Did I Get it?

Discussion in 'Malware Help (A Specialist Will Reply)' started by jimwhite99, Feb 24, 2010.

  1. jimwhite99

    jimwhite99 Private E-2

    I'm running Vista Home Ultimate and began experiencing crashes a few days ago.

    Previously (for the past 30-45 days)I've had boot problems but think they're unrelated. My hard drive wouldn't spin up and the num lock wouldn't work on my keyboard. Popping a memory stick or two out seemed to help. Once booted I have no problems at all. Probably unrelated but I mention it because it's aberrant behavior.

    So 4 days ago I start getting blue screens with various messages. This happens when Exporting using Adobe Lightroom. I run Bit Defender which found this:

    C:\Program Files (x86)\Photodex\ProShowGold\pxf\autorun.inf Trojan.AutorunINF.Gen Deleted

    More Blue Screens so I started on your prescribed course of treatment. Malwarebytes found this:

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Everything else appears clean although I don't know how to read all the logs or even where they are. So here's my MGlogs.zip file which I think is what you need. Many thanks for taking a look for me.

    I'm off to export in Lightroom and see if I crash.

    Jim
     

    Attached Files:

    jimwhite99, Feb 24, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not seeing any issues in your logs. This could be purely a software/hardware issue. You can always download and install:
    AutoEater.

    Let me know what malware issues you are having.
     
    TimW, Feb 24, 2010
    #2
  3. jimwhite99

    jimwhite99 Private E-2

    As I mentioned, Bit Defender caught: C:\Program Files (x86)\Photodex\ProShowGold\pxf\autorun.inf Trojan.AutorunINF.Gen

    and Malwarebytes got : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties)

    and I'm now able to export from LR with no crashes at all. Thanks for looking at the logs and confirming that Malwarebytes probably eliminated the culprit.
     
    jimwhite99, Feb 24, 2010
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you are not having crashes, then it was probably just those two items causing the issues. :)

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to tahe cleaning procedures ian step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
      a
    8. After doing the above, you should work thru the below link:
     
    TimW, Feb 24, 2010
    #4
  5. jimwhite99

    jimwhite99 Private E-2

    Done, I think. I deleted MGTools folder,.exe and log file from my root directory. I didn't use combo fix because I'm running Vista so MGTools was the only other tool I installed other than the two I'm keeping. I now have just one clean restore point.

    Now I need to install startupCPL and control my startups from that (I'm currently using CC and MSConfig).

    You know, I've had UAC turned off for some time now. It interferes with my monitor calibration tool and software. Something about when a UAC window pops up it resets my ICC profile to the default all the time (Vista gamma table bug?). I guess it might be time to find another workaround for that if the UAC is that critical for security.
     
    jimwhite99, Feb 24, 2010
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I have never found UAC to be "critical" to your system. Just depends on your habits. :)
     
    TimW, Feb 24, 2010
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds