are there direct explicit instruction to remove au_.exe

waterboy2 · Nov 1, 2012

are there direct explicit instruction to remove au_.exe

dr.moriarty · Nov 2, 2012

Hello, waterboy2

There are several possibilities for the origin of this file - is it being detected by av/antispyware software? What is its filepath? Please provide us with the requested logs from running our malware cleaning process:

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide

and then attach the requested logs to your next reply when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****

Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes, you could use a flash drive too, but flash drives are writeable and infections can spread to them.

If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.

To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:

Don't Bump! It Only Hurts You!!!

* Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated - our system works the oldest threads FIRST.

Click to expand...

waterboy2 · Nov 8, 2012

i havr run the 5 programs and have attached logs

waterboy2 · Nov 8, 2012

]i have run the 5 programs and have attached logs[/QUOTE]

i did all the procedures and preperations before running the programs

i still get preparing desktop message so it loas a new desktop deleting previous desktop.

attachment jpg 0010 shows the message after new desktop is loaded

also jpg 0001 shows message for problem trying to uninstall hot sheild

thanks for your help

chaslang · Nov 9, 2012

There is no such log as mgtools.log.txt. Please attach the requested log from MGtools so that we can continue. The proecedure specified the log is C:\MGlogs.zip

Also you made your own log for TDSSKiller or you loaded it into some editor which caused it to be modified. You need to just attach the logs we ask for. The TDSSKiller log would automatically be created correctly and would be in your root folder with a date and timestamp added to it. It will also be put into the MGlogs.zip file automatically if instructions for running everything are followed.

waterboy2 · Nov 10, 2012

i hope i have rerun and attached correct files with correct procedure

thanks thanks

waterboy2 · Nov 10, 2012

here is correct mglogzip

i think this is correct

chaslang · Nov 10, 2012

Okay that's better.

Based on these logs I can see that you are not having malware problems and that the au_.exe file you are referring to is due to having the below Yahoo junk installed.

Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

The au_.exe file from the update component. a = auto u = update.

Uninstall Yahoo Software Update and also uninstall the rest of the Yahoo stuff unless you really need it.

Since these are not malware issues, I would suggest that if you continue to have problems with this you should post in the Software Forum.

waterboy2 · Nov 11, 2012

thanks for your help

i deleted the mention yahoo programs

but still have propblems with

user account loading incorrect

many notices that tenp files cannot be used or accessed when trying to download avg

ok thanks again will change channel to software

chaslang · Nov 13, 2012

waterboy2 said: ↑

but still have propblems with

user account loading incorrect
Click to expand...

Yes but this is not a malware problem. You have the environment variable for your user account set incorrectly. It is set to the below:

USERPROFILE=C:\Windows\system32\config\systemprofile

And is should be set to

USERPROFILE=C:\Users\1

Also you do not have your TEMP environment variable set correctly. It is set to:

TEMP=C:\Windows\TEMP

And it should be set to

C:\Users\1\AppData\Local\Temp

waterboy2 · Nov 13, 2012

how do i change or reset these to correct path
thanks

chaslang · Nov 15, 2012

waterboy2 said: ↑

how do i change or reset these to correct path
Click to expand...

As stated this is an issue for the Software Forum. You have a corrupted user account and the easiest fixes may be either:

Try a System Restore to a point before this began. Assuming you did not delete your restore points or did not have system restore disable. If you did, the below are your next options.

Or create a new user account and copy as much as possible from the old account before deleting it.

Or reinstall if nother else works.

Log in or Sign up

are there direct explicit instruction to remove au_.exe

waterboy2 Private E-2

dr.moriarty Malware Super Sleuth Staff Member

waterboy2 Private E-2

Attached Files:

RKreport[1]_S_11072012_02d2119.txt

mbam-log-2012-11-07 (21-25-19).txt

HitmanPro_20121107_2158.log

mgtools log.txt

tdsskiller log.txt

waterboy2 Private E-2

Attached Files:

CIMG0001.jpg

CIMG0010.jpg

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

waterboy2 Private E-2

Attached Files:

TDSSKiller.2.8.15.0_10.11.2012_06.04.20_log.txt

MGlogs.zip

waterboy2 Private E-2

Attached Files:

MGlogs.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

waterboy2 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

waterboy2 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member