Logs attached

I found a file in my add remove which I got a bit paronoid about, It turned out to be malware
I'm not sure if I got rid of everything so will you please look through my logs Many thanks in advance.



Lott xx

 

Hi lott!
Welcome to Major Geeks!

I don't see any problems. Combofix got rid of one file for you. Please do the two things below and let me know if you are having any symptoms.


1) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

2) Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

3) Now run CCleaner and post a fresh HijackThis log, or the whole zipped set if that's easier.

abri

 

Thanks for your speedy reply :wave:wave

 

By the way, what was it you found in add/remove programs?

Everything looks clean.
More tomorrow.
abri

 

BVRP, I know i didn't download it, I did a search and alot come up about digital line detect.

I don't know if it is malicious but if i didn't put it there, It shouldn't be there.:confused

Thanks for your help! you're all great.

Lott xx

 

I think it's a communication software for cell phones, fax machines, etc. Digital line detect probably refers to it looking for a connection.
I have to still tell you how to remove the tools you installed here. They're new. I'll tell you tomorrow.
abri

 

can anyone help with removal, can I just delete?

 

Hi lott!
Digital Line Detect is a piece of software preinstalled by Dell to check if you have a digital connection or not. You should call your cable company or ISP before you uninstall it and ask if it's needed for their software. If you want to remove it, please set a restore point before you do so in case you are removing something which is needed.

I see three instances of Symantec running in your startup items, but I don't see anything of Nortons or Symantec in your uninstalls list. What antivirus are you using?

abri

 

I've already got rid of it. I've not seen any problems so I think i'll leave it gone.

Erm only what you can see, comodo firewall pro, ad-aware with ad watch avg anti spyware which i downloaded as part of read and run me.
I need to add somemore I know

 

Hi lott!

1) Please run the following:
Norton Removal Tool (SymNRT)

After you've finished running the Norton Removal Tool, please have run HijackThis

2) Now scan with HijackThis and check the boxes for the following entries. They may or may not be there. If they are, check them, make sure all your browser windows including this one are closed and then click on FIX:

After clicking Fix, exit HJT.

3) After you've completed these steps, please go to How to Protect Yourself from Malware and pick out one of the free Antivirus programs and install it on your computer. I use AVG. I don't know how it does together with Comodo. If one gives you trouble, uninstall it and try another one. All the programs are lightweight and generally don't have compatibility problems.

Tell me how your computer is working!
abri

 

All done just downloading AVG, Computer is fine only for some curious reason it won't shut down or restart. This has happend twice. Can I Remove all the tools now? Many thanks for all your help you are all fantastic.

Lott xx

 

If this is a new problem, that the shutdown and startup continue to be a problem, please go back to a restore point just before the Norton Removal Tool and see if it's still doing the same thing. And before you do this, please attach a new set of logs. It's hard getting Symantec off of the computer and sometimes it has to be done manually.
abri

 

hi abri.

I've had to restore back a week the computer was not working at all well. wouldn't shut down, very slow. New logs attached.

PS i've had a problem uninstalling old spybot and downloading new and avg didn't want to run. but I don't think I have a problem with malware, just some system problems which i will bring to the software forum

lotts

 

Hi lott,

It can happen if Symantec is not uninstalled completely, that the only way to uninstall it after that is to reinstall it. Let's try this first and see if it works better than the Norton Removal Tool. This will create backups, so if you notice problems again, we can undo the changes. This should simply remove the Symantec programs from the startup menu.

It's possible that the problems you are having are related to this, because computers don't like it when there are two antivirus programs at work.

Please do the following:
1) Now scan with HijackThis and check the boxes for the following entries:

( Make sure ALL browser windows are closed when you click FIX )

2) Please run the MGTools.exe program again and post a new set of logs.
abri

 

All done, thanks for sticking in there:cool

 

Hi lott!
I'm interested in your computer because I have the same problem, that I can't run GetRunKeys, one of the programs in the MGTools. I'm looked into virus which was originally fixed on your computer by Combofix, and this particular virus, known to Symantec as Adware.Search.net, was picked up by Combofix and deleted as fad.sys. It's a driver.

I would like to know:
1) if you can use your registry editor, which is reached by clicking on Start / Run and then typing in Regedit, and
2) if you can get to the registry editor, if you find the following keys:

I don't know if you'll find them or not. Please let me know either way.
Thanks.
abri

 

Hi Abri.

I was able to open Regedit. But neither of the keys where there:confused, Let me know if you need anything else.

Can I go ahead with the removal of all the Malware tool? Let me know.

 

Hi lott!
I'm glad you can use Regedit and that those keys are not there.

Please remove the MGTools as follows.
First go to add/remove programs and uninstall HijackThis.
Once it's been uninstalled, open Windows Explorer and go to the C:\MGTools folder and delete the entire folder. Let me know how this goes.
Once you've removed the tools, please follow these instructions for setting a clean restore point: Disable and Enable System Restore!


After you've finished the above, please read through How to Protect Yourself from Malware
It's a good read with alot of tips for keeping your computer safe.

abri

 

Ok all done. OS didn't like deleting the MGtools folder, Gave a warning about my computer not working properly if you delete. Which is strange considering it isn't part of the OS.:confused

Have a great evening and thanks for all your help. **

 

Was that after you uninstalled HijackThis? And ... is your computer working all right still? Did you go ahead and remove the tools? I expect it would be better to have people remove the contents first and then delete the folder. Maybe that would get around the warning.

abri

 

Yep after I uninstalled Hijack this. I did remove the folder and all it's contents. Ignorned the warning thought It was a glich in the MGTools not the system. Was I wrong?

Computer seems to be working a treat.

 

Thanks lott!
I'll pass that information on.
Good luck to you and many happy endeavors with your computer!
abri