Help with Anti-Virus Program Removal?

shanrene123 · Jul 30, 2009

I am attempting to work through the Read-Run Me section for a friend's desktop pc a Dell-Dimension 2400 that's running Windows XP OS. I am still working on Step 1 in the Read-Run Me Section. I am unable to get it online, but have gotten Sun Java & CCleaner installed via downloading to another pc & using a CD. It is already in "Normal Start-up" when I checked via "Run...msconfig". My question at this point is: *Has anyone heard of "Personal Antivirus"? I have no idea where it came from or if it's even safe! It keeps popping up with "Critical" this & that, saying there is "Trojan.Win32.Agent.azsy" and "Bloodhound.PDF.8". An interesting point here is that it's running in the system tray, but will not close when I right click on it there. It also is NOT listed at all in Control Panel under Add/Remove Programs so I cannot uninstall it there. It wasn't on Geek's list of "Uninstall Malware via Add/Remove Programs", so is it safe, but just being a pain in the a...?! It has never been "registered" and I cannot find anything it has quarantined to clean out. I also do not see another Anti-Virus Program installed on this pc. I plan to run on through the Read-Run Me list, but may have to do much of it in Safe Mode. The pc also will not start in Safe Mode with Networking Support! Any suggestions at this point would be much appreciated!:confused Thank you so much! Shanrene

shanrene123 · Jul 30, 2009

I hope this doesn't count as "bumping" but I did not think I should start a new thread since this is regarding the same infected pc, as mentioned above. I was able to work through the Read & Run Me sections and have attached the log files. I had to run the cleaning files off a CD, but was able to get connected to the internet long enough to update them. I could not get online to allow Combofix to finish with the restore point part, but ran it anyway. Hope I did as instructed. This one has been very difficult!

Thanks so much in advance for any suggestions! Shanrene

shanrene123 · Jul 30, 2009

Here are my other log files. Thanks!!! P.S. I cannot seem to get my ComboFix log file to attach. It's saying it is too large. I'll check in the Read-Run Me section to see if there is a note about what to do if this happens & try again tomorrow. Hope I didn't error in running this one:confused Otherwise, any suggestions would be most appreciated! Shanrene

TimW · Aug 1, 2009

It would appear as thought the scans took care of the malware. However, I would like to see the combo log. You may have to zip it.

shanrene123 · Aug 1, 2009

Ok, thanks so much, Tim! I zipped the Combofix log and attached it. Hope I did this right. I will wait to hear from you before I do anything else. Thanks, Shanrene

TimW · Aug 1, 2009

I see why it was so large. Now try putting it where we ask you to install it....i.e. your desktop, not:
Running from: D:\ComboFix.exe

shanrene123 · Aug 1, 2009

Thanks Tim! Ok, trying again. This pc is finally online so I was able to reinstall Combofix directly to the desktop & run it from there...see attached log. Internet Explorer is messed up badly, so I installed Mozilla Firefox, and it is working ok so far. Thanks for your time! Shannon E.

TimW · Aug 4, 2009

Your Combo log is clean. The issues with IE should be addressed in the software forum.

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Log in or Sign up

Help with Anti-Virus Program Removal?

shanrene123 Private First Class

shanrene123 Private First Class

Attached Files:

SUPERAntiSpyware Scan Log - 07-30-2009 - 20-10-51.log

mbam-log-2009-07-30 (20-55-44).txt

RRLOG.TXT

shanrene123 Private First Class

Attached Files:

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

shanrene123 Private First Class

Attached Files:

ComboFix.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

shanrene123 Private First Class

Attached Files:

ComboFix.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member