Malware and HelpAssistant

Discussion in 'Malware Help (A Specialist Will Reply)' started by peefyloo, Jan 23, 2010.

  1. peefyloo

    peefyloo Private E-2

    I had a massive problem a couple days ago. I got the Netsky malware. I deleted some files and ended up modifying the winlogon where I wasnt able to log in to windows, as soon as i logged in, it would log me out. I used ERD5.0 to get back to a restore point. I have scanned my pc with Kaspersky and Vipre/Sunbelt CounterSpy (i only use it for on-demand scanning). Removed everything I could. Sometimes I get a blue screen that says "hard error" and i have to restart. The system is very slow. BTW... I run XP SP3.

    I also have a folder called HelpAssistant in my documents and settings folder. Should I just delete it? I went to My Computer -> Manage and went into Users and disabled it... but after reboot I check it again and its allowed.

    I disabled my AV to run these programs. I couldn't get ComboFix to run. It created a folder in C:\, but didn't do anything else.
     

    Attached Files:

    peefyloo, Jan 23, 2010
    #1
  2. peefyloo

    peefyloo Private E-2

    Oh, here is my SASlog.txt
     

    Attached Files:

    peefyloo, Jan 23, 2010
    #2
  3. peefyloo

    peefyloo Private E-2

    MBAM log
     

    Attached Files:

    peefyloo, Jan 23, 2010
    #3
  4. peefyloo

    peefyloo Private E-2

    new symptom... firefox is very slow, slower than usual. the speed is of the program itself is slow, not the connection.

    the same goes with any program opened or any folder opened
     
    peefyloo, Jan 23, 2010
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please run the below tool from Prevx

    Prevx 3.0 use the button that says Download Prevx 3.0

    After running the Prevx scan, reboot and then continue with the below.

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Uninstall the below software:
    ClamWin Free Antivirus 0.95.3 <-- You don't need this since you have Kaspersky
    Java(TM) 6 Update 13
    Messenger Plus! Live <-- Not recommended since it has cause tens of thousands of infected PC
    ThreatFire <-- It will likely get in the way of proper malware removal

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

    After clicking Fix, exit HJT.


    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
    After reboot look for all of the above files we had Avenger attempt to delete. If you still see them, delete them yourself.

    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\TEMP
    C:\Documents and Settings\Kyle\Local Settings\temp

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


    Then attach the below logs:
    • C:\avenger.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Jan 24, 2010
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds