Email and browser issues still unsolved

Discussion in 'Malware Help (A Specialist Will Reply)' started by Trottel, Sep 28, 2010.

  1. Trottel

    Trottel Private E-2

    Hallo,
    Your step-by-step anti-malware scanning procedure has been very helpful, but am not sure if it has got rid of all malware completely.

    Reason for running your process:

    My AntiVir AV updater has been faulty in the past, and I began getting pop-ups saying that suspicious files/programmes had been detected. Clicking on buttons in this pop-up, I accessed an AV list of about 15 suspicious files. I now can't seem to re-access that list, can't find/remember the buttons I clicked. It was nothing to do with the Extras > Detection List. The suspicious-material pop-up hasn't appeared for a few days now, apart from the MGtools.exe false positive which I've now permanently ignored (although I got the pop-up again today).
    I don't know whether the suspicious material listed is an indication of what has got through my defences or whether it is blocked.

    Also:
    For the last couple of months I've had ridiculous problems sending all but the shortest emails via Thunderbird (no attachments allowed, no forwarding, no quoting). From Opera, longer emails allowed but attachments also disallowed. All attempts to send mails from my account on website of email provider fail, whichever browser I use. There are many other interaction problems when logged into sites. I had to send this from my Mac, for instance. A virus issue? These problems remain.

    I've followed instructions to the letter and everything ran smoothly except for one thing:

    The first time that I tried to run MGTools something flashed behind my Explorer box and nothing happened and no MGlogs.zip was created and no command prompt box appeared. The next day, maybe due to re-booting, it runs well apart from the below-mentioned glitch:

    Title of message box: "ProcessDll.exe - Common Language Runtime Debugging Services"

    "Application has generated an exception that could not be handled.
    Process id=0x890 (2192), Thread id=0xdcc (3532).
    Click OK to terminate the application.
    Click CANCEL to debug the application."

    I tried to debug:

    Title of box: "ProcessDll.exe - No debugger found."
    "Registered JIT debugger is not available. An attempt to launch a JIT debugger with the following command resulted in an error code of 0x2 (2). Please check computer settings.
    cordbg.exe !a 0x890
    Click on Retry to have the process wait while attaching a debugger manually.
    Click on Cancel to abort the JIT debug request."

    I then clicked Retry and the command prompt box stopped progressing (, I thought.)
    I closed and restarted MGtools.
    When I arrived at the same problem the Process ID was 0xfe4 (4068), Thread id 0xf2c (3884). (I have no idea if you want this kind of info :-o. The downsize function doesn't seem to work.)
    I pressed Cancel again to debug. The 2nd box was identical to the previous 2nd box except for cordbg.exe !a 0xfe4 and this time I pressed Cancel to abort the JIT debug request.
    It now says scanning is complete. I may have had this message before but did not notice it. I stopped MGTools at one point to turn off my AV and Firewall again.

    I'm now enclosing the MGlogs.zip and the other logs.

    There was no other glitch in the entire multi-program scanning process. Encouragingly, I now have a bunch of icons in my system tray at bottom right whereas before I had had only the clock and a 'DE' button for German keyboard. This sys tray anomaly had existed since I bought my system new on ebay from a company selling off a contingent of them. Is this a possible reason for the problems in the first place? I bought the Acer with XP Pro SP2 on it.

    I'm now studying how to back up as much data as possible prior to updating from XP SP2 to SP3. Any ideas on how I can re-access that malware list in my AntiVir?

    Cheers, WP
     

    Attached Files:

    Trottel, Sep 28, 2010
    #1
  2. Trottel

    Trottel Private E-2

    the 5th log

    enclosed: the MGlogs.zip
     

    Attached Files:

    Last edited: Sep 28, 2010
    Trottel, Sep 28, 2010
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    This does not appear to be a malware issue, as your logs are clean. I suggest that you post in the software forum for further assistance with your issues.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:




    Support MajorGeeks with Geek Wear!
     
    TimW, Sep 28, 2010
    #3
  4. Trottel

    Trottel Private E-2

    Thanks, TimW, for the reply and the time. I've followed all further instructions.
    I'm still intrigued about the suspicious-material list that since my original post I have been able to access once more via the A/V pop-up box. The last time I saw it I noticed that the most recent suspicious file was dated a couple of days before I did Chaslang's run-through. I'm now no longer getting the A/V pop-ups, but if and when I do and there are still suspicious files (with more recent dates) I'll try and send a screen-shot fragment.
    Cheers.
     
    Trottel, Oct 5, 2010
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Do let us know. In the mean time:

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:




    Support MajorGeeks with Geek Wear!
     
    TimW, Oct 5, 2010
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds