Blue screen, warning! spyware has been detected on your computer!

Welcome to Major Geeks!

Spybot updates can be performed manually by using the below, but you can just skip Spybot.

Spybot Search and Destroy Update

MGtools.exe should be saved to the root folder of the drive that boots up Windows. Normally this would be C:\MGtools.exe.

What you need to do is get us the below logs if you were able to run all of these. Note the more you are able to run and the more logs you get us the better.

• SUPERAntispyware log
• Malwarebytes log
• ComboFix log ( this is c:\combofix.txt )
• MGtools log ( this is C:\MGlogs.zip)

 

You need to run all of the steps in the READ & RUN ME. The first two scans with SUPERAntispyware and Malwarebytes will help alot. If necessary, download the tools onto another PC and copy them to a CD or flashdrive. And then use this to copy to the problem PC.

 

Just let it run!

 

What did you do to your AVG8 antivirus program? It does not seem to be installed/running properly. There are multiple service/processes that are not loading. Did you disable or not allow certain features to be installed?

We have a little more to do. Include will be instructions to remove some left overs from TrendMicro.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [SMshc5vtj0epa1] C:\Program Files\shc5vtj0epa1\shc5vtj0epa1.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

After clicking Fix, exit HJT.

Now reboot and after reboot, delete the below folders if found:
C:\Program Files\Trend Micro\Antivirus
C:\Program Files\shc5vtj0epa1


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.


Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Please read it again. I said sessions not settings. Thus that means close all of your browser windows.

 

Perhaps you need to enter WEP keys. other security info or reinstall drivers. You may be better off trying to work this in the Networking Forum.

Sorry about the combofix request. I was supposed to remove that when I asked you to delete the folders manually.

Your logs are clean now.

For AVG, I suggest that you do the below in the order written:

• download AVG Free Edition so you have the installation file
• uninstall your current copy of AVG8
• reboot your PC
• use the file that you just downloaded to reinstall AVG8
• be sure to update it after installation.

Then if you are not having any other malware problems, it is time to do our final steps:

1. You can uninstall SUPERAntiSpyware now.
2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
4. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\cf" /u
     • Notes: The space between the cf" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\cf folder from combofix.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!