Internet problems(need help fast)

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide

 

Based on the infection you had, you really should complete the procedure and attach ALL of the requested logs. There is a strong possibility that you are still infected even if you are not seeing signs of it.

 

To answer that question, you need to attach the last and most important log from MGtools. The log will be where stated..... C:\MGlogs.zip

 

Only the one the instructions in the READ ME asked for and that is the same one I asked for in my last message. And that is C:\MGlogs.zip The instructions did not tell you to look inside of the C:\MGtools folder for anything.

 

The worst is over but we have a little more to do.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {EB1E1C3F-8FCB-4B97-B1A3-010EAFFDC591} - C:\WINDOWS\system32\ddcBSmME.dll (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O20 - Winlogon Notify: jkkLBSMd - C:\WINDOWS\

After clicking Fix, exit HJT.

Now delete the below file:
C:\WINDOWS\BMb3ab802f.txt

Now look for the below folder which is on your Desktop. It is named with an illegal character in the name so I'm not sure what it will look like to you but you should be able to find it. If you did not create this yourself (and I doubt you did) then delete the folder:

Code:

"C:\Documents and Settings\Owner\Desktop\"
ÿ             Mar 27 2008              "ÿ"

Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.


Then attach the below log:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

No you do not but you see the danger in doing this and have an illegal file name. And did you also notice that I could see it which means it is not really invisible. What program/tool did you use to do this? Or did you just use the trick to erase the folder name and enter an illegal character using the ALT key. For example, like this: http://www.iambetterthanu.com/2007/10/09/create-an-invisible-folder/




If you are not having any other malware problems, it is time to do our final steps:

1. You can uninstall SUPERAntiSpyware now.
2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\cf" /u
     • Notes: The space between the cf" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\cf folder from combofix.
4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
9. Go to add/remove programs and uninstall HijackThis.
10. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
11. If you are running Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
12. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

No I did not leave it out. I guess you did not really read all of this How to Protect yourself from malware!

 

You're welcome. Surf safely!