Malware preventing me from installing

Please at least attach logs from running Combofix and MGTools. You didn't mention whether you had problems running those so I assume you have logs from them.

Thanks
kes

 

:confused I don't know what you are referring to. MGTools will run on XP

Let me know the full file path of the threat adaware is finding please.

Also let me know what happens when you try to run MGTools (try running in safe mode if you are unable to do so successfully in normal mode) and attach the C:\mglogs.zip that is created from running it.

Thanks
Kes

 

telling you that MGTools is not compatible with your XP OS? I don't understand... where does this "script" come from? At what point do you get the message about non compatibility? When you attempt to run MGTools?

 

MGtools is fully compatible with Windows XP (all versions). There could be some kind of problem with properly detecting your Windows version information and that could be causing the problem.

Click Start, Run, and enter cmd and click OK. This will open a command prompt Window. In the command prompt Window, enter the below commands each followed by the enter key:

ver > c:\ver.txt
dir C:\MGtools > C:\flist.txt

Now attach the C:\ver.txt and C:\flist.txt files here. Note there is a space after the dir and before the >

 

Why are you running MGtools for a Windows 98 or ME operating system? You need to go back to the READ & RUN ME and follow the proper procedures for your Windows version which is Windows XP.

 

I would like to know what is installed from Zonealarm besides the firewall and Spyblocker Toolbar? I want to make sure this is not a security suite.

Note you could also be having issues due to all of the below running which is not a good idea especially if you notice any performance issues:

• AVG8 which includes antispyware
• Ad-Watch
• Spyblocker
• Teatimer
• Windows Defender

Make sure you delete the below as it is not the version of mgtools compatible with your machine:

• C:\MGtools9x.exe

1. Spybot Search and Destroy's "Teatimer" feature is running and this needs to be disabled as it will interfere with the fix.
Please refer to the below to see how to do this:

How to disable Spybot's TeaTimer

2. Go to add/remove programs and uninstall the following old versions of Java:

• Java 2 Runtime Environment, SE v1.4.1_02
• Java(TM) 6 Update 4

3. Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix exit HJT.

4. Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
• If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it

(make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

File::
c:\windows\system32\xa173649812.exe
c:\windows\system32\xa173643109.exe
c:\windows\SEE3D8105.tmp

DirLook::
c:\docume~1\ALLUSE~1\APPLIC~1\13692964

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
  http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
  
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

5. Now reboot your machine and install the most current and up to date version of Java available here at the below link:

Java Runtime 6

6. Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Combofix

7. Let us know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

1. Please use Windows Explorer to find and delete the following bold folder:

2. I would advise you to clean up your desktop.

3. Also rename 2ComboFix.exe back to ComboFix.exe so that later final instructions will actually work.

4. Let me know if you were successful in deleting the folder above and also that you did indeed rename combofix as instructed.

Thanks
Kes13!

 

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!