Infected PC

Discussion in 'Malware Help (A Specialist Will Reply)' started by mark59, Nov 3, 2014.

  1. mark59

    mark59 MajorGeek

    I believe that my PC (Hewlett Packard s5770uk-m) running Windows 7 HP (64 bit) SP1 might be infected with malware. Hitman Pro has found at least one item of malware. I initially suspected infection because I ran a scan with Malwarebytes Anti-Malware and it found a number of PUPs, which were quarantined. I attach the log from that scan as MBAMLog1.txt.

    I have run the Windows 7 Malware Removal/Cleaning Procedure on the infected PC. I attach the logs from the scans. As requested by this procedure I ran Malwarebytes Anti-Malware and the log from that scan is attached as MBAMLog2.txt.

    I honestly don’t know if this affects the scan results: after doing the RogueKiller and Malwarebytes Anti-Malware scans I had to go out prior to doing the other scans. Consequently, during this time the PC was logged off and turned off. Having returned I logged back on and completed the procedure.

    I’d be grateful if the logs were reviewed and informed what infection I have. I’d be grateful to receive instructions for dealing with it.

    N.B. Because I can only attach five attachments to this post I have written a second post with the MG log attached.

    Thanks, mark 59
     

    Attached Files:

    mark59, Nov 3, 2014
    #1
  2. mark59

    mark59 MajorGeek

    In this second post I attach the log from the MGTools scan.
     

    Attached Files:

    mark59, Nov 3, 2014
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You can rerun Hitman and remove that one item. Otherwise, I am not finding any malware in your logs.

    What issues are you having?
     
    TimW, Nov 3, 2014
    #3
  4. mark59

    mark59 MajorGeek

    Thanks TimW!

    I'm not having any issues that made me think there's something wrong with this PC.

    I had a problem with my other PC so in a bout of paranoia I began running malware checks on the PC whose logs are in this thread. Malwarebytes found several PUPs and I noticed one was called Search Protect, which was the name of the malware affecting my other PC.

    Because MBAM found these problems I thought I'd better run the Majorgeeks malware removal process.

    I suppose I ought to be glad it's only one thing and that Hitman's going to sort it.

    Thanks again I really do appreciate the time you guys give.
     
    mark59, Nov 3, 2014
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes and it's still installed. ;) It needs removing with something like Revo Uninstaller.
     
    Kestrel13!, Nov 3, 2014
    #5
  6. mark59

    mark59 MajorGeek

    Ok I've just gone into Revo Uninstaller (I already have it) and Search Protect doesn't appear in the list of programmes. This PC hasn't had the Firefox problems that my other PC had and which you cleaned for me. Does that mean the problems gone (Hitman dealt with it) or is it hiding somewhere?:confused
     
    mark59, Nov 3, 2014
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    @TimW - See GetUnKey.log for where searchprotect is hiding.
     
    Kestrel13!, Nov 3, 2014
    #7
  8. mark59

    mark59 MajorGeek

    I don’t know if this will help. MBRCheck has found a problem; therefore, I attach its log.
     

    Attached Files:

    mark59, Nov 3, 2014
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Download OTM by Old Timer and save it to your Desktop.




    Code:
    :Processes
explorer.exe

:files
C:\PROGRA~2\SearchProtect

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect]

:Commands
[purity]
[ResetHosts]
[emptytemp]
[start explorer]
[Reboot]

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.


    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.
     
    TimW, Nov 3, 2014
    #9
  10. mark59

    mark59 MajorGeek

    I followed the instructions regarding OTM exactly. You said: "OTM may ask to reboot the machine. Please do so if asked." It did ask to reboot the machine. I rebooted it. I assumed that OTM would re-open afterwards and then I'd be able to copy the information in the Results window (you placed that instruction under the one to reboot). It did not so I cannot copy and paste the results in the Results window.

    I attach the OTM log file as requested.
     

    Attached Files:

    mark59, Nov 4, 2014
    #10
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Now do this:

    Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

    If those entries are still there you could have a go at manual removal if you feel comfortable in the Windows Registry.
     
    Kestrel13!, Nov 4, 2014
    #11
  12. mark59

    mark59 MajorGeek

    I have done it.

    Please find attached.

    I infer you'll be reading the log and telling me if they're still there.

    I'm happy to have a go; however, I shall need the simplified version of the idiot's guide to manual editing of Registry!:-o
     

    Attached Files:

    mark59, Nov 4, 2014
    #12
  13. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    They have gone. ;)

    OTM must have worked even though it claimed not to have. I'll let TimW wrap things up with you.

    No it did not.
     
    Last edited: Nov 4, 2014
    Kestrel13!, Nov 4, 2014
    #13
  14. mark59

    mark59 MajorGeek

    Just a double check by this paranoid dumbo: is the PC clean now?
     
    mark59, Nov 4, 2014
    #14
  15. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. After doing the above, you should work thru the below link:

     
    TimW, Nov 4, 2014
    #15
  16. mark59

    mark59 MajorGeek

    @ Kestrel13! and TimW: Thank you very much for all the help and for your time. Thanks guys!:-D
     
    mark59, Nov 4, 2014
    #16
  17. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. Safe surfing. :)
     
    TimW, Nov 4, 2014
    #17
  18. mark59

    mark59 MajorGeek

    In the root folder of my PC on the C drive are the following folders:
    • _OTM
    • AdwCleaner
    • MGTools
    May I safely delete these folders or is it better to keep them?

    Thanks, mark59
     
    mark59, Nov 4, 2014
    #18
  19. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes, just delete them.
     
    TimW, Nov 4, 2014
    #19

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds