Fixwareout trouble, log attached

Backstage8 · Aug 10, 2008

Thank you for reading my post,

I ran a Pandasecurity scan and it found a Fixwareout Trojan. I searched for the virus definition and found chaslang’s post on running the Fixwareout removal tool. I downloaded the tool and ran it like the directions said. I am posting the Fixwareout tool log like the directions requested. Please read the log and advise me further.

Thank you!!!

Username "Steve" - 08/10/2008 19:59:04 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="\"F:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"vptray"="F:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"ccApp"="\"F:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"AtiPTA"="atiptaxx.exe"
"QuickTime Task"="\"F:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"F:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="\"F:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

TimW · Aug 11, 2008

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide

Note:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

Backstage8 · Aug 13, 2008

Well...Whew...I got through all of the read and run items. I downloaded all of the tools and ran them ALL. I ran the CCleaner on every desktop including the Admin screen...then ran Super Antispyware gave me the blue screen of death when I ran it Both ways the instructions said to. Spybot Search and Destroy also gave me the blue screen of death. Malwarebites ran without concern and found nothing. ComboFix found a file in the Documents and Settings folder...after the scan it was trying to delete that file and, got the blue screen again. Now here's something strange..I can't get my symantec corp. edition to work, also if I Right click on ANY file, the symantec installer pops up and tries to Re-Install the program and I get an error message...An error occured while loading savrt32.DLL. I am attaching the logs.

Thank you for your help!!!

TimW · Aug 14, 2008

Your logs are clean ...you will need to write down the exact errors on the BSOD's and post in the software section. This is not a malware issue, it is more likely a software problem.

Let's clean up from all the scans:

You can uninstall SUPERAntiSpyware now.

We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combo-fix folder from combofix.

If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.

If we had you run Avenger, you can delete all files related to Avenger now.

If we had you run RenV.exe, you can delete it and the Log.txt file on your Desktop.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip

If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Click to expand...

Backstage8 · Aug 15, 2008

Thank you for all of your help!!!!

TimW · Aug 15, 2008

Your most welcome...safe surfing.

Log in or Sign up

Fixwareout trouble, log attached

Backstage8 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Backstage8 Private E-2

Attached Files:

MGlogs.zip

combofix log.txt

mbam-log-8-13-2008 (17-35-20).txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Backstage8 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member