Getting Pop ups

Not too sure about these. They don't seem to be malware. Are there part of the Rival Gaming stuff I see in the logs? I don't like where Rival Gaming is putting files and I was going to suggest uninstalling it. But it does not show in your logs as having beenin installed.

No Torrent downloading programs can be called "safe"! Are they considered malware? For the most part no, but they are a very large cause of infected PCs and they frequently install 3rd party garbage and toolbars that are unwanted and can cause search engine redirects. You may have picked up the Babylon garbage seen in your logs from BitTorrent toolbar. Shutdown ALL browsers sessions and then uninstall the below:

BitTorrentControl_v12 Toolbar

Then reboot, after reboot, contine.




Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT will reset your home page to a google default so you will need to restore your home page setting.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Rerun RogueKiller and run a scan. After it finishes the scan, select the Registry tab and then select any of the below that exist and then click the Delete button.

Then immediately reboot your PC.

After reboot, run a new scan with RogueKiller and save a log as in original instructions and attach the new log.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• the JRT.txt log
• the new RogueKiller log
• C:\MGlogs.zip

 

You're welcome.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Make sure you tell me how things are working now!

 

Yes don't wait so long to follow instructions and finish the ones already given. If you cannot run them now due to the blue screen, then try using system restore to go back to an older restore point.

 

Please answer the below questions:

1. How frequent are these types of things occurring?
2. Do they only occur when on certain websites?
3. Do they occur no matter which browser is used? Try more than one but only have one opened at any time.

Also let's do the below.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: (no name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
O2 - BHO: Privacy SafeGuard - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com

After clicking Fix, exit HJT.


Uninstall this >> Privacy SafeGuard version 1.1

Please rerun a scan with RogueKiller and attach the new log.

Also please run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).



Then attach the below logs:

• C:\MGlogs.zip

 

Looks like you some how reinfected the PC. We fixed these items and verified in the RogueKiller log in message #3 that they were gone. You need to make restricted user accounts for the kids. There should only be one person use the account with administrator permissions and this should be you. Kids should not have admin permissions on a PC used by everyone.

Rerun RogueKiller and run a scan. After it finishes the scan, select the Registry tab and then select any of the below that exist and then click the Delete button.

Then immediately reboot your PC.

Let's also uninstall this now >> Pirate101

After reboot, run a new scan with RogueKiller and save a log as in original instructions and attach the new log.

Also rerun Hitman Pro to get a new log.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• the new Hitman log
• the new RogueKiller log
• C:\MGlogs.zip

 

Okay now we see some big trouble in the Hitman log. You will notice this is also new. See the first Hitman log which did not show this.

and

Do you have everything you need on this PC backed up???? We have seen problems recently when fixing these infections. Sometimes the PC will not boot after fixing.

If you run TDSSkiller, does it find the Alureon infection?

 

Okay that is good that TDSSKiller found the Pihar infection and appears to have fixed it. Let's rerun another scan with Hitman and see if it also comes up clean now. Attach the new log.

 

Allow Hitman to fix the below stuff

Code:

   C:\Users\Home Base\AppData\Local\RivalGaming\Updater.exe
   C:\Users\Home Base\AppData\Local\Temp\013ae05b6724.exe
   C:\Users\Home Base\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components\xpcomponent.dll
Potential Unwanted Programs _________________________________________________
   C:\Users\Home Base\AppData\Local\Babylon\ (Babylon)
   C:\Users\Home Base\AppData\Local\Babylon\Setup\ (Babylon)
   C:\Users\Home Base\AppData\Local\Babylon\Setup\BExternal.dll (Babylon)
      Size . . . . . . . : 129,536 bytes
      Age  . . . . . . . : 289.6 days (2012-02-05 20:06:25)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : C55F47F36D379832A290CE11AE31341587A366E563888E5849E421750EC5BEE8
      Fuzzy  . . . . . . : 6.0
   C:\Users\Home Base\AppData\Local\Babylon\Setup\HtmlScreens\ (Babylon)
   C:\Users\Home Base\AppData\Local\Babylon\Setup\HtmlScreens\common.js (Babylon)
   C:\Users\Home Base\AppData\Local\Babylon\Setup\HtmlScreens\page1.js (Babylon)
   C:\Users\Home Base\AppData\Local\Babylon\Setup\HtmlScreens\page2.js (Babylon)
   C:\Users\Home Base\AppData\Local\Babylon\Setup\Setup.exe (Babylon)
    
   HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
   HKLM\SOFTWARE\Wow6432Node\Babylon\ (Babylon)
   HKU\S-1-5-21-975715790-1629280076-3763750169-1001\Software\Softonic\ (Softonic)

Then reboot your PC and run a new scan with Hitman. Attach the new log.

 

Okay now let's get one more log from RogueKiller to make sure none of those items came back.

 

You're welcome. Still looks good.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
3. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 6 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely!