Great stuff.

Discussion in 'Malware Help (A Specialist Will Reply)' started by ArtWyrm, Mar 28, 2009.

  1. ArtWyrm

    ArtWyrm Private E-2

    Well, I posted in the introduction area and was well received. I appreciate that. I guess this is the part where I inform you of my problems. I will try not to be overly verbose and cut through the fecal matter.

    Problems:
    1. My anti-virus programs will not run.
    2. If I use any browser other than Google Chrome to go to this site it redirects me to various other sites which concern themselves with pop culture.
    3. The ads are questionable.

    I followed your malware instructions in the "READ & RUN ME FIRST. Malware Removal Guide". But for obvious reasons there were certain steps which were impossible. I did however download all of the software within the guide, but unfortunately I could not install the SuperAntiSpyware. Again, my computer would not allow it. It behaved in the same fashion my other virus cleaners have upon clicking them. Complete inactivity. I will admit and not sugar coat anything, my browsing habits have not been saintly. Although, I haven't done anything recently which would cause something of this severity to occur. The only thing I could think of would be that a friend of mine brought his external hard drive to show me some things not too long ago. I'm just searching for anything that would be the definitive catalyst.

    I ran AVG, and of course it said there were no threats found. It is the only one that works for me, but it will not update. Anyways thanks for hearing me out. I know all of you are very busy individuals. I can empathize. Thanks again.
     
    ArtWyrm, Mar 28, 2009
    #1
  2. ArtWyrm

    ArtWyrm Private E-2

    I am so sorry. I forgot to attach the log. I can't help but feel a bit intimidated here. Strange.
     

    Attached Files:

    ArtWyrm, Mar 29, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let's start with this:

    Please Disable Spybot's TeaTimer

    * Run Spybot and click Mode
    * Select Advanced Mode.
    * Then click Tools and select Resident.
    * Now in the right window pane, uncheck TeaTimer.
    * Also while this is open, in the left column now select IE Tweaks
    * and then in the right pane make sure all the Miscellaneous locks are unchecked.
    * Now quit Spybot!

    Run this: Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Please use add/remove programs to uninstall:
    Java 2 Runtime Environment, SE v1.4.2_03

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now use windows explorer to find and delete:
    C:\Program Files\MyWebSearch
    C:\Program Files\Uninstall Fun Web Products.dll
    C:\WINDOWS\mexvoywo
    C:\WINDOWS\system32\prsjipaq.dll
    C:\WINDOWS\system32\dumlipst.dll
    C:\WINDOWS\system32\rphiux.dll
    C:\WINDOWS\system32\xunmmbix.dll

    See if you can now run SAS, MBAM and COmbo fix
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file. And attach the logs from the scans that you can run.
     
    Last edited: Apr 1, 2009
    TimW, Apr 1, 2009
    #3
  4. ArtWyrm

    ArtWyrm Private E-2

    I apologize, but my Spybot is non-functional. I can do the rest, though. Should I go ahead, uninstall Spybot, and continue with the other steps?
     
    ArtWyrm, Apr 7, 2009
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes....please do as TeaTImer is likely to stop the fix from working.
     
    TimW, Apr 10, 2009
    #5
  6. ArtWyrm

    ArtWyrm Private E-2

    Hey, thank you very much for taking the time to help me. Unfortunately, it still doesn't allow me to run SAS, or any of the other programs. I did what you asked, but there was one file that wasn't there for me to fix using MGtools...

    O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.74,85.255.112.102

    I'm sorry for the inconvenience. I followed every step, but I am also not very good with computers. I attached the current log. Thanks again.
     

    Attached Files:

    ArtWyrm, Apr 25, 2009
    #6
  7. ArtWyrm

    ArtWyrm Private E-2

    Oh, and for some reason, this is the only website I can go to now. At least that's good.
     
    ArtWyrm, Apr 25, 2009
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Did you set up the use of a proxy server? I suggest you check those settings as that is the most likely thing that is stopping your browser:
    Your temp files are overflowing!!
    Please run CCleaner and then go back and empty what ever is left:
    C:\WINDOWS\Temp\
    C:\Documents and Settings\Franco\Local Settings\Temp\

    We can remove a dead reg key, but this is not the cause of your problems.

    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    You have one item in your log that I am not sure of, so I want you to use windows explorer to find and then rename....add a .old after the .sys
    C:\WINDOWS\system32\AD2B20F563.sys

    If everything continues to wrong without problems....we can delete it.

    But what I am telling you is that your logs are clean.
     
    TimW, Apr 25, 2009
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds