Finished malware removal guide. here are my logs.

Discussion in 'Malware Help (A Specialist Will Reply)' started by gotslayer, Oct 28, 2012.

  1. gotslayer

    gotslayer Private E-2

    Thanks for looking. I encountered the FBI MONEY-PACK Virus/malware. The very first thing i did was restart in safe-mode with networking and did a system restore to regain access to my laptop. i then re-installed AVG and ran a full scan. that scan came back zero threats found. I then came to major-geeks forum and followed the READ ME RUN ME malware removal guide and here are the logs that came from them. i appreciate any and all help. thanks. :major
     

    Attached Files:

    Last edited: Oct 28, 2012
    gotslayer, Oct 28, 2012
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Did you indeed take action on the items MBAM found?

    What's inside of these folders?

    • C:\ProgramData\BOINC
    • C:\ProgramData\dbg
    • C:\ProgramData\kgrefstaeuleveh
    • C:\ProgramData\polhktrpahmrghd
    • C:\Program Files (x86)\7461C2F36F3242E3BC94409AC2223634



    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.
     
    Kestrel13!, Oct 28, 2012
    #2
  3. gotslayer

    gotslayer Private E-2

    OK. Thanks I did indeed get a success message.
    I did fix the issues found when i ran MBAM. I re-ran it twice with zero infection found.

    OK... C:\ProgramData\BOINC is software i downloaded from discovery it is for research for seti. Its donated cpu time to scan data for them.

    C:\ProgramData\dbg was empty so i deleted it.

    C:\ProgramData\kgrefstaeuleveh was a random txt file associated with polhktrpahmrghd

    C:\ProgramData\polhktrpahmrghd was a folder that contained the html and css files and jpg, png's. for the fbi moneypack window that locks the screen. so i deleted that aswell.

    *** reason for edit*** C:\Program Files (x86)\7461C2F36F3242E3BC94409AC2223634 was also an empty folder so i deleted it aswell

    If there are any more steps that should do please let me know. or if i should re-run the posses. Thanks you very much.
     
    Last edited: Oct 28, 2012
    gotslayer, Oct 28, 2012
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Let's do this one more time and I can see if anything else remains.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.
     
    Kestrel13!, Oct 29, 2012
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds