Computer Antivirus Issues....

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by desk-engineer, May 21, 2018.

  1. desk-engineer

    desk-engineer Private E-2

    Hi,
    I have been running Comodo Dragon - or at least thought I was. PC running fairly slow but figured it was it's age...... Tried to download Dropbox - downloaded fine but wouldn't run (something about not being connected to the internet, even though I was). Figured it was the firewall, but couldn't get Comodo to open at all (Defender is off btw). Tried deleting to no avail (I appreciate using add/remove to get rid of antivirus is not a plan, but I was desperate by this point - tried deleting all remaining aspects using explorer but a few remain 'undeleatble'.) Figured that the computer may well be a bit of a mess now as it hasn't been properly protected so ran read me... Logs attached (but couldn't run hitman pro for same reason as Dropbox; couldn't run MG Tools as it kept asking permission to allow access to registry files - I said yes but then it would deny and just kept looping) and any help is much appreciated. Thank you.
     

    Attached Files:

    desk-engineer, May 21, 2018
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please have MBAM remove everything it found.

    Now have RogueKiller remove these items:
    ¤¤¤ Registry : 17 ¤¤¤
    [PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{1E1F5BE9-53E4-48BC-88EA-FFB3B412ECF1} (C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogManager\PrivDogManager.dll) -> Found
    [Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE} ("%ProgramData%\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpOav.dll") -> Found
    [PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{42F2CA19-AAA6-4CC1-99DA-AC4E0D89F508} (C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\magpie.dll) -> Found
    [PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{50BD949A-B0DF-4523-8E21-68E7BF6DCD60} (C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogManager\PrivDogManager.dll) -> Found
    [PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{5B06364D-FF00-4BD5-9D01-4379952513F2} (C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll) -> Found
    [Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{5C706BCC-C0EE-DA92-26FE-1D76FCF6D676} (C:\Windows\LPRES.DLL) -> Found
    [PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{60E62B01-4B55-410C-8E53-D6DAF58D2C7C} (C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogManager\PrivDogManager.dll) -> Found
    [PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{8E0DF3C3-BA52-47F7-B601-307E5CB207EF} (C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\scriptservice.dll) -> Found
    [PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{938083A3-03CA-470F-BBDA-5E3F604950FC} (C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogManager\Plugins\PrivDogPlugin.dll) -> Found
    [PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{963B7693-6E7B-4AAF-81BB-DF928CEA7CC6} (C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogServicePS.dll) -> Found
    [PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{D6FE8115-1CBA-40D7-B763-FF0DA33CEB6A} (C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll) -> Found
    [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PrivDogService : "C:\Program Files (x86)\AdTrustMedia\PrivDog\2.2.0.14\trustedadssvc.exe" [x] -> Found
    [PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Privacy Content Firewall ("C:\Program Files\AdTrustMedia\PrivDog\3.0.108.0\PrivDogService.exe") -> Found

    Reboot and rescan with MBAM and RogueKiller and also attach the logs from running Hitman and ADWCleaner.
     
    TimW, May 21, 2018
    #2
  3. desk-engineer

    desk-engineer Private E-2

    all done and new files attached. Still can't run hitman though. Many thanks
     

    Attached Files:

    desk-engineer, May 21, 2018
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Looking better....now have ADWCleaner remove all it found.

    Now download the latest version of FRST the below link.
    Farbar Recovery Scan Tool and save it to your Desktop.


    Note: Make sure you download the proper version ( 32 bit or 64 bit ) for your PC. Only one will run, the correct one. So it you make a mistake and download the wrong one, go back and get the other.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
     
    TimW, May 21, 2018
    #4
    desk-engineer likes this.
  5. desk-engineer

    desk-engineer Private E-2

    Excellent, thanks....
     

    Attached Files:

    desk-engineer, May 21, 2018
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Those logs are clean. What malware issues are you still having, if any?
     
    TimW, May 21, 2018
    #6
    desk-engineer likes this.
  7. desk-engineer

    desk-engineer Private E-2

    Only problem now is that I still can't run dropbox installer/Hitman/Kaspersky free installer due to being 'unable to connect to the internet'.... not Malware issue - just this issue now. Thanks so much for your help
     
    desk-engineer, May 21, 2018
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Ok....yes that is an issue you should pursue in the software forum.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Re-enable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 or 10 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. After doing the above, you should work thru the below link:
     
    TimW, May 21, 2018
    #8
    desk-engineer likes this.
  9. desk-engineer

    desk-engineer Private E-2

    Superb. Thanks again
     
    desk-engineer, May 21, 2018
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. Good luck. :)
     
    TimW, May 21, 2018
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds