Got a case of the anti-malware malware...

Discussion in 'Malware Help (A Specialist Will Reply)' started by CajunR, Jan 24, 2009.

  1. CajunR

    CajunR Private E-2

    I have not used my computer for about 2 weeks. I launched Firefox today, and was able to visit my usual haunts (hotmail, yahoo, thumpertalk.com) without issue. I navigated to photobucket.com, and the page loaded just fine. Then, it began to download another page than advised my hard drive was infested with trojans and malware. A myriad of pop-ups followed, and I was not able to get back to the photobucket site. After that, I could only get to a few sites, but most anything I navigated too would start it all over again. I was not able to access Majorgeeks from that computer. I used google to search for major geeks, and anything I clicked on in the search would re-direct me to another anti-malware site in a new tab. Copying and pasting the URL in the address line yielded the same result. I tried to run Spybot, and it wouldn't start up. I ran through the instructions:
    I went through add/remove programs and got rid of one that looked suspicious. I did not make a note of the name.
    I set Msconfig for normal startup mode.
    I don't have an anti-virus software running, so no quarantine to empty.
    I emptied the recycle bin.
    I downloaded and ran CCleaner.
    I enabled viewing of hidden files.
    I followed the instructions for Windows XP cleaning:
    Downloaded SUPERAntiSpyware
    Downloaded SpyBot - Search & Destroy
    Downloaded Malwarebytes Anti-Malware
    - Renamed the downloaded mbam-setup.exe file to mb.exe.
    Downloaded combofix.exe
    Downloaded MGtools.exe

    SUPERAntiSpyware will install, but won't run. I get an 'Application has encountered a problem and needs to close' message.
    SpyBot - Search & Destroy will not install. I get to the 'Setup is now downloading additional file to your computer' part of the install wizard, and I get an error message stating that a connection with the server could not be established.
    Malwarebytes Anti-Malware installs, but double-clicking on the desktop icon it created does nothing.
    Combofix.exe installs, but double-clicking on the desktop icon it created does nothing.
    MGtools.exe installs and runs as instructed. I have attached MGlogs.zip.

    My PC is now working as expected. I naigated to photobucket again, and nothing went crazy. I toggled system restore and restarted, but I still can't get any of the downloaded programs in the cleaning procedure to work. Please let me know if the log indicates anything I can do, as I typically run spybot a couple times a month. It's not working at all right now.

    Thanks in advance,
    Rob Hebert
     

    Attached Files:

    CajunR, Jan 24, 2009
    #1
  2. CajunR

    CajunR Private E-2

    Just a quick update: My PC is NOT working correctly. I can't access majorgeeks.com from it. Anything I search for in google opens another tab and goes to info.com. Typing www.majorgeeks.com into the address bar gives me a failed to connect error in Firefox.

    -Rob
     
    CajunR, Jan 24, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Why not???? Last time you were here you were given instructions to do just that. In the future, you will be refused any help. We do not have time to help people who refuse to properly protect their computers.


    • Please try following the steps given in the below
    • After following those instructions and rebooting, see if you can run the other tools requested in the READ & RUN ME.

    Also you did not uninstall Viewpoint Media Player as requested in step 1 of the READ & RUN ME and you did not uninstall your very old outdated Sun Java version and install the current version which was also requested in step 1 of the READ & RUN ME. Old Java versions are high security risks!!!!

    You need to complete those instructions now.

    I also strongly recommend that you uninstall RemoveIT Pro XT2 (Trial) before you run it and it breaks your PC. It has way too many ridiculous false positives.
     
    Last edited: Jan 27, 2009
    chaslang, Jan 27, 2009
    #3
  4. CajunR

    CajunR Private E-2

    I tried to downloaded jre-6u11-windows-i586-p.exe on another PC three times, but the download failed.
    I uninstalled Viewpoint Media Player.
    I uninstalled RemoveIT XT2 (Trial).
    I uninstalled J2SE Runtime Environment 5.0 Update 2. I received an error that stated java.lang.NullPointerException. I clicked OK, and the uninstall completed.
    I restarted.
    I disabled the TDSSserv rootkit driver and restarted.

    I ran SUPERAntiSpyware as instructed. SASlog.txt attached.
    I installed SpyBot - Search & Destroy. Created the registry backup. Immunized. 18 problems found and fixed.
    Updated and ran Malwarebytes Anti-Malware as instructed. No malicious items were detected. Log attached.
    Ran Combofix as instructed. combofix.txt attached.
    Ran MGtools as instructed. MGlogs.zip attached in next post.

    I successfully downloaded jre-6u11-windows-i586-p.exe and installed it.

    The PC seems to be working fine now. I'm not getting a barrage of redirects, and I can navigate directly to pages found while searching. Please let me know what the logs show.

    Thanks,
    Rob
     

    Attached Files:

    CajunR, Jan 27, 2009
    #4
  5. CajunR

    CajunR Private E-2

    Last log.
     

    Attached Files:

    CajunR, Jan 27, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below log:
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Jan 30, 2009
    #6
  7. CajunR

    CajunR Private E-2

    OK. I saved and ran the fixme.reg file and received the following:
    Information in C:\Documents and Settings\Owner.Hebert\Desktop\fixme.reg has been successfully entered into the registry.
    Clicked OK.


    I ran the C:\MGtools\GetLogs.bat file by double clicking on it, and attached C:\MGlogs.zip.

    The PC is running very quickly, but it takes forever to get online. I'm thinking this is a DSL issue though, as it comes and goes. I think we're all good. Please let me know if the log indicates any problems. I'll definitely keep running all the free cleaners you guys had me download!

    Thanks!
    Rob
     

    Attached Files:

    CajunR, Feb 2, 2009
    #7
  8. CajunR

    CajunR Private E-2

    I just unplugged my router and plugged it back in. Now we're cooking with grease!!!
     
    CajunR, Feb 2, 2009
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Your logs are clean.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    9. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Feb 5, 2009
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds