can't run scans!!!!!!!!

I've read through the similar threads with this title. This isn't just about not being able to run scans, though--there is NO CONTROL PANEL! Some stuff comes up at install and says that I don't have rights to use the program--but I AM the administrator. The writers of this one are really skilled!

The user thought she was an a legit website, clicked to install activex control and now has a popup asking her to download a malware remover. I've got all the tools downloaded to a CD to run at the station, but some of the live scans shut down before I can get a log out of them.

 

Hi yanqui!
Welcome to MajorGeeks!
Please try running the following scan in either normal or safe mode. If that doesn't work, I'll give you another one.
Run this utility:

abri

 

here's the combofix log. Thanks for the quick reply.

 

And at the bit defender website, when I click on Click here to scan, I get a pop up box that says "This web site is not authorized to host this ActiveX control."

 

Hi yanqui,
Are you able to run any other scans now? If so, I would like for you to continue by following the instructions at this link: NEW READ & RUN ME FIRST WITH MG TOOLS

You've already run Combofix, so you don't need to do that again. Please try and get as much of this done as you can and post whatever logs you get back to me as attachments. Also, be sure to look for the instructions which apply to your operating system. If you can't do all these instructions yet, please try to download the MGTools to a cd on another computer and transfer them to your computer via cd. However, if you can run the complete set of scans, each step will help you.

abri

 

Panda scan did run. I'll post what I've got.

 

more logs.

 

Hi yanqui!
If you have Counterspy on your computer and you can use it, please have it scan and FIX everything it finds! If it works, please have it make a log. Here are the instructions for getting the log for it:

Also, I need the most recent hijackthis log. You may want to make a new one and attach it with your next post.

More later!
abri

 

sorry I was away from the desk for a few days and couldn't get back to this. I'll post logs in just a bit.

 

Here are the logs from counterspy and hjt.

 

Hi yanqui!

1) Please rerun Counterspy and have it quarantine all that it finds!! Then repost the log!


2) Next, go to add/remove programs and uninstall the following:

- J2SE Runtime Environment 5.0 Update 10



3) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


4) Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

Again, make sure ALL browser windows are closed when you click FIX.

After you finish, just close the program.


5) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


6) After you have completed the above in the correct order, please attach the following logs.

• ShowNew Log (newfiles.txt)
• GetRunKey Log (runkeys.txt)
• HijackThis Log (hijackthis.log)

How are things running? Do you have your control panel?

abri

 

I'll get back over to her machine on her lunch and do those things. I do have control panel back, and that will enable removal of the older java RE. (That's why I couldn't get rid of it before.) We do use Windows Messaging; it works with our GroupWise email client and is absolutely required. I'll take care of teh rest soon, but the machine is running better, the popup went away somewhere in teh middle of the previous activities, IE still doesn't want to shut down but that's just a matter of time, isn't it, before we get rid of that little problem. I've also installed McAfee Site Advisor for her; I use it myself and find it a great tool for staying away from trouble.

 

I did run counterspy, it quarantined four items, but I can't find how to get the log. The trial version has expired, could that keep me from getting the log? There are four items in quarantine from the 11/6 scan: trojan.dloader.ama, trojan.fakealert, need2findbar, and desktop weather. Scan logs coming next.

 

latest getrunkey, shownew, and hijackthis logs.

 

edited by yanqui.

 

Are you having any current malware problems? If so please attach fresh logs from the below and we will go from there.

• GetRunKey
• ShowNew
• HijackThis

 

The final issue was caused by browser helper objects not shutting down properly, which itself may have been caused by malware, but disabling all browser helper objects allows IE to shut down properly, and also allows to initialize properly. Other issues are now clean, thanks for all the help, you guys totally rock!

 

Good deal!

You should see this article on How to Protect yourself from malware!