Babylon.a

Discussion in 'Malware Help (A Specialist Will Reply)' started by mpetro1, Aug 30, 2013.

  1. mpetro1

    mpetro1 Private E-2

    Need help with Malware! My computer keeps getting pop ups and gets redirected sometimes. I followed the steps in the Read and Run Me First! This has been happening for 2 days. I ran malwarebytes anti-malware which said I had like 30 items found of malware! I will attach all the logs, if you need more information just let me know!
     

    Attached Files:

    mpetro1, Aug 30, 2013
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Are you deliberately set up to use a proxy? It's due to having BrowserSafe Guard installed correct?


    Uninstall iLivid with Revo Uninstaller.


    Re run Hitman and have it delete Potential Unwanted Programs.



    Delete these if they show:
    • C:\Documents and Settings\Mike Petro\Local Settings\Application Data\AskToolbar
    • C:\Documents and Settings\Mike Petro\Local Settings\Application Data\iLivid
    • C:\Documents and Settings\All Users\Application Data\Babylon
    • C:\Documents and Settings\Mike Petro\Start Menu\Programs\iLivid.lnk
    • C:\WINDOWS\system32\REN1DD.tmp
    • C:\WINDOWS\system32\REN1DE.tmp
    • C:\WINDOWS\system32\REN6D7.tmp
    • C:\WINDOWS\system32\REN6D8.tmp
      [*]

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.


    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.



    What is this junk?
    C:\Documents and Settings\Mike Petro\My Documents\PCSpeedUp-Update.exe


    http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
     
    Kestrel13!, Aug 31, 2013
    #2
  3. mpetro1

    mpetro1 Private E-2

    Hi Kestrel13!,

    I did not set up a proxy! I'm not sure what BrowserSafe Guard is and I did not install it! Let me know if I need to change or delete it! (I will need instructions) I received a success message after the registry merge!
    I have no idea where PCSpeedUp-Update.exe came from, I did not install that program!!

    My computer is running better but it seems to be slower than normal!

    Thank you for your HELP,

    Mike

    P.S. let me know if I need to do anything else!!
     

    Attached Files:

    mpetro1, Aug 31, 2013
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You are most welcome. :)

    Fix the proxy with RogueKiller. Or Hitman found it too I believe, that could fix it.

    BrowserSafeguard

    However, if you did not knowingly install it, get it out. (Uninstall it)

    Delete that as well then please.

    How are things running currently?
     
    Kestrel13!, Aug 31, 2013
    #4
  5. mpetro1

    mpetro1 Private E-2

    Kestrel13, You are AWESOME!!!!

    I went into add/remove programs to delete Browser Safeguard and it said it was already deleted. So I just removed it from add/remove programs! I also deleted PCSpeedUp-Update.exe!

    Everything seems ro be running great!! Do I need to do anything else? Can I delete all the programs that I had to run?

    Thank you again for all of your help!!!

    Mike
     
    mpetro1, Aug 31, 2013
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Glad all is well. :)

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.
    7. After doing the above, you should work thru the below link:
     
    Kestrel13!, Sep 1, 2013
    #6
  7. mpetro1

    mpetro1 Private E-2

    I did everything you said in the last post! But I have an issue with the Browser Safeguard. I removed from add/remove but it is still showing up in my system tray at the bottom right hand side of the computer screen. How can I remove it from the tray.

    Sorry for the stupid question! As you can tell I'm not a MajorGeek, but I'm trying to learn!!

    Thanks,

    Mike
     
    mpetro1, Sep 1, 2013
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Apologies, I should have asked to see fresh logs before I gave final steps.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.



    Delete the below if they show:
    • C:\Documents and Settings\All Users\Start Menu\Programs\BrowserSafeguard
    • C:\Program Files\Browsersafeguard
    • C:\WINDOWS\Tasks\BrowserSafeguard Update Task.job

    Any better?
     
    Kestrel13!, Sep 1, 2013
    #8
  9. mpetro1

    mpetro1 Private E-2

    I got the success message, but it still shows the icon in the bottom right icon tray!

    I get this error.....
    Error Deleting file or folder
    cannot delete BrowserSafeguard: access is denied.
    Make sure the disk is not full or write-protected and that the file is not currently in use.
     
    Last edited: Sep 1, 2013
    mpetro1, Sep 1, 2013
    #9
  10. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Download and run OTM.

    Download OTM by Old Timer and save it to your Desktop.


    Code:
    :Files
C:\Documents and Settings\All Users\Start Menu\Programs\BrowserSafeguard
C:\Program Files\Browsersafeguard
C:\WINDOWS\Tasks\BrowserSafeguard Update Task.job

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BrowserSafeguard"=-
[HKEY_USERS\S-1-5-21-1142012906-3544352288-1706853166-1005\Software\Microsoft\Windows\CurrentVersion\run]
"BrowserSafeguard"=-

:Commands
[emptytemp]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.



    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
    (Or if you followed final steps already, download it again to run again.)
     
    Kestrel13!, Sep 1, 2013
    #10
  11. mpetro1

    mpetro1 Private E-2

    I had to download and rerun MGtools. I hope I did this correct!


    All processes killed
    ========== FILES ==========
    File/Folder C:\Documents and Settings\All Users\Start Menu\Programs\BrowserSafeguard not found.
    C:\Program Files\Browsersafeguard folder moved successfully.
    File/Folder C:\WINDOWS\Tasks\BrowserSafeguard Update Task.job not found.
    ========== REGISTRY ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BrowserSafeguard not found.
    Registry value HKEY_USERS\S-1-5-21-1142012906-3544352288-1706853166-1005\Software\Microsoft\Windows\CurrentVersion\run\\BrowserSafeguard not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 321 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 57937 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 3753482 bytes
    ->Flash cache emptied: 1792 bytes

    User: Mike Petro
    ->Temp folder emptied: 26371169 bytes
    ->Temporary Internet Files folder emptied: 38129008 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 58560 bytes

    User: NetworkService
    ->Temp folder emptied: 295392 bytes
    ->Temporary Internet Files folder emptied: 45858411 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 84523 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 763392 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2321124 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 570002534 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 491898 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 656.00 mb


    OTM by OldTimer - Version 3.1.21.0 log created on 09012013_181621

    Files moved on Reboot...
    C:\Documents and Settings\Mike Petro\Local Settings\Temp\JavaDeployReg.log moved successfully.
    C:\Documents and Settings\Mike Petro\Local Settings\Temp\PDApp.log moved successfully.
    C:\Documents and Settings\Mike Petro\Local Settings\Temporary Internet Files\Content.IE5\Z0MAG2EI\xd_arbiter[1].htm moved successfully.
    C:\Documents and Settings\Mike Petro\Local Settings\Temporary Internet Files\Content.IE5\QT937GCT\like[3].htm moved successfully.
    C:\Documents and Settings\Mike Petro\Local Settings\Temporary Internet Files\Content.IE5\QT937GCT\xd_arbiter[1].htm moved successfully.
    C:\Documents and Settings\Mike Petro\Local Settings\Temporary Internet Files\Content.IE5\H7154ZUL\adsCACT7S3W.htm moved successfully.
    C:\Documents and Settings\Mike Petro\Local Settings\Temporary Internet Files\Content.IE5\H7154ZUL\s2[4].htm moved successfully.
    C:\Documents and Settings\Mike Petro\Local Settings\Temporary Internet Files\Content.IE5\H7154ZUL\showthread[1].htm moved successfully.
    C:\Documents and Settings\Mike Petro\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...
     

    Attached Files:

    mpetro1, Sep 1, 2013
    #11
  12. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Explain how things are running.
     
    Kestrel13!, Sep 2, 2013
    #12
  13. mpetro1

    mpetro1 Private E-2

    Everything is running good! BrowserSafeguard is gone!
    Thanks Again,

    Mike
     
    mpetro1, Sep 2, 2013
    #13
  14. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Excellent. :) Then you can follow the final steps I gave you a few posts ago.
     
    Kestrel13!, Sep 2, 2013
    #14
  15. mpetro1

    mpetro1 Private E-2

    Thanks again for your help! Everything is running good!

    Mike
     
    mpetro1, Sep 2, 2013
    #15
  16. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You're most welcome. I am glad to hear it. :cool
     
    Kestrel13!, Sep 2, 2013
    #16

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds