Malware Help!

Welcome to Majorgeeks, AChamp.

We are currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first

Thanks for your patience.
dr.m

 

Hello, AChamp


The below fixes are specific to your problem and should only be used for issue(s) on this machine. Also, please do not install any other software while we are still working with you unless instructed. Once we have given you the all clean and final instructions you will be free to install what you want.

** You have two anti-virus programs installed! Un-install one of them NOW.

• Norton 360
• Trend Micro Internet Security Pro

***This is a good demonstration for people on how P2P downloaders get you infected. Below is the chain of events after installing FrostWire of what they did.

Code:

2009-01-12 19:56 . 2009-01-12 21:51 d-------- c:\program files\FrostWire
2009-01-12 19:57 . 2009-01-12 20:45 d-------- c:\users\Annie\AppData\Roaming\FrostWire 

2009-01-12 20:19 . 2009-01-12 20:21 d-------- c:\temp\tmp90
2009-01-12 20:19 . 2009-01-12 20:19 d-------- c:\windows\System32\m3V02
2009-01-12 20:20 . 2009-01-12 20:20 2 --a------ C:\1275330438
2009-01-12 20:20 . 2009-01-12 20:21 d-------- c:\windows\System32\enUZ
2009-01-12 20:20 . 2009-01-12 20:20 d-------- c:\windows\System32\tp2
2009-01-12 20:21 . 2009-01-12 20:44 147,456 --a------ c:\users\Annie\vbzip10.dll
2009-01-12 20:22 . 2009-01-12 20:22 d-------- c:\users\Annie\AppData\Roaming\cogad

Notice that from 20 to 25 seconds of installing FrostWire all of these infections occurred.



Step 1:
Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and proceed

Step 2:
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Step 3:
Next I would like for you to download The Avenger, and save it to your Desktop.
* Extract avenger.exe from the Zip file and save it to your desktop.


Run avenger.exe (extracted & saved on your desktop) by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Step 4:
Run Ccleaner

Step 5:
Now install the latest Sun Java Runtime Environment


Step 6:
There is a newer version of Malwarebytes' Anti-malware, and new definitions for SUPERAntiSpyware. Update both scanners then run a quick-scan with both.

Step 7:
Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, use right click and select Run As Administrator).


Then attach the below logs to your next reply:

• C:\MGlogs.zip
• New SASlog.txt
• New Malwarebytes Anti-Malware log
• C:\avenger.txt

Make sure you tell me if you had any problems running this procedure and give a description of how things are working now!


dr.m

 

Hello, AChamp

The correct SAS log would show:
Program Version --- 4.25.1012

dr.m

 

AChamp

Let's do this:
Open IE > Tools > Internet Options > Delete temp files, history, etc.

Now remove all IE add-ons and toolbars.

Now we need to cleanup after Norton/Symantec since you are not using their software anymore but it is still present. Please run the below then reboot. After reboot run it one more time.

Norton Removal Tool (SymNRT)


Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.

You have alot of appls loading at start-up.... I suggest that you use Startup Manager

If you are not having any other malware problems, it is time to do our final steps:

Safe surfing! http://i268.photobucket.com/albums/jj5/drmoriarty/Emoticons/char145.gif

 

My apologies, AChamp

Is IE's Pop-up Blocker turned on?

• Open IE
• Click on Tools
• Highlight Pop-up Blocker
• If it shows Turn OFF Pop-up Blocker -- it is activated
• Click on Pop-up Blocker Settings and adjust the "Filter level" to a higher setting

Also see if dis-abling your IE Add-ons solves the problem.
Does that help? Have you tried using the more secure FireFox browser?

Run CCleaner instead of using ATF Cleaner.

All malware has been removed --- if you're still having problems with IE, please describe them in a new thread in the

Software Forum

dr.m

 

Your SAS log shows no malware detected, AChamp.

dr.m