Just would like to know if im clean after a problem with popups

Discussion in 'Malware Help (A Specialist Will Reply)' started by g6qwerty, Dec 21, 2008.

  1. g6qwerty

    g6qwerty Private E-2

    I first ran Spysweeper From MSN and it found virtumonde, then i installed spybot Serach and destory and it found some varients of virtumonde and Smitfraud-C, then i ran spybot search and destory again and it still found virtumonde a few times later so i when and did your Read and Run Me First and the Windows XP Cleaning (ran SUPERAntiSpyware, SpyBot - Search & Destroy, Malwarebytes Anti-Malware), and after running Combofix.exe it solved the problem of the popups and for good measure i ran MGTools.exe. then i ran Ccleaner and cleaned out the temp files and registry. but i still haven't disabled and enabled system restore yet.

    Heres the Log files i got.
     

    Attached Files:

    g6qwerty, Dec 21, 2008
    #1
  2. g6qwerty

    g6qwerty Private E-2

    Here are the Rest of the Log Files plus the web address that keep popping up also i remember a few popping up for installing Anitspyware 360, Dex, before the started coming up as a page not found after i ran immunize on spybot search and destroy. Also i uninstalled all the programs but Spybot Search and Destory.
     

    Attached Files:

    g6qwerty, Dec 21, 2008
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Why am I not seeing any anti-virus software installed on this system?

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.
     
    TimW, Dec 23, 2008
    #3
  4. g6qwerty

    g6qwerty Private E-2

    Ok i did all as you instructed here is the log file

    uh not sure its my dads computer
     

    Attached Files:

    g6qwerty, Dec 25, 2008
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Then you or he will continue to be infected without having anti-virus protection.

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now just to clean up, please use windows explorer to find and delete:
    C:\WINDOWS\dump335c.tmp
    C:\WINDOWS\dump9d8c.tmp
    C:\WINDOWS\dumpa9df.tmp
    C:\WINDOWS\dumpad1e.tmp
    C:\WINDOWS\dump3a49.tmp
    C:\WINDOWS\dumpaf9f.tmp
    C:\WINDOWS\dumpaf63.tmp
    C:\WINDOWS\dumpaf64.tmp
    C:\WINDOWS\dumpac1a.tmp
    C:\WINDOWS\dumpa876.tmp
    C:\WINDOWS\dumpab1f.tmp
    C:\WINDOWS\dump988a.tmp
    C:\WINDOWS\dumpaac5.tmp
    C:\WINDOWS\dumpa999.tmp
    C:\WINDOWS\dumpaa7f.tmp
    C:\WINDOWS\DUMP8a7f.tmp
    C:\WINDOWS\dump8eb9.tmp
    C:\WINDOWS\DUMP890d.tmp
    C:\WINDOWS\DUMP8112.tmp
    C:\WINDOWS\DUMP81ee.tmp

    Tell me how things are running. And I seriously suggest that you read this:
    How to Protect yourself from malware!
     
    TimW, Dec 25, 2008
    #5
  6. g6qwerty

    g6qwerty Private E-2

    Before i did what you said my dad told me that he had gotten like 40 or so popups so he logged off and shutdown the computer, and restarted it and ran some antispyware scans. After doing what you said i updated and ran spybot search and destroy and it found nothing. Other than that it appears to be running just fine. Thanks for all your Help.
     
    g6qwerty, Dec 29, 2008
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know.....now put some AV software on the machine.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, Dec 29, 2008
    #7
  8. g6qwerty

    g6qwerty Private E-2

    I just found out that Microsoft Photo Editor doesn't work, it says all the registry entry's are missing "No File Format Information can be find in the Registry". It says its version 3.01 if that helps. I would try reinstalling/repairing Microsoft Office 2000, but i don't have the Cd any more since i broke it then it exploded when i put it in DVD/CD Drive.
     
    g6qwerty, Jan 10, 2009
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    None of the scans or my fixes removed anything that relates to Office or MS Photo Editor.

    You will need to post in the software section to get assistance with those issues.
     
    TimW, Jan 11, 2009
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds