got malware, Avira and windows update still won't work

Discussion in 'Malware Help (A Specialist Will Reply)' started by tvrb, May 29, 2010.

  1. tvrb

    tvrb Private E-2

    Ok so yesterday i got infected >.<
    When I realized it I held down power for 8s and shutdown. then i opened in safemode and ran malware, getting rid of a few things.

    Then I came here, read a forum post, and proceeded to follow the READ & RUN ME FIRST guide.

    I have windows 7 - 64bit.

    CCleaner - ran, deleted ~2GB of junk.
    SUPERAntiSpyware - downloaded and ran, log attached (found stuff).
    Malbytes - had installed already and ran and detected some bad things, log attached.
    Combofix - have 64bit os; couldn't run.
    Root Repeal - 64 Bit OS; couldn't run.
    MGtools - downloaded and ran, attaching log.

    My issue is that Avira still won't open and windows update won't work (I have 2 optional updates, that I found out from this forum might be causing my Chrome not to work ... ff works thankfully).

    Avira message is "The application has failed to start because its side-by-side configuration is incorrect. Please see the application even tlog or use the commend-line sxstrace.exe tool for more detail."

    Please assist!
     

    Attached Files:

    tvrb, May 29, 2010
    #1
  2. tvrb

    tvrb Private E-2

    i forgot to mention that i also couldn't update SUPERAntiSpyware(--but i can update malbytes np). The error I get is that "There was an error trying to retrieve definitions. Make sure your firewall is not blocking SUPERANTISPYWARE.EXE from accessing the Internet." --However I have tried with windows firewall both on and off (only firewall on my computer...).
     
    tvrb, May 29, 2010
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The only thing I am seeing is this:
    C:\Users\Tucker\AppData\Local\ccnphpojw

    But your MGlog did not contain the RunKeys log. Please run this and attach the log:
    C:\MGtools\GetRunKey.bat
     
    TimW, May 29, 2010
    #3
  4. tvrb

    tvrb Private E-2

    Thanks for the quick response!

    I found the folder you mentioned in \Local\ and deleted it.
    I then tried to run GetRunKey.bat, but it does NOT work on 64 bit OS. (I tried to run as Admin and in different compatibility modes.)
    Is there another way to check RunKeys?

    I'm very concerned that my windows update doesn't work and my Avira doesn't work. Could there be something I missed that is preventing these programs from working?

    Thank you very much for your help.
     
    tvrb, May 29, 2010
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Sorry, brain fart.

    Run this:
    C:\MGtools\GRK64.bat

    You may need to uninstall Avira, run CCLeaner and then after a reboot, try to re-install it.
     
    TimW, May 29, 2010
    #5
  6. tvrb

    tvrb Private E-2

    Here is the RunKeys file. Thanks for pointing out the correct .bat.

    I uninstalled Avira, ran CCleaner, and then will restart after this post.
    Thanks for the help so far!
     

    Attached Files:

    tvrb, May 29, 2010
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good, that was clean also. It is looking like you may just need to post in the software forum for those two issues. I am not seeing any malware at the present time.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:

     
    TimW, May 29, 2010
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds