completeted "Read and Run Me"

Discussion in 'Malware Help (A Specialist Will Reply)' started by mikeRa20, Aug 4, 2012.

  1. mikeRa20

    mikeRa20 Private E-2

    Not sure if I have much of a problem but If I do help would be greatly appreciated.

    After wife updated itunes, some program called tuneup got down loaded and a snap.do toolbar appeared. not sure how this happened.

    Homepage became something like snap.do, but was able to change it back to google.com easily.

    I managed to remove tuneup via add/remove programs, however when trying to do so to the snap.do program a pop-up saying browsermanager.exe is trying to make changes and whether I wish to allow it to do so. The browsermanager.exe had no publisher listed so to be safe I declined and decided to run "Read and Run Me".

    The scan results appeared to be clean for the most part. Rouge Killer seemed to find a few things and in its quaratined folder was snap.do.exe.vir

    Thanks in Advance.
     

    Attached Files:

    mikeRa20, Aug 4, 2012
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:


    • [SUSP PATH] HKCU\[...]\Run : Browser Infrastructure Helper (C:\Users\monica\AppData\Local\Smartbar\Application\SnapDo.exe startup) -> FOUND
      [SUSP PATH] HKUS\S-1-5-21-1290237407-3065346672-1032627741-1000[...]\Run : Browser Infrastructure Helper (C:\Users\monica\AppData\Local\Smartbar\Application\SnapDo.exe startup) -> FOUND

    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
     
    TimW, Aug 4, 2012
    #2
  3. mikeRa20

    mikeRa20 Private E-2

    I got two new reports. One from when I ran RK then another after I deleted the two entries.

    Both are attached
     

    Attached Files:

    mikeRa20, Aug 4, 2012
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Use windows explorer to find and delete:
    C:\Users\monica\AppData\Local\Smartbar\Application\SnapDo.exe

    Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Aug 5, 2012
    #4
  5. mikeRa20

    mikeRa20 Private E-2

    I still get the snap.do stuff with mozilla and in explorer the toolbar is there but its blank.

    The fixME.reg got conformation that it worked.

    The first time I ran getlogs i forgot to run as admin so aborted and started process again.
     

    Attached Files:

    mikeRa20, Aug 5, 2012
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Why haven't you removed it from you Add/Remove program list?
     
    TimW, Aug 6, 2012
    #6
  7. mikeRa20

    mikeRa20 Private E-2

    I wasnt sure if browserhelper.exe is legitimate.

    When removing snap.do from add/remove list a pop asking if I wanted to allow browserhelper.exe to make changes popped up.

    I've just removed it, explorer looks fine now, mozilla still has snap.do on startup.

    do I just need to change mozzila home page?
     
    mikeRa20, Aug 6, 2012
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes. What problems remain?
     
    TimW, Aug 7, 2012
    #8
  9. mikeRa20

    mikeRa20 Private E-2

    all seems good.

    thanks for your help.

    is there anything more I need to do to?
     
    mikeRa20, Aug 8, 2012
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know and you are welcome.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
    2. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    7. After doing the above, you should work thru the below link:


    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0
     
    TimW, Aug 8, 2012
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds