Help with Error Message From RootRepeal

I received the following error message while trying to clean my computer from a suspected virus or hacker.

I can't view the directory with windows.
Can someone tell me how to find and delete this folder from my external hard drive, and get rid of this problem?

P.S. I'm new to this forum and don't know much about computers.

 

Welcome to MajorGeeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

If any of the scans will not run or download move on to the next one and let me know what happened like if there were any errors or if they just wouldn't download or run.

Also be sure to look here. HOW TO: Attach Items To Your Post

 

Thanks evilfantasy.

I'm enclosing a folder with all the requested logs. I run Norton Ghost on my external drive and don't want to delete my back ups. But I'm needing help cleaning up my problem.

I'm tight on finances, but need recommendations on what you consider the best firewall and antivirus anti-malware program for reasonalble cost for Windows XP SP2.

 

One more thing. Here's the latest RootRepeal Error Log.

 

We will get to that after this next step. We will get you set up with good free security software.

Why haven't you updated to SP3?

Download the MBR Rootkit Detector to your desktop.


* Doubleclick mbr.exe and follow prompts.
* A black DOS window will quickly appear then disappear.
* When mbr.exe is finished it will create a log on your desktop.
* Attach the contents of that log file to your next reply.

I also need the MGlogs.zip file to be attached.

 

My motherboard won't supporty SP3.
How do I change sub quote to "It's simple, fight or Die!" I retired as an E-7, not an E-2.

 

Here's those files.

 

Really. :confused

I don't understand.

 

I uploaded SP3 and had major problems. I contacted Microsoft Windows Support and they took control of my laptop (Toshiba Satellite A75 S226 (about 10 years old).

After they finished, they had spoke to me on the phone, uninstalled SP3, and had me do a restore my computer off my original recovery disk. They told me that my motherboard extras, (sound system, ect) wouldn[t support SP3. And they told me to no longer take automatic updates, but to do updates based on service pack 2.

 

On the left under my pen name says Private E-2. I retired as an E-7, and instead of Private it would be MSGT.

But "It's simple, fight or die!" would be better than Private.

 

I see. I have never heard of that issue before. Thanks.

Gotcha. The more posts you have the higher the "rank".



You are running both TeaTimer and the Spyware Terminator Shield. This could be causing problems as well as decreasing performance. I would pick one and disable the other. But for now we need to disable both so they don't interfere with the fixes we make. Please leave them turned off until we are done.


Disable Spybot's TeaTimer

1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol). Choose Exit Spybot S&D Resident
2. Run Spybot S&D
3. Go to the Mode menu, and make sure Advanced Mode is selected.
4. On the left hand side, choose Tools > Resident
uncheck Resident TeaTimer and OK any prompt and Restart your computer.

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

If TeaTimer will not turn off then uninstall Spybot until we are done cleaning.


I'm not sure how to disable the Spyware Terminator Shield. I think you just right click the icon in the System Tray and exit out of it. Personally I would just uninstall it altogether.


Go to Add or Remove Programs and uninstall:

• Crawler Toolbar
• Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines (if found) but DO NOT CLICK FIX Checked until you exit all browser sessions including the one you are reading in right now:

• O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
• O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
• O8 - Extra context menu item: Crawler Search - tbr:iemenu
• O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

After clicking Fix checked, exit HijackThis.



Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger or Windows Live Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.



Now install an antivirus and firewall.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 // MSE 64 bit Download
4-a) Microsoft Security Essentials for Windows XP



Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo HopSurf..", Ask.com search provider" and "Make Comodo HopSurf.com Search my homepage"
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus



Go ahead and run a scan with the antivirus and let me know if it finds anything and how the computer is running now.

Also, don't worry about the RootRepeal errors. It happens often and I can't really explain why.

 

Thanks for all your time, and work.

I'm very concerned about those folders that RootRepeal Error Log noted. Especially since I got an e-mail from paypal stating

We have reason to believe that your account was accessed by a third party.
We have limited access to sensitive PayPal account features in case your
account has been accessed by an unauthorized third party. ​

I want to be able to see and remove those folders/files.

I am currently running full system scans by Avast Home, and by Comodo.
I had Avast many years ago, but it kept my e-mail full of junk mail so I dropped it. I'll give it a chance again.

You should take a look at Spyware Terminator, http://dnl.spywareterminator.com/install/sap_landing_spyware_terminator.aspx?tbid=60287&banner_id=GGL_CT_ppc_60287_01_04_176FREE_*GeoUSCA*_-Search-__spyware%20terminator&utm_source=google&utm_medium=cpc&utm_campaign=ppc-01&utm_term=spyware%20terminator with it's firewall. It's free.
However the problem occured while I was using Spyware Terminator, so it isn't as good as I thought.

I'm going to renew my pay version of http://www.iobit.com/ (Advanced SystemCare Professional).

But I'd like your suggestion for a very good pay version of a firewall, that will allow me to view anything on my computer.

To disable Spyware Terminator (A Blue Shield with a White X on it), right-click the shield and move the mouse over "Adjust Real-Time Shield Mode", then select "Disable".

I will wait for your suggestions.

 

I have another question.

I suspect Windows Live and its add-ons. I think I should remove it and all its subfolders.
I don't use them.

What do you think?

 

Rootkit scanners don't always work well on every computer. We will try another scanner but from your other logs I didn't see anything to be concerned over. See what Avast turns up and we will go from there.

I know about Spyware Terminator and I don't suggest that anyone use it. There are better scanners like the ones used in the READ ME.

The paid version of Online Armor has more features and is a very good firewall. http://www.tallemu.com/products-online-armor-premium.php

Download GMER Rootkit Detector and save it your desktop.

Your choice but you really don't need to pay for what can be had for free. MG's Top Freeware Picks



* Extract it to your desktop and double-click GMER.exe
* Make sure all of the boxes on the right of the screen are checked, EXCEPT for "Show All".
* Click the Rootkit tab and then Scan.
* Don't check the Show All box while scanning in progress!
* When scanning is finished click Copy.
* This copies the log to clipboard
* Post the log in your reply.

 

Thanks. I had to remove Comodo and start my Avast scan again. After the scan is complete, I'll try Comodo again.

I'll take a look at Armor, if Comodo lock up my windows start up, again.

What do you think of removing Windows Live and its components?

 

Anything you don't use I would remove. It's easy enough to install it again if you decide you need it later.

You are just installing the Comodo firewall and not the entire Security Suite right?

 

INDENT]

I can't get Comodo Firewall to work with my Windows XP SP2. The Windows Starting page locks up.

I'll try the Armor and see if I can get that to work.

The Comodo didn't find any viruses, and neither did the Avast. The Avast Boot Check found some corrupted files, but no viruses.​

 

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Go to the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

 

GMER Rootkit Detector will run, but locks up before it's finished. I tried to save the log, but I don't see it anywhere.
I had the cut the computer off with the power button and then turn it back on.

 

Boot the computer into Safe Mode and try that way.

 

Here's the GMER Log.

 

I still don't think there are any issues as far as malware.

 

Thanks. I purchased Online Armor++ 2 years for $30.00, on the "Give Away of the Day". I'm still learning how to use it, but I want to get rid of those files on my E drive that can't be viewed by windows. I don't know much about DOS commands but I think DOS commands can view them and delete them.

Thanks again for all your help and time.

 

Post your question in the Software forum. Someone there will have some good suggestions.