to save there, I strongly recommend that you clean up this account's Desktop immediately leaving only shortcut links. [ C:\Documents and Settings\brego\desktop ] Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware), and last but not least - it can have an effect on your PCs performance.

*Is this a business machine?

*We recommend a MINIMUM of 1 GB for Windows XP and a MINIMUM of 2 GB for Vista or Windows 7 but the more memory you can add the better.

# You may want to use this to de-select some un-needed applications and processes from loading at startup.
Startup_Control_Panel_Standalone

Question: What can you tell me about this running process - C:\WINDOWS\TEMP\MU26CE.EXE

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Step 1:
Now we need to use ComboFix.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Make sure you have shut down all protection software (antivirus, antispyware, firewall...etc) programs so they do not interfere with the running of ComboFix. *Remember to re-start them before coming back online.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text inside of the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
  If it asks you to overide the previous file with the same name, click YES.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt

Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.

Step 2:
Delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).

Step 3:
Open CCleaner - select "Cleaner" > "Run Cleaner" <---use this function ONLY!

Step 4:
Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Windows 7, use right click and select Run As Administrator).

Please attach the new C:\MGlogs.zip file to your next reply.

* Make sure you tell me if you had any problems running this procedure; and answer this - "What malware problems are you still experiencing?"

dr.m

 

It no longer appears in your logs, but c:\windows\TEMP\WA92A3.EXE does. <-- Delete it.

The "extra processes running" are things that only you can determine which are necessary or wanted. (That's why I suggested using Startup Control Panel to trim them.) You can ask for assistance with this in our Software Forum.

Let's see what an online scan reveals-

Using ESET's Online Scanner

Please attach the ESETScan.txt to your next reply.