Malware cleanup

This question will be address in the link in my final instructions below. Remember that the free versions of SUPERAntiSpyware and Malwarebytes have no active protection. They are just after the fact scanners.

You have a little more minor cleanup to do. The cleaning procedures have already removed you malware.

First you have an incomplete uninstall from McAfee which must be fixed. So run the below and then reboot:

McAfee Consumer Product Removal Tool


Now uninstall the below software:
Viewpoint Manager (Remove Only) <-- should have been uninstalled in step 1 of the READ ME
Viewpoint Media Player <-- should have been uninstalled in step 1 of the READ ME

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)

After clicking Fix, exit HJT.


Now if you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix (if it exists)
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Go to add/remove programs and uninstall HijackThis.
7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
8. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

You're welcome. This computer's logs were already clean which is why I gave final instructions.

 

Nothing as far as I saw. The below accounts showed in your logs:

Code:

   Yes    | Administrator
   Yes    | Davene Burks
          | Guest
          | Julian Burks
          | Malachi Burks
   Yes    | Richard Burks
          | Whitney Burks

The Guest account should be disabled since it is a security risk. Also note, when you say "no passwords required" do yo mean you set them this way or do you mean that they all had passwords and now they do not? Nothing in our scans touch any of these settings. What the malware may have done, I cannot guarantee.

 

Sounds like you may have disabled those other accounts which is really a topic for the Software Forum, but try the below.

Click Start, Run, and enter lusrmgr.msc and click OK. This should open the Local Users and Groups window. Select Users in the left column. Then in the right window pane, look at each user name that is not showing up. Does it have a red x on it? If so, it is disabled. Double click on the user name and uncheck the Account is disabled check box. For the Guest account, make sure you actually put a check in the Account is disabled check box to truly disabled it. Then reboot and see if there is any change.

 

Run the Windows Registry Editor and navigate to the below registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList

Do you see any of those user accounts listed here?

 

I may be sending you to the Software Forum with this soon since it is not a malware problem.

If you click Start, Run, and enter control userpasswords2 and click OK. Do the missing user accounts show up here? If so, select one and click Properties then click the Group Membership tab. Which Group is the user account shown in?

 

Okay but what are they?

Normal. It is Microsoft related.

I don't know that they occurred here. Based on what was fix here, it has nothing to do with what we have done. They appear to indicate registry settings changes that could have happened at anytime. Also if anyone has been running anykind of registry cleaning or defragging, you are immediately going to be told to work it outside of the Malware Forum since we do not recommend using any tools like this. I'm not saying you ran any. I'm just making a general statement.

What exactly do you mean by "not CTRL-ALT-DEL"? What happens? Does it happen on ALL user accounts? Does it happen in safe mode?

Not if it is just registry settings that we cannot see during malware removal procedures. It is best to try in get more general Windows help in the Software Forum since the related keys are more than likely things we never look at.

Huh?

 

If you are going to format anyway then what are we trying to do? Just save the data you want to save and then do your reinstall.

There is nothing we can help you with in this forum anyway since you are not having malware problems.