malware prevented normal start up

Discussion in 'Malware Help (A Specialist Will Reply)' started by rinoa1, Oct 4, 2008.

  1. rinoa1

    rinoa1 Private E-2

    Hello. Before I even start, let me express the enormous amount of gratitude I have for all of you helping people like us with these malwares. Thank you all!

    Ok, let me start with what happened. As relayed to me, my wife was online checking email, then she tried to open a new tab or window and found a download notice (she doesnt remember any real details about the download) she tried to cancel the download, her laptop hanged on her and when she restarted, she could get to the windows start page where you select the account but once you select any account there would only be a short time before the system would shut down.

    So I started with the malware removal checklist, on safe mode with networking. First I tried the manual uninstall via Add/Remove Program.(quick question here, I couldnt find Wild Tangent in the Programs but I see the folder in my Program Files, what should I do?) Then, I tried to update Java but while I could download the latest update I couldnt remove older versions with the add/remove program. Moving on to SAS, I couldnt install due to "the administrator has disallowed the installation ... or something like that" restriction. Got to spybot which found 3 issues and fixed them (by the way the log I was able to save was the one after spybot "fixed" the issues, hope that was correct) Ran MBAM, although I couldnt be sure if it updated properly before I ran the scan, and it also found 3 issues, fixed them and had me reboot the system (which was still in safe mode then). I let the system reboot normally and when it did, all seemed normal. I decided to complete the checklist anyway. I checked my msconfig (normal) and changed my firewall option to self monitoring, all seemed fine with the laptop, I finally deleted older versions of Java but when I had the laptop reboot after that I ran SAS, which did not find anything before remembering to install the latest Java update. I then did combofix and MG tools.

    Attaching the logs of Mbam, SAS and spybot here will post the others after (combofix and MG tools) Please let me know if there is anything else I need to do. Cheers!
     

    Attached Files:

    rinoa1, Oct 4, 2008
    #1
  2. rinoa1

    rinoa1 Private E-2

    adding up the last two logs (MG tools and comobfix)

    Thanks again.
     

    Attached Files:

    rinoa1, Oct 4, 2008
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs are clean.


    Now we need to cleanup some items from running ComboFix.

    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significan amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix.
    3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    chaslang, Oct 6, 2008
    #3
  4. rinoa1

    rinoa1 Private E-2

    Thank you again.

    Did the cleanup procedure already. fixme merged to registry. BOClean prompted me that it was being shut down as I was either trying to delete combofix or MG tools.

    I mentioned in my first post about finding a wild tangent folder in my files but couldnt see it in my add/remove programs, is that all right?

    Know you guys are pretty busy so I understand if my questions here are too "noob" for a reply.

    You all have a nice day now
     
    rinoa1, Oct 6, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    It is in your Add/Remove programs. You just aren't looking for the right things. ;) It is HP Game Console and games

    Wild Tangent is not really malware. It is what is referred to as foistware which is anything installed without your knowledge or permission and is typically something that you do not need or even want.
     
    chaslang, Oct 7, 2008
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds