Infected Computer - Unwanted spyware programs

Discussion in 'Malware Help (A Specialist Will Reply)' started by badreligion93, Mar 18, 2009.

  1. badreligion93

    badreligion93 Private E-2

    Alright well recently I just came back to my computer, and found a bunch of spyware removal software that I never installed. I deleted the file that caused it, but I can't seem to open any of my anti-virus software, lke super anti-spyware or malwarebytes or spybot. I also get a ton of internet ads about some my computer having a virus. Since I can't access any of my anti-virus software, is there anything you can do to help me?
     
    badreligion93, Mar 18, 2009
    #1
  2. badreligion93

    badreligion93 Private E-2

    Unwanted Spyware Remover and Adware

    Alright well recently I just came back to my computer, and found a bunch of spyware removal software that I never installed. I think it was called WinPcdefender.exe or something. I deleted the file that caused it, but I can't seem to open any of my anti-virus software, lke super anti-spyware or malwarebytes or spybot. I also get a ton of internet ads about some my computer having a virus. Since I can't access any of my anti-virus software, is there anything you can do to help me?

    Sorry for the repost, but I actualy got MG tools to work, so I ran that, but i coudln't attach it to that post, and I didn't want to reply and make it seem like someone had already checked and answered my question. Sorry about that!
     

    Attached Files:

    badreligion93, Mar 18, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you actually attempt to run the READ & RUN ME as required step by step? Did you try renaming program files as suggested to get them to run? It does not look like it. I don't see combofix.exe on your Desktop and also your version of MGtools is way out of date.

    The below should have been uninstalled in step 1
    Java(TM) 6 Update 10
    MyWay Search Assistant
    Viewpoint Media Player


    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: IEocx Class - {96ad72e4-2e2b-4ffc-a5bb-279c2714af12} - C:\WINDOWS\ieocx.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
    O4 - HKCU\..\Run: [sysav] C:\Documents and Settings\Rishi\Application Data\pcdefender.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7CF34F78-0DC2-4166-9DD0-94895D6FC424}: NameServer = 85.255.112.179,85.255.112.61
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.179,85.255.112.61
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.179,85.255.112.61

    After clicking Fix, exit HJT.


    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
    Now run Ccleaner!
    Now try running SUPERAntiSpyware, Malwarebytes, and ComboFix per the instructions in the READ & RUN ME.

    Now goto this link Using MGtools and download the new version of MGtools.exe from the black bold print link in the first sentence. Overwrite your previous MGtools.exe file with this one.


    Then attach the below logs:
    • C:\avenger.txt
    • the SUPERAntiSpyware log
    • the Malwarebytes log
    • C:\combofix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    Last edited: Mar 20, 2009
    chaslang, Mar 20, 2009
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds