Got the not-a-virus blues...

Discussion in 'Malware Help (A Specialist Will Reply)' started by Justshootme, May 30, 2008.

  1. Justshootme

    Justshootme Private E-2

    Discovered this thing in my (System volume information): "not-a-virus:AdWare.win32.Mostofate.cg" with Kaspersky scan. Even my Comodo Anti-virus AND firewall couldn't catch. I would like to past several scans, ComboFix being the latest. (I can't down load and scan Kaspersky or Superspyware for some reason). Please help. My spybot software didn't detect this. and I have already ran CCleaner last evening to clean out what I could. Any help would be appreciated.
     

    Attached Files:

    Justshootme, May 30, 2008
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    No program will remove files in the system restore folder...you need to disable system restore, turn off the computer, boot back up and re-enable system restore.

    Are you having any other issues....If so:
    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    TimW, May 30, 2008
    #2
  3. Justshootme

    Justshootme Private E-2

    Re: "Not-a-Virus"...

    I have run all of the steps in the Read & Run Me First to the best of my ability and I am ready to post several logs. The problems I experienced that first made me suspicious included:
    1. Emails with no "to" or "from"
    2. Programs ending abruptly
    3. 3 blue screen crashes
    4. Windows updately not able to download
    5. Hard drive grinding away with activity
    6. Opened my Comodo Firewall Pro to find "blocked suspicous attempts" to number 1,700+ (the numbers were literally flying by like an odometer!)

    Comments on the scans:

    SUPER Antispyware found nothing.

    Spybot S& D found something interesting:

    Common Dialogs: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explore\ComDig32\OpenS..."
    Not sure what this is!

    Could not do Combofix scan again; this caused another blue screen crash.

    Also ran my CCleaner.

    So, I only have my SUPERAntiSpyware log to post. Hope you can help me.

    Also, I did disable System Restore and re-booted my system. The hard drive was "quieter" - that the only way I can describe it, and I check my firewall status and the intrusion attempts I mentioned weren't occurring.

    Could not run Malwarbytes Anti-Malware at this time due to a lack of funds.
     

    Attached Files:

    Last edited: May 30, 2008
    Justshootme, May 30, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to complete ALL of the READ & RUN ME and attach all of the requested logs. I don't know what you are referring to about Malwarebytes. It is a free tool. I suggest that you run it and then retry ComboFix after shutting down your antivirus. If it still does not run, try to run it in safe boot mode. Either way continue on with ALL steps.
     
    chaslang, May 31, 2008
    #4
  5. Justshootme

    Justshootme Private E-2

    Ready for 'not-a-virus' removal help...

    This is the first of two email for malware removal help. I explained my problems in previous emails but had trouble running some of the scans. Next email to follow will have SASlog.
     

    Attached Files:

    Justshootme, Jun 2, 2008
    #5
  6. Justshootme

    Justshootme Private E-2

    Ready for 'not-a-virus' removal help...Part 2

    Here is my SAS log -- can't find my MBAM log - still looking.
     

    Attached Files:

    Justshootme, Jun 2, 2008
    #6
  7. Justshootme

    Justshootme Private E-2

    'not-a-virus' removal help...Part 3

    Found my MBAM log!!
     

    Attached Files:

    Justshootme, Jun 2, 2008
    #7
  8. abri

    abri MajorGeek

    Justshootme,

    I've merged your threads into this one thread. Please do NOT start a new thread each time you post. You need to come to the address for this thread and then use the Post Reply button. That will get all of your messages into one place. The address for this thread is http://forums.majorgeeks.com/showthread.php?t=160754

    abri
     
    abri, Jun 3, 2008
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs look clean.

    If you are not having any other malware problems, it is time to do our final steps:

    1 If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)

    * Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
    * "%userprofile%\Desktop\cf" /u
    o Notes: The space between the cf" and the /u, it must be there.
    o This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    * Delete the C:\cf folder from combofix.
    2 *If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
    3 *If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    6. If you are running Windows XP or Windows ME, do the below:
    * Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    * Then reboot and Enable System Restore to create a new clean Restore Point.
    7. After doing the above, you should work thru the below link:
    How to Protect yourself from malware!
     
    TimW, Jun 3, 2008
    #9
  10. Justshootme

    Justshootme Private E-2

    O.K., I understand about using the reply to post button. I am reposting and this is the first of two posts with all of my files.
     
    Justshootme, Jun 3, 2008
    #10
  11. Justshootme

    Justshootme Private E-2

    Second of two posts.
     
    Justshootme, Jun 3, 2008
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need not post unless you are still having malware issues....you must read the replies to your posts to find out what, if anything, you need to do next.....which was the final cleanup that I gave you.
     
    TimW, Jun 3, 2008
    #12
  13. Justshootme

    Justshootme Private E-2

    I apologize for the major brain freeze! Thank you for your patience and help. I deleted combofix correctly as well as MGtools. Should I keep/delete Malwarebytes or SUPERAntiSpyware?
     
    Justshootme, Jun 3, 2008
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Not a problem.

    I would suggest you keep those two for backup scans ....they are very good for those times when you think you may have troubles. :)
     
    TimW, Jun 4, 2008
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds