Malware prevents scans - please help!

Discussion in 'Malware Help (A Specialist Will Reply)' started by Comptroller, Feb 2, 2009.

  1. Comptroller

    Comptroller Private E-2

    I'm running Win XP, SP2. I've followed 'Read & Run Me First' but I'm unable to run the following scans:

    SUPERAntiSpyware
    SpyBot - Search & Destroy
    Malwarebytes Anti-Malware
    combofix.exe

    In each case, trying to run gives a repeating error message with 'try again', 'continue' and 'cancel' options. After clicking through for a while, nothing happens. I also tried running these scans in safe mode but the same thing happens.

    I was only able to run MGtools. I have attached MGlogs.zip.

    The malware prevents me accessing certain websites, MajorGeeks included. I'm writing this from a different computer.

    Also, my PC now doesn't shut down properly - that is, it shuts down but the fans keep running & the red LED stays lit. It keeps going until I shut the power off at the wall - it doesn't matter how long you leave it. This may be unrelated but, if so, it's a weird coincidence.

    Any help would be much appreciated.
     

    Attached Files:

    Comptroller, Feb 2, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What drive/partition did you install the tools on? I do not see SAS or Combo or MBAM installed on the F drive.

    Use windows explorer to find and delete:
    F:\WINDOWS\system32\twex.exe
     
    TimW, Feb 4, 2009
    #2
  3. Comptroller

    Comptroller Private E-2

    I installed and/or ran all apps from F. I don't know why that isn't showing up. Hopefully I haven't made some ridiculous error.

    I actually managed to get SAS to run using RUNSAS.exe, which I found out about on a different site. With that done, I had no problems running the other scans.

    Now everything seems to be back to normal, except for my shutdown problem - PC closes down, but fans run indefinitely & red LED stays on. It could be this problem is unrelated to malware (though it started at the same time) or maybe it's due to something the scans haven't turned up yet.

    Logs attached for SAS, Combofix & MBAM. New MGlogs.zip to follow - I ran it again after successfully running other logs.
     

    Attached Files:

    Comptroller, Feb 4, 2009
    #3
  4. Comptroller

    Comptroller Private E-2

    New MGlogs.zip attached.

    Thanks for taking a look.
     

    Attached Files:

    Comptroller, Feb 4, 2009
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It appears as though MGTools did not run to completion. Did you wait until you got a press any key message? Did you get any error messages.

    We tell you that you can rename SAS in the Read and Run First instructions.

    Your shut down issues are not malware. I would suggest that you post in the software section for that issue.

    Please run the C:\MGtools\GetLogs.bat file by double clicking on it and allow it to finish. Then attach the new C:\MGlogs.zip file.
     
    TimW, Feb 5, 2009
    #5
  6. Comptroller

    Comptroller Private E-2

    I waited until the 'press any key' message and there were no error messages. I can't explain the result. I followed your instructions & the new MGlogs.zip is attached.

    Thanks for your help.
     

    Attached Files:

    Comptroller, Feb 5, 2009
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good job. It ran fine that time. :)

    Your logs are clean.......If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, Feb 5, 2009
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds