braviax & having trouble using tools

Very unlikely. Make sure you downloaded and used the current version of MGtools and then look for the C:\MGlogs.zip file and attach it.

 

You did not let it finish running. Try again.

 

You should not be running anything on your own in this folder. You could break things. Some of those files are only there for special procedures. In addition, you did not run what we need to have run.

Let's see if we can find out why you cannot run the program.

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.


Also do the below.

Click Start, Run, and enter services.msc and click OK. This will bringup the Services form. Scroll down to exactly the below service name:

Windows Management Instrumentation

and double click on it. Make sure the Service status: shows as Started. Also make sure the Startup type: shows as Automatic. Let me know what you find.

 

Normal and part of the tools.


I'm going to give you some steps to follow. You MUST follow these steps exactly and they MUST be performed in the order written. I suggest that you read thru all of it first before running any steps. I know that MGtools is going to abort and not work properly. We still need to do this to get some new files extracted when the EXE runs.

1. Download The Avenger by Swandog46, and save it to your Desktop.
2. Extract avenger.exe from the Zip file and save it to your desktop but DO NOT RUN IT.
3. Now download and save the below two files to the root folder of your Windows boot drive. Normally this would be drive C. If you do this correctly, you will then see C:\MGtools.exe and FixAVP.exe You need to redownload this MGtools file because it is a new version. Just overwrite your previous version.
   • MGtools
   • FixAVP
4. Now run MGtools.exe by following the instructions given here Using MGtools which will help your understand how to run it and what will happen. You don't need to worry about attaching the MGlogs.zip file that it mentions yet because we have more to do and new log will be obtained later.
5. Now run the FixAVP.exe file by double clicking on it. This will attempt to automatically run Avenger (which you downloaded above) and it should also try to reboot your PC so don't be alarmed when this happens.
6. After Reboot, and if all goes well, a new scan by MGtools should automatically take place because Avenger will try to run C:\MGtools\GetLogs.bat which will begin all the scans again.
7. When GetLogs.bat finishes running, there will be a new C:\MGlogs.zip file and now it will be time to attach it to your next message. Make sure that you allow GetLogs.bat to finish running. It will tell you when it is finished. Do not close the command prompt window on your own until it is finished.

 

Did you have any problems follow any of the steps? Did you get avenger.exe extract to your Desktop. The automatic fix did not work as desired.

 

Try doing the below.

Download this file eventlog.dllmg and save it to the C:\MGtools\temp folder. You must save it here so that the below fix can attempt to work.

The below assumes that you have avenger.exe on your Desktop. This procedure will attempt to replace the infected system file with a good copy and the after a reboot it will try to automatically run the MGtools scans by running the GetLogs.bat batch program.

• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Let's see if the bad file was replaced. It sounds like it was not. What is the size of the below file:

C:\WINDOWS\system32\eventlog.dll


Also do you have your Windows boot CD?

 

Okay then it is the infected one.

We will use it to boot to the Recovery Console and replace this infected file while Windows is not running. Then we will reboot and see where things stand. It is possible that you have a newer and more destructive form of this infection and it may potentially have cause too much damage to your system. We shall see. Also you should think about how much more time you would like to spend on this before just biting the bullet and reinstalling.



However before boot to the Recovery Console, let's just try a few things. Some of these probably will not work. Just continue on.

1. Try uninstalling PC Antispyware 2010
2. Now try manually deleting the below files. Some of these definitely will not let you delete them. The list is long because you are badly infected and that is why we are having such difficulties:

Now read thru the below to familiarize yourself with it and print it so you can refer to it while offline since you will not be able to browser once starting the below.

1. Put the Windows XP CD into the CD ROM tray and close the tray. You may get a popup window asking about installing Windows XP. If you do, just close that window.
2. Then restart your computer
3. This should cause your computer to boot from the CD instead of the hard drive..(if not your you'll need to enter the BIOS and set the boot order so the CD ROM is first in the list.)
4. You should get a "Press any key to boot from CD" message! Press a key to do that otherwise it will by pass the CD boot.
5. After it boots up, you will see it load a bunch of files (be patient it can take a little while) and eventually you will see a menu where you can select the "Recovery Console" by pressing R It is normally the middle item in the list. Press R
6. You will see a list of possible Windows partitions with numbers next to them. Select your Windows Installation (which is C:\Windows) by typing the number next to it (which should be 1) and press enter.
7. It will ask you for the Administrator password is next (so make sure you know it). It you never gave it a password it is probably blank. If it is blank, just press enter. If you have set one then type it in and hit enter. It will tell you if you enter the wrong password.
8. When you enter the correct password you will get a prompt that looks like this: C:\WINDOWS>

Now from this command prompt window, here are some things I want you to do. Enter the below commands (the commands are in bold black) in the order given. I will add comments in purple. There is a space before each C:\

copy C:\WINDOWS\ServicePackFiles\i386\eventlog.dll C:\WINDOWS\system32\eventlog.dll

If you get a prompt about overwriting the eventlog.dll file, make sure you say yes. Note any error mesages while running the above command. Now we will repeat trying to delete some files that I expect could not be deleted while Windows was running. Enter each of the below. The del command is always followed by a space.

del C:\WINDOWS\braviax.exe
del C:\WINDOWS\cru629.dat
del C:\WINDOWS\muguleke.exe
del C:\WINDOWS\ojyli.exe
del C:\WINDOWS\rofil.exe
del C:\WINDOWS\zynuh.com
del C:\WINDOWS\system32\braviax.exe
del C:\WINDOWS\system32\cru629.dat
del C:\WINDOWS\system32\wisdstr.exe
del C:\WINDOWS\system32\~.exe
del C:\WINDOWS\system32\dllcache\beep.sys
del C:\WINDOWS\system32\drivers\beep.sys

exit <--- this will exit the Recovery Console and boot to Windows

After booting into Windows, see if you can run C:\MGtools\GetLogs.bat by double clicking on it. Attach the new C:\MGlogs.zip file.

Now also see if you can run Malwarebytes, SUPERAntispyware, and ComboFix.