Help I have Malware and I cant get rid of it!

Discussion in 'Malware Help (A Specialist Will Reply)' started by inaudiblemelodie, Sep 20, 2008.

  1. inaudiblemelodie

    inaudiblemelodie Private E-2

    Yesterday I was on Limewire and I apparently downloaded some sort of malware or trojen. I started getting random popups so I ran Spybot. It came back with Smitfraud-c.gp I removed it but I was still getting pop ups. I searched your forums and found one on removing Smitfraud. I followed those steps but am still getting it. I ran superantispyware, spybot, malwarebytes, combofix, and mgtools and have included some reports from those. PLEASE HELP!!!!
     

    Attached Files:

    inaudiblemelodie, Sep 20, 2008
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please Disable Spybot's TeaTimer

    * Run Spybot and click Mode
    * Select Advanced Mode.
    * Then click Tools and select Resident.
    * Now in the right window pane, uncheck TeaTimer.
    * Also while this is open, in the left column now select IE Tweaks
    * and then in the right pane make sure all the Miscellaneous locks are unchecked.
    * Now quit Spybot!

    Now use add/remove programs to uninstall:
    Use windows explorer to find and delete:
    C:\WINDOWS\system32\48CXG8Qg.exe_
    C:\WINDOWS\system32\48CXG8Qg.exe
    C:\WINDOWS\system32\WyiO27EL.exe


    Now download FixWareout by LonnyRJones from one of the two below links and save it to your desktop.

    http://downloads.subratam.org/Fixwareout.exe

    http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

    * Run Fixwareout.
    * Click Next,
    * then Install,
    * make sure Run fixit is checked
    * and click Finish.
    * The fix will begin; follow the prompts.
    * You will be asked to reboot your computer; please do so.
    * Your system may take longer than usual to load; this is normal.

    When you run fixwareout, just follow the prompts, you will need to restart when prompted.

    After rebooting (restart) back into normal boot mode, make sure you have all web browsers closed.

    * Go into Control Panel -->Network Connections.
    * Right click on your connection
    * and click Properties.
    * On the Properties page, highlight Internet Protocol(TCP/IP)
    * Click Properties. This will bring up another page.
    * Select Obtain DNS Server Automatically.
    * Click the ok button. The page will close.
    * Press ok on the page in front of you.
    * Restart the computer.
    * Reconnect to the Internet using Internet Explorer.
    * Now come back here and attach the log from fixwareout. It is located at c:\fixwareout\report.txt

    Download and install:
    Java Runtime 6

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.
     
    TimW, Sep 20, 2008
    #2
  3. inaudiblemelodie

    inaudiblemelodie Private E-2

    :) First off I want to thank you so much for helping me. You dont know how much time and money I have put into this computer and how much I use
    it for school and work. I have attached the fixwareout file and the mglogs.zip everything seems to be ok so far. :major
     

    Attached Files:

    inaudiblemelodie, Sep 20, 2008
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Looking better....

    Run this: Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Now find and delete:
    C:\Temp

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now double click the MGTools/analyse.exe and get me the new log.

    Now tell me how things are running before we do our final clean up.
     
    TimW, Sep 20, 2008
    #4
  5. inaudiblemelodie

    inaudiblemelodie Private E-2

    Things are running great! Not a single pop up yet, and seems to run smoother.
     

    Attached Files:

    inaudiblemelodie, Sep 20, 2008
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know.....let's clean up.

    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    If you do get a success message, then it is time to do our final steps:
     
    TimW, Sep 21, 2008
    #6
  7. inaudiblemelodie

    inaudiblemelodie Private E-2

    It did take the registry edit, and i have cleaned up the rest that was on the list. Thank you so much for your help, things seem to be ok now.
     
    inaudiblemelodie, Sep 22, 2008
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know...safe surfing. :)
     
    TimW, Sep 22, 2008
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds