infected with Trojan.MSIL.Citron.hx

Welcome to Major Geeks!

Run Hitman Pro again and activate the 30 day free trial. Have it fix all the Malware and Potential Unwanted Programs that it finds. Then reboot the PC and run a new Hitman Scan and attach the new log.


Now please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Then attach the below logs:

• the Hitman Prolog
• the JRT.TXT log

Make sure you tell me how things are working now!

 

You're welcome.

I suggest that you try uninstalling it and then reboot your PC. After reboot, reinstall and see if it works okay.

 

I'm sure that you probably noticed by now that the forum software was changed since last night. It is apparent that we have lost a few posts from last night.
So I don't know if you ever saw my last fixes using FRST and also a couple of your last posts are now missing. Can you please reattach the last logs I had you create last night. These were at a minimum the scan results from running FRST and also a new MGlogs.zip file. I don't really need the results from having run Hitman Pro again since we know that it had not fixed the problem. I can reattach the proposed fix with FRST if you missed it. Just let me know if you need it.

 

You're welcome.

Let's try to fix the networking issue and also I will give you a new version fix for Windows Repair since the program has changed. But first, if you have not powered down the PC since running the previous fix then please power the PC down for a few minutes. Then power back up and continue. If you had already powered down last night then just continue on.

• Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
• Now select the + Repairs tab.
• Then click the + Open Repairs button down on the bottom right.
• This will automatically begin a registry backup, so wait for it to complete and when it finishes, you will see a list of many possible different repairs and they are all selected by default. At the bottom of this form there is a not so obvious Unselect All Repairs check box which is to the right of a check box with a green check mark in it. Please click the Unselect All Repairs box. The green check mark box is to Select All Repairs. The ony way you see what these boxes are is when your mouse hovers over them.
• Now select the following repair options ( the numbers at the begin are the current repair numbers but this is subject to change.)
  • 01 - Reset Registry Permissions
  • 02 - Reset File Permissions
  • 03 - Reset Service Permissions
  • 04 - Register System Files
  • 05 - Repair WMI
  • 06 - Repair Windows Firewall
  • 10 - Remove Policies Set By Infections
  • 13 - Network
  • 14 - Repair Proxy Settings
  • 15 - Repair Windows Updates
  • 21 - Repair MSI (Windows Installer)
  • 23 - Repair File Associations (12 )
  • 26 - Restore Important Windows Services
  • 27 - Set Windows Services To Default Startup
• Now on the right side under the When Repairs Complete title, check the box for Restart/Shutdown System and then make sure the Restart System radio button is enabled not the Shutdown System button.
• Shutdown any other programs that you are running now before continuing.
• Now click the Start Repairs button at the lower right.
• Be patient while the tool repairs the selected items.
• It should reboot automatically when finished. If it does not then reboot it yourself.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
Then attach the below logs:

• C:\MGlogs.zip

Also after attaching the above log, please run a new scan with FRST just like you did previously and attach the new log. Since the instructions are missing from the thread, I will repost them. You don't need to redownload FRST since you already have it. I'm just reposting the complete instructions.

Please do the below so that we can boot to System Recovery Options to run a scan.
For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.
Enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)

Now please download Farbar Service Scanner and run it on the computer with the issue.

• Put a check mark in each option box on the left side.
• Click "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please attach this log to your next reply.

 

A DLL file for Windows Live is missing which has broken your LSP chain and this will in turn cause no network access. We will remove this from your LSP chain to see if that fixes the problem. If you need Windows Live, you may need to reinstall but I don't see it even installed.

You don't need to do this. You only had to do it previously because you were reattaching the same log a 2nd time due to the forum change to new software.

Now download LSP - Fix

Run LSP-Fix.

Check the Box labeled "I know what I'm doing" and then click on the wlidnsp.dll file (in the “Keep” section) to select it.

Then, Select the >> button to move wlidnsp.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.
If it is already in the Remove section, just click Finish.

Now reboot your PC and see if there is any change.

 

Okay it may be necessary to reinstall your network card drivers because no network cards were showing up in your previous log. You probably show errors in Device Manager for your network interface card. Do you have the driver disks for your PC?

 

You're welcome. Sounding a lot better. Exactly which files are you referring to on your Desktop.

 

I would wait on reinstalling Vipre until we are finished just to avoid any unwanted complications.

Try right clicking on the files on your Desktop and selecting Properties. Then select the Security tab and see if you can choose your user name in the Group or user names: section and then click the Edit button to change permissions. Then on the next Permissions form, again choose your name and see if you can set the Permissions for Full control. Then apply and OK your way out. See if this helps.

 

You're welcome.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
   • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore​
   • For Windows 8 and 8.1 system restore see this link: Win 8 System Restore - How to enable/disable​
   • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
   • Then we want you to Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • 
     How to Protect yourself from malware!