Hacked/Virus?

Discussion in 'Malware Help (A Specialist Will Reply)' started by antoine9251, Jan 24, 2013.

  1. antoine9251

    antoine9251 Private E-2

    I have absolutely no clue as to whats going on with my Password protected computer. I start it and after awhile it sleeps. Today when I went back to it the log on screen appeared so I logged on again. It did that throughout the day. The last time it said 'Incorrect Password' before I tried to log on. Searching online I saw that the 'no password from sleep' has to be checked. Mine was.
    I wanted to do a System Restore [I created a restore point last week]. That was gone and the only restore point was for 1/22/13 after a Windows Critical Update. I have my updates downloaded and I chose which ones I want, I wasn't asked about this one. I checked the Updates settings and it was set to Automatic, I didn't change it.
    I then tried opening Yahoo Messenger and was told I'm locked out. Searching that I found that if someone tries to log-on enough times, as a security feature, the program gets locked. It wasn't done by me.
    I ran Malwarbytes, Superantispyware Pro and Avast boot scan and nothing.

    I did Restore back to the only restore point available, and my computer log-on seems normal now. I reset the changed settings and got a new Yahoo password. What should I be looking for from this point and how do I lok for it. Sorry for the lenght of this but theres a lot of issues. Thanks in advance
     
    antoine9251, Jan 24, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Jan 24, 2013
    #2
  3. antoine9251

    antoine9251 Private E-2

    Heres the scan logs, and thank you for your quick reply.
     

    Attached Files:

    antoine9251, Jan 25, 2013
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You have some junkware to cleanup. Not sure this is the cause of your problems, but let's clean it up and see what happens.


    Please download OTM by Old Timer and save it to your Desktop.
    • Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe

:Files
C:\Program Files (x86)\Consumer Input
C:\Program Files (x86)\Spyware Terminator
C:\Users\antoine9251\AppData\Local\Temp\*.*

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Consumer Input Update"=-
[HKEY_USERS\S-1-5-21-3990268639-3756202195-1232774847-1001\Software\Microsoft\Windows\CurrentVersion\run]
"Consumer Input Update"=-
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D7B913FA-41D5-4842-8BAA-2C3F1F57484E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Jan 26, 2013
    #4
  5. antoine9251

    antoine9251 Private E-2

    Heres the OTM log, the Getlog.bat file ran then gave me a message MGlogs.zip failed to be created. Anyway, my computer seems to be back to normal as no odd behavior has happened. Come to think of it, aside from the Yahoo Messenger thing which I found happenes to a lot of users, all my problems started after a Windows Critical update. If nothing else needs to be done, I want to sincerely thank you for your time and efforts.
     

    Attached Files:

    antoine9251, Jan 26, 2013
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    3. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    5. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Jan 26, 2013
    #6
  7. antoine9251

    antoine9251 Private E-2

    Everythings completed. I've had Malwarebytes for years and scan once a week. I also use Superantispyware and Avast boot scan weekly so I feel/felt pretty safe. Thanks again chaslang
     
    antoine9251, Jan 26, 2013
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Jan 26, 2013
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds