Did the run through, pls chk if I'm ok now

Discussion in 'Malware Help (A Specialist Will Reply)' started by angelinhi, Feb 13, 2009.

  1. angelinhi

    angelinhi Private E-2

    Hi, this is my first time here so I hope I get this right.

    This is what I posted in another forum but didn't get a response:

    "Symptoms":
    - takes a looooooong time to boot up, to process my XP password, to load up
    - erases most icons off my desktop at every re-start
    - moves everything in My Documents and puts it in a TEMP file in c:Documents and Settings with whatever's missing from the desktop
    - creates new Owner files in c:Documents and Settings
    - received an alert that something was trying to change my default browser to IE (I use FF)
    - reverts my desktop display to XP default theme but with the green leaf wallpaper
    - reset/erased all of my email settings, internet settings so I have to reconfigure all of it again. My comp is almost as if it's as it was when it left the store, just with added programs and those "hidden" items mentioned above in Docs and Settings.

    So here I am to see if you can help me. I did the run-through but my computer is still acting rather strangely (i.e. very slow everything from booting up to logging in to opening programs - especially anything related to monitoring for Spy/Mal/Adware, email, browser, etc.). I am also unable to run msconfig.

    Someone recommended I move my important docs and pics to D: so I did.

    Attached are the logs. TY in advance!
     

    Attached Files:

    Last edited by a moderator: Feb 14, 2009
    angelinhi, Feb 13, 2009
    #1
  2. angelinhi

    angelinhi Private E-2

    Here's the 4th log.
     

    Attached Files:

    angelinhi, Feb 13, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are clean...but we can clean up a few things.

    Use windows explorer to find and delete:
    C:\Documents and Settings\Owner.DKSA\Local Settings\Application Data\WildTangent

    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    I suggest that you continue with this in the software section as this is not a malware issue.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, Feb 14, 2009
    #3
  4. angelinhi

    angelinhi Private E-2

    Thank you so much.

    I am having a problem though deleting the combofix as directed. I get a dos screen that tells me it cannot be installed b/c it's being used. :confused In fact it was 2 dos screens with 4 of those messages on each. I also got a smaller window telling me "error".

    I did follow instructions to download to my desktop.

    The registry did update successfully.

    Please advise what to do now, I don't want to mess anything up inadvertently. TY AGAIN!


    EDIT: Ok right after I posted this, I got a little window telling me that ComboFix.exe uninstalled successfully. >_O At any rate, please advise anyway LOL, TY!
     
    angelinhi, Feb 14, 2009
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Since you already removed the majority of the malware at the other site, I would suggest that you post in the software section or start a new issue at that other site.
     
    TimW, Feb 16, 2009
    #5
  6. angelinhi

    angelinhi Private E-2

    Just wanted to thank you again. I'll surely post in the software section since I am still having some problems. :)
     
    angelinhi, Feb 18, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds