Malware prob? And mouse issue ?

Discussion in 'Malware Help (A Specialist Will Reply)' started by gmichael210, Jan 27, 2014.

  1. gmichael210

    gmichael210 Private E-2

    Hello Geeks, Glad you are Major Geeks, cuz I have what seems to be a major problem, (well probably minor to you):

    A program keeps trying to install itself on my computer, but I don’t know what it is.

    i have run MS Security Essentials, Spybot, CC Cleaner, but it still keeps coming back once or twice a day attempting to install itself. It hides itself under a different folder name each time under the path
    C:\Users\User Profile\AppData\Local\Temp\ once under folder S64N8\setup.exe /s and another time under S12as\setup.exe /s

    I have a different version of spybot than the one illustrated on your web page. I don’t think I have tea timer enabled, but am unable to check (or find where to check on Spybot Search and Destroy version 2.2.21.129)

    I have read Please Read These Important Notes for the Malware Removal Guide And have followed all steps, results below:

    All Malware tools have been downloaded and Malwarebytes has been renamed as instructed.

    RogueKiller WOULD NOT RUN, PROGRAM HANGS. i found a rogue killer.ini file on my desktop, but it is an invalid file for attachment purposes.

    Malwarebytes Anti-Malware RAN PROGRAM, REMOVED ALL AND REBOOTED (LOG ATTACHED)

    TDSSKiller (LOG ATTACHED)

    HitmanPro (NO LOG ATTACHED)---HITMAN PRO LOG IS TOO LONG / EXCEEDS FILE SIZE AT 389.4 KB, (only allowed 375)


    View attachment TDSSKiller.3.0.0.19_24.01.2014_22.03.49_log.txt
    View attachment mbam-log-2014-01-24 (21-40-49).txt

    MGtools PROGRAM RAN BUT NO LOG FILE SAVED TO ROOT DIRECTORY. NO ERRORS FOUND AT END OF PROGRAM

    After completing the above, the issue with the program wanting to install seems to be fixed, but I seem to have a new problem:

    When the computer is on and goes to power saver mode, upon pushing the power button to bring windows back I have a screen, but no mouse.

    If I push the windows key to try to use the keyboard, nothing happens.

    Any assistance would be appreciated.
     
    gmichael210, Jan 27, 2014
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Then please zip it up or split it into separate logs.

    Try running it again then please. Very important set of logs there. :)
     
    Kestrel13!, Jan 28, 2014
    #2
  3. gmichael210

    gmichael210 Private E-2

    Thank You for the reply.... sorry taking so long, I work 2 jobs and will try to get this done by the end of the weekend, most probably Sun

    Regards,
    mjg
     
    gmichael210, Jan 31, 2014
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I'll be here floating around somewhere. :)
     
    Kestrel13!, Feb 1, 2014
    #4
  5. gmichael210

    gmichael210 Private E-2

    ok, here is the log split in two..........and the MG log zip folder.......

    i set my pc to never sleep which circumvents the mouse issue, but i still get an HP update box for my printer that i cannot close, even when going to task manager (it does not show up)

    Again sorry this took so long, seems i am always busy between work and things i have to get done, which often includes sleep.

    regards,
    mjg
     
    gmichael210, Feb 10, 2014
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    No Hitman log or MGlogs.zip still. :(
     
    Kestrel13!, Feb 11, 2014
    #6
  7. gmichael210

    gmichael210 Private E-2

    trying again, i uploaded them, not sure what i did wrong / what happened
     

    Attached Files:

    gmichael210, Feb 11, 2014
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Please rerun Hitman Pro and have it remove Malware and Potential Unwanted Programs. (Rocketfuel, conduit items etc)



    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    • R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    • O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    • O4 - HKLM\..\Run: [mobilegeni daemon] "C:\Program Files (x86)\Mobogenie\DaemonProcess.exe"
    • O4 - HKCU\..\Run: [BrowserSafeguard] "C:\Users\michaelg210\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe"
    After clicking Fix exit HJT.



    Download and run OTM.

    Download OTM by Old Timer and save it to your Desktop.


    Code:
    :Files
C:\Program Files (x86)\Conduit
C:\Program Files (x86)\Mobogenie
C:\Windows\tasks\SaveSense.job

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BrowserSafeguard"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"mobilegeni daemon"=-
[HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\windows\currentVersion\Run]
"mobilegeni daemon"=-
[HKEY_USERS\S-1-5-21-3749783351-3232616892-497374309-1000\Software\Microsoft\Windows\CurrentVersion\run]
"BrowserSafeguard"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A4DCA859-EDFF-473F-882C-FE38293F92FA}]

:Commands
[emptytemp]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.



    http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
     
    Kestrel13!, Feb 12, 2014
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds