Here are the requested logs

Discussion in 'Malware Help (A Specialist Will Reply)' started by butterfly090965, Mar 5, 2009.

  1. butterfly090965

    butterfly090965 Private E-2

    Thanks for your help. I was able to remove the malware. Here are a couple of logs. I do not know how to get SUPERantispyware and MalwareBytes logs. If you want to see these and know where I would look for these please advise.

    also, which of these programs do I need to continue running? If any? I have down loaded spybot and the others required in the cleaning. Do I keep any of these or do I uninstall them?

    thanks again for your help.

    all good things,

    Maria
     

    Attached Files:

    butterfly090965, Mar 5, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    We need the MGlogs.zip file not a HijackThis log.

    The other two logs from SAS and MBAM can be found in the below folders. You have to substitute your real user account name where you see UserName

    C:\Documents and Settings\UserName\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs

    C:\Documents and Settings\UserName\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
     
    chaslang, Mar 7, 2009
    #2
  3. butterfly090965

    butterfly090965 Private E-2

    Alright, I think I may have done this right. I hope so anyway. Thank you once again for your patience and guidance.

    I will await your response.

    All good things,

    Maria
     

    Attached Files:

    butterfly090965, Mar 7, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay we have a little more to do.

    Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 11

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (file missing)
    O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (file missing)
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    After clicking Fix, exit HJT.

    Now we need to use ComboFix to remove a bunch of malware files.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Now goto this link Using MGtools and download the new version of MGtools.exe from the black bold print link in the first sentence. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

    Now attach the below log:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Mar 11, 2009
    #4
  5. butterfly090965

    butterfly090965 Private E-2

    I'm ready to follow your instructions chalang. I just wanted to let you know that every time I turn my computer on I am getting a reading that says "DEP has turned of WMI" or something of the sorts.

    Should I proceed with your instructions or is there something more you need me to do before I do that?

    Thank again I would be lost without you.

    All good things,

    Maria
     
    butterfly090965, Mar 12, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to give exact word for word error messages but this is most likely unrelated to malware.

    And yes you need to continue with my instructions.
     
    chaslang, Mar 15, 2009
    #6
  7. butterfly090965

    butterfly090965 Private E-2

    chaslang I did as you told me and removed the J2SE Runtime Environment 5.0 Update 6and have Java(TM) 6 Update 11.

    tried to open C:\MGtools\analyse.exe per your instructions and was taken to a black window with white letters. It began the scan on it's own. I could not continue to follow your instructions because no options were given. It just opened and started the scan.

    I tried right clicking also and same thing happened. The only option was Run or Cancel. Now when I right click it reads "run as..." I am thinking that this is were you said to run it from, but it does not specifically say admin per your instructions.

    I let it run cause it said do not stop scan. I am sending you the file. I am sorry. I don't know what I am doing wrong, but please bare with me. I am following your instructions to the tee.

    All good things,

    Maria:-o
     

    Attached Files:

    butterfly090965, Mar 15, 2009
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not run what I asked you to run. You ran C:\MGtools.exe. You need to run what I asked which is c:\MGtools\analyse.exe
     
    chaslang, Mar 15, 2009
    #8
  9. butterfly090965

    butterfly090965 Private E-2

    chaslang,

    I went back per your instruction and got as far as:

    # Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    # Follow the prompts.

    When I did this the following message came up:
    There is a newer version of ComboFix available would you like to update Combofix? 'Yes' or 'No'.

    I just clicked on 'No' and then I got the following message:
    Currrent date is Tue 0/17/2009. ComboFix has expired. Click 'Yes' to run in REDUCED FUNCTIONALITY mode. Click 'No' to exit. 'Yes' or 'No'.

    Needless to say, I clicked no again as I did not want to do anything without consulting with you first. That said, I shall await your next instruction and again thank you for your time, patience, and tolerance. I wish I could be better at this, but I am trying that I promise.

    One more thing... you mention to shut down all protection software, all I could do was to do it for the Resident shield in AVG Free edition. I could not find where to do it for the other security components of AVG Free edition like, Anti-virus, Anti-spyware, email scanner. I just don't know how or if perhaps by disabling the resident shield it takes care of that. However, while resident shield shows inactive the other to show active.

    Then I have the other software you told me to install like spybot, Super AntiSpy et. all the ones I downloaded while doing the READ & RUN ME. Do I try to disable those. I checked out Spybot but could not figure out how to disable.

    chaslang I am truly sorry for not being better at this, but I guess if I was, you would not be helping me out here. I have learned more than you could possibly know. For that I thank you so very much.

    All good things,

    Maria:confused
     
    butterfly090965, Mar 17, 2009
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to click Yes. ComboFix updates very frequently to keep up with malware. So you always need to use the current version.


    Just shutdown whatever you can and we will see from the logs if it caused any problems for us.


    No. They do not have any active protection.
     
    chaslang, Mar 20, 2009
    #10
  11. butterfly090965

    butterfly090965 Private E-2

    Here they are

    Chaslang,

    Here are the logs you requested. Thank you again for your guidance. Please let me know if I should do anything else.

    All good things,

    Maria
     

    Attached Files:

    butterfly090965, Mar 21, 2009
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKCU\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\Josephine York\Application Data\Macromedia\Common\3f3d00741.dll""

    After clicking Fix, exit HJT.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below log:
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Mar 23, 2009
    #12
  13. butterfly090965

    butterfly090965 Private E-2

    Here they are.
     

    Attached Files:

    butterfly090965, Mar 28, 2009
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Another bad entry popped up that was not there last time. Let's run another fix. You need to remember to answer my question when I ask you how things are running.


    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKUS\S-1-5-21-3470830891-921974597-2188053638-1008\..\Run: [rundll32.exe] rundll32.exe "C:\Documents and Settings\Cesar\Application Data\Macromedia\Common\3f3d00741.dll"" (User 'Cesar')


    After clicking Fix, exit HJT.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


    Then attach the below log:
    • C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    chaslang, Mar 31, 2009
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds