AV Security Suite info

Welcome to Major Geeks!

Correct. In the Malware Forum, only the originator of a thread and authorized malware fighters can post to that thread. This prevents

• getting incorrect answers from novices
• thread hijacking
• and keeps the thread on topic and flowing smoothly

The people who get their PCs infected with this would know best how they received these infections but the typical places they may occur from are any of the below and this is not necessarily the only way:

• torrent or P2P downloading
• surfing questionable websites especially porn, sites with illegal software for download, and possibly some gambling sites
• video download sites including big name ones who don't police the stuff they have available for downloading
• installing codecs to view various online videos (very common cause)
• also online sites like FaceBook, MySpace....etc are also possible causes

And many people do not have their PCs properly protected with an antivirus, antispyware, and a real software firewall (not the Windows firewall) and they also allow Windows and many other programs to remain out of date with updates leaving hundreds of security holes.

If your goal is to learn to be a malware fighter, see the below thread:

Becoming A Malware Forum Helper

It takes a significant amount of time and dedication.

 

You're welcome.

How do you know it did not stop it? Did the notice you received say you were still infected? Perhaps it did block it and was just telling you it did. I would not know without seeing a log or the actually message. In fact I don't even know what it was finding or whether it was even valid without a log showing exactly what and where.

Performing a Restore can sometimes just mask the effects of the malware without fully removing the malware. For example, it the malware starts its dirty work by have adding a startup entry to your registry, doing a restore could remove the startup entry from the registry since an older copy of the registry is restored. But it does not necessarily remove all of the files the infection may have put on your PC and it may not fix other problems created by the infection since a System Restore is not a 100% backup.

 

Are you an expert at reading MGtools logs?

If you do not attach the 3 logs from SAS, MBAM and MGtools, we cannot help you determine your status for sure.

Not a recommended program. Never was and likely never will be. Was even considered a rogue at one point.

Yes! We don't care about seeing anything in System Restore since they will be cleaned when System Restore is disabled but only after we have deemed a PC to be clean. Having even infected restore points could be better than none at all.

 

You are in pretty good shape. You just have a few minor things to do.

I do however question the use of PageRage Toolbar from FaceBook which is not recommended and has cause many people problems. We recommend uninstalling.

Also Yontoo Layers has been considered malware (re the below)

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll

And this was installed when you installed PageRage, probably without even telling you it was installing.



Uninstall the below old versions of software:
Java(TM) 6 Update 20

Now install the current version of Sun Java from: Sun Java Runtime Environment

Delete the below folder:
C:\ProgramData\Viewpoint

Also delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\Windows\TEMP
C:\Users\Register\AppData\Local\Temp

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.


Are you currently having any malware problems?

 

You're welcome.




If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!