Help

Discussion in 'Malware Help (A Specialist Will Reply)' started by liltoots713, Dec 22, 2007.

  1. liltoots713

    liltoots713 Private E-2

    I have a lot of popups popping up that are slowing down my computer. Something called malware claims to be trying to delete them, but I think its more spyware. I need help trying to fix my computer.
     
    liltoots713, Dec 22, 2007
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Welcome to Majorgeeks!

    Best option is to follow the below instructions, also please if the popups have names, especially the thing thats claiming to be removing your malware as you are correct its also likely to be malware and in clicking it you will install more malware on your PC,

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    DavidGP, Dec 22, 2007
    #2
  3. liltoots713

    liltoots713 Private E-2

    I did all the cleaning of the computer with the spybot, combofix, mgtools, and avg antispyware. When i did the avg antispyware however it did not produce a report. I am not sure why. I attached the logs that were formed however. The malware is no longer on my desktop, but I'm not sure if its gone.
     

    Attached Files:

    liltoots713, Jan 8, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You must make sure that you always follow instructions when we specify where to download programs. You downloaded MGtools.exe to your Desktop and we specifically stated that it must be downloaded and run from C:\MGtools.exe.

    You also install Spybot Search & Destroy in the C:\MGtools folder. This is an veryBAD thing to do and could have potentially caused both Spybot and MGtools not to work properly. Uninstall Spybot now and install it properly into the suggested default folder given during the install.

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Uninstall the below old versions of software:
    Java 2 Runtime Environment, SE v1.4.2_03

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {C2AC219F-678B-46E5-A54F-17035D190651} - C:\WINDOWS\system32\ddayw.dll
    O2 - BHO: {d5647790-d16f-f618-37e4-64a94f4993cf} - {fc3994f4-9a46-4e73-816f-f61d0977465d} - C:\WINDOWS\system32\fncrtyfu.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [fc7b4e87] rundll32.exe "C:\WINDOWS\system32\gsnblgfd.dll",b
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
    O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe"
    O20 - Winlogon Notify: nnnmjki - nnnmjki.dll (file missing)

    After clicking Fix, exit HJT.


    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Check the 'Input script manually' box.
    • Click on the magnifying glass icon.
    • Copy everything in the Quote box below, and paste it in the box that opens:
    • Now click the 'Done' button.
    • Click on the traffic light icon and OK the prompt.
    • You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt
    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment


    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\Temp
    C:\Documents and Settings\Tiziana\Local Settings\Temp


    Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

    NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main ATF Cleaner menu to close the program.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

    Make sure you tell me how things are working now!
     
    chaslang, Jan 12, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds