Help with Read & Run Me First?

I just d/l'ed & unzipped GetRunKey & ShowNew as directed but cannot get them to install & run. Don't know what I did wrong?

 

Are you getting any error message ? There is infomation in the post where you download about an error which you may be recieving.

http://forums.majorgeeks.com/showthread.php?t=95941

 

Got past last problem, still running in safe mode, almost finished with read & run, trying to do online scan with bitdefender. Site says I need to install ActiveX Control because SP2 was detected on my computer, and there is a link to it, but when I click the link there is no option for ActiveX and the new page says "article doesn't exist". I think the page for online scanning must have changed or been moved because I got the "page not found" message with the link to bitdefender.com and got to it that way. Any ideas on how I can get this scan?

 

WHen it gives you the message about the ActiveX control a Yellow/Gold bar should appear at the top of the window (you should be using IE for the online scans not FF). If you click on this bar and select Install ActiveX Control.

 

I am using IE, and there is no yellow bar. I've been back to the page several times and tried to do this but I really think the page has changed and the part where they give you a link to install ActiveX is gone. Is there another way I can get it? I'm still in safe mode.

 

press refresh (F5 or view --> refresh) to make IE redownload the page entirely. It should then reask you to install the control

 

I've just finished the read & run me first. The files are attached in two seperate posts. If someone could look at them and let me know what to do next, I would really appreciate it.
GetRunKey
Show New
BitDefender - found KillApp and couldn't disinfect it but deleted it.
In next post....
PandaScan
HJT

 

Logs attached:
PandaScan
HJT
see previous post.

 

Ok rename the file back to fix adobe.

I am not going to be able to work up a fix at the second, but I will be around tomorrow. One of the other guys may be able to help you, if not i'll be back tomorrow.

@Chas if you DO read this feel free to carry on, if not i'll be back later

 

You meant to rename the HJT file right? I renamed to analyse and now back to fix adobe. Just making sure.

 

Please ignore that post. its not related to this thread.

Before I start digging throgh your logs can you tell me what malware issues you are having ? WHat are the symptons ?

 

Well, I started this post in the software forum because I d/l'ed SP2 and started having problems with programs & web pages freezing, and general slowing down with opening and closing programs as well asshutting down & rebooting the pc itself. Tim felt as if it was a malware issue and advised me to post here. I've done the whole read & run thing and found several infections. Now I need to know how to clean them up.

 

You have (possibly amongst other things) a wareout infection, please run the steps in this WareOut Removal thread

After you've done that please post a new HJT log and new ShowNew log

 

Attached are the report.txt and HJT logs. Please let me know what you find. Thanks for your help Matt. (that's my son's name )

 

OK.... that didn't fix quite as much as I would have liked, lets do it manually!

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.


Boot into

Search for each of the below files using windows (Start --> Search --> Find FIles and Folders) and delete each occurence.

you will need to make sure that the search includes hidden files and folders and inclused searching in system files and folders by clicking on the advanced options.

Let me know how things are running after that!

 

Sorry that should read Boot into safe mode

I think I messed up the color tag

Thanks for the eagle eye tim!

 

OK, ran HJT & fixed specified items. Did the search but didn't find any of the files you listed. Ran HJT again and attached the log. PC is still not loading properly. What about the Backdoor Trojan thing and the KillApp? Are they gone?

 

Popcap is 'technically' adware and I recomend you uninstall it, however its a bit of a gray area and as adware goes I don't think its hugely bad.

You do still have some issues, I am trying to go thorugh this step by step as big long fixes are often hard to follow.

Did you run CCleaner ? Your temp folder shows a lot of files it should have removed.

Reboot into safe mode.

Navigate to and delete the following files: (if you can't find a file just move on to the next one. let me know which ones you can and can't find.)

Reboot into normal mode and see how things are running now.

 

Found the first two in C:\recycler. Must have forgotten to empty the bin, sorry.
Found the last one on the C drive and deleted it.
Attaching a new HJT log. Let me know how it looks please. Thanks

 

In the recycle bin! Somethings already deleted them then!

Can you rerun activescan for me and see if they are really gone!

The file bitdefender is reporting is something to do with HP called Backweb , is your computer a HP computer ?

 

Yes it's an HP Pavillion about 2 yrs. old.

 

Yes it's an HP Pavillion about 2 yrs. old. ActiveScan log is attached.

 

Copy the below text into notepad and save it on the desktop as fixseekmo.reg

Note the file extension .reg you will need to goto File --> Save as and type it fully in to filename box and select All Files from the File type dropdown box.

Once you have saved it close notepad and run the file from the desktop by double clicking on it. Then select Yes to merge it with the registry.

User explorer to navigate to and delete the following file:

How is your computer running now ?

 

Matt;
I've done as you instructed. And I deleted some other nasty stuff that was in that file. Matt, I'm a Christian lady so if you see anything inappropriate on my pc, please let me know so I can get it off of here. I wouldn't want it seen by anyone I know! Especially my Pastor!!! (probably d/led by my 22 yr old son who doesn't live here anymore.) Should I run another HJT scan and attach the log? Thanks again for your help and quick replies. I really appreciate it!

 

I think your clean now but theres no harm in running another scan. There used to be an online scanner that would scan for the kind of thing you are worrying about but I can't remember where it is if I can find it I will let you know.

 

New HJT scan log attached. Would you please check just to make sure everything is gone? Thanks a bunch!

 

You forgot to attach the log

 

Oops! duh! Let's try this again.............

 

You seem to be clean now!

Your Java runtime environment is out of date, please uninstall all versions of the Java RUntime ENvironment and install the latest Sun Java Runtime Environment 5.0 Update 8

And then your done!

Please have a read of this thread on How To Protect Yourself From Malware