help with downloader malware

Discussion in 'Malware Help (A Specialist Will Reply)' started by mickskillz, Mar 24, 2008.

  1. mickskillz

    mickskillz Private E-2

    I have been infected with a trojan virus and some downloader malware. It's making my computer lag. I've run all the programs requested and have attached all the logs. Please help.
     

    Attached Files:

    mickskillz, Mar 24, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Your problems may not be due to malware. Let's correct a few things and see what happens.

    Question: What exactly to you use YahooWidgets for and why is in running multiple times?

    Uninstall the below software:
    J2SE Runtime Environment 5.0 Update 10
    SUPERAntiSpyware Free Edition <-- we are finished with this now
    Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O3 - Toolbar: (no name) - {FEC04425-2553-44B9-AB6E-FE5B2FA1D963} - (no file)
    O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - Global Startup: Spy Sweeper Updater V 2.0.0.lnk = ?

    After clicking Fix, exit HJT.

    Now reboot your PC.

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

    Then attach the below log:
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Mar 25, 2008
    #2
  3. mickskillz

    mickskillz Private E-2

    did everything you instructed me to. The computer boots very slow and takes a while to actually begin the restart process once I click on RESTART. Seems to be running better though, I don't have any mouse lag like before. I'll monitor it closely for the next day or so. Also which program do you recommend. AVG 7.5 or full version of superantispyware. I have access to basically any spyware program and am just wondering which one is best. I though AVG was best, so i was using that in place of my outdated spysweeper. Thanks again for the help
     

    Attached Files:

    mickskillz, Mar 25, 2008
    #3
  4. mickskillz

    mickskillz Private E-2

    Update: Computer is still running with lag. I check my process tabs in task manager and it shows nothing running or taking up memory. I'm lost, please help. Any suggestions
     
    mickskillz, Mar 25, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I see you still have SUPERAntispyware installed and that it is the professional version. It will slow down startup. All protection software does. And currently you are missing 2 major components of protection. And those are an antivirus and a firewall. When you install them, startup will take even longer but this is necessary to provide you proper protection. Restarts can also take longer due to having more software to shutdown. This is normal.

    If you are going to purchase SUPERAntispyware Professional, I recommend that you uninstall AVG Antispyware.

    These only provide you with protection if you purchase them, otherwise they are only after the fact scanners after a trial period.


    As I stated in my first message, this is not due to malware based on your logs. You should check into the things you are running and decide whether any of them can be uninstalled.

    Why do the below need to be running at startup?
    O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] "C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE"
    O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
    O4 - HKLM\..\Run: [MDDiskProtect.exe] "C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe"

    What are the below and why do these need to always load at startup?
    O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe


    If you wish to continue on debugging why your PC is slow, I suggest you continue in the Software Forum as you are not having malware problems. You can however have HijackThis (analyse.exe) fix the below unnecessary startup. Just check for updates on your own.
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
     
    chaslang, Mar 25, 2008
    #5
  6. mickskillz

    mickskillz Private E-2

    okay. sounds good. I just removed the selected startup programs as they are indeed unnecessary. My pc seems to working a little better, i just get random mouse lag. Might be a logitech software issue. Thanks a lot for your help, and I will continue to post within the forum.
     
    mickskillz, Mar 25, 2008
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. If you are not having any other malware problems, it is time to do our final steps:
    2. Uninstall COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
      • Click START then RUN
      • Now type cf /u in the runbox and click OK.
      • Note: The space between the cf and the /U, it must be there.
    3. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    4. After doing the above, you should work thru the below link:
     
    chaslang, Mar 25, 2008
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds