Malware attack.

Discussion in 'Malware Help (A Specialist Will Reply)' started by Pete22, May 28, 2009.

  1. Pete22

    Pete22 Private First Class

    Thank you geeks for all your help. I have to say I tried hard to follow the directions to get the reports for you. But to be honest I have dementia and some days are better than others, and this was not one of my better days. Please forgive me.........

    Computer was not saving at all or not saving to the designated drive.
    Would save some place else or say that the C drive was full which is not true. Or it would appear to save but would not be there when we checked.

    One desktop link when clicked on jams whole system. the only way to recover is to hold the off button down until the machine turns off.

    I could not open internet options.

    None of programs in the user account would work. I finally deleted it. I think I did that before I ran the reports but you may see it.

    Downloaded SAS but it would not install at all. Tried SAS instructions. They did not work. Tried Microsoft instructions and they would not work either.

    Before I was able to get SAS working, I got Malwarbites to run and it found all kinds of malware. I did try to remove it, hopefully I did.

    Also before I got sas to work I tried opening a new Administrator account to see if I got the same errors. So you may see that extra acount on the reports.

    I thought this was a 64 bit machine so I went on to the last program Mgtools and ran it.

    I then realized that this machine was not 64bit and so I ran combofix.
    It found malware too and I tried to remove that also.

    Came back here and was working on other issue and found a person who was getting a simular error. Windows installer could not be located or something like that. The 2nd answer worked go to run and type....I can't remember but it worked! It said it was successfull

    I was then able to install SAS. I will tell you that I had renamed to the download in fear that it would not install again to Removeyouknowwhat.
    It also found malware.

    After I rebooted, the picture on my background was gone. No great loss I hated it anyway ;)


    After all that I checked to see what I could do.

    I can now save to the drive I want.
    I can now open internet options
    link to microsoft works tasks still crashes system.

    Opened the other account and there was that ugly wallpaper. Not sure how it got there.

    Ok. thats my report.

    If I need to redo it all because everything was so out of order please let me know. I could try to do it better....
    :foolish I am just not sure I would succeed. At least it gives me the chance to use this cute icon.

    Hopefully by the time one of you major geeks can send me more directions, I will be having a better day.
     
    Pete22, May 28, 2009
    #1
  2. Pete22

    Pete22 Private First Class

    Oops ;)here are the logs
     

    Attached Files:

    Pete22, May 28, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It looks like the scans took care of most of the malware. Let's just do this:

    Tell me what this is:
    C:\Youknowwhateater.exe

    Let's remove your leftover McAfee services:
    Open notepad and copy and paste the following text in the quote box into the window:
    Save this as fix.bat
    Choose to save as all files.
    Doubleclick fix.bat and let the program run.
    A small black dos window will flash, this is normal.

    Now run CCleaner to remove temp files.

    The make sure this folder is empty:
    C:\Documents and Settings\Jacque Evans\Local Settings\Temp\

    Tell me what issues you may still be having.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\MGlogs.zip
     
    TimW, May 30, 2009
    #3
  4. Pete22

    Pete22 Private First Class

    Hello Tim,

    C:\Youknowwhateater.exe was what I downloaded SAS as. I have now deleted the download.

    I ran the bat file.
    I ran the CCleaner to remove temp files, and reran it untill it said there wasn't any.

    Then I went to the temp file. It was not empty. So I tried to clean out the temp file. All but two files deleted. I attached picture.

    Then I ran MGtools. Attached file.

    I then tried several items on the computer to see what was still happening. Accidently closed brower and lost message. When I got back here, I reran the directions.

    This time the two files that would not delete are called:
    Perflib_Perfdata_1788.dat
    Perflib_Perfdata_e38.dat

    The properties of these as well as the last ones say they run with an unknown program.

    Issues:

    Microsoft Works Task launcher still crashes system and requires holding down the power button to turn off.

    When I click on Legacy7 Printmaster 17 silver tries to install. They are not related at all. Printmaster asks for a disk. I press cancel, and it tells me I can reload it at another time. Then Legacy opens. Printmaster again tries to install. I get the same request for a disk and the same message that I can install later.

    Printmaster is already installed on this computer. When I click to start it ,the flash screen comes up and jams. I have to use the task manager to stop it.

    The weather channel desk thing used to make the sound of thunder when the computer had completly finshed its startup routine. It no longer does that.

    So here is my next installment.


    Thanks,

    Pete22
     

    Attached Files:

    Pete22, May 30, 2009
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Are perfectly normal and not a problem. Your logs are clean, so I suggest that you post in the software forum for any issues you are still having. Do not forget to run CCLeaner on a regular basis.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, Jun 1, 2009
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds