Malware removal. How do i disable AVG free to run Combofix?

Discussion in 'Malware Help (A Specialist Will Reply)' started by fmicw, Jul 6, 2009.

  1. fmicw

    fmicw Private E-2

    I appear to have some sort of virus/malware that is redirecting me everytime i click a google link. It is a very annoying problem, but is there any danger with this kind of infection?

    I began following the 'Read this now' post and downloaded the 4 malware removal processes. I ran the 1st two and got up to using Combofix, however that would not run without disabling my AVG free.... i cannot see any way of disabling AVG, how can i do this?

    It is worth noting that SUPERantispyware removed 1 trojan horse and the malware removal tool picked up about 11 infections. The original problem with the google links was then fixed so i decided not to continue my PC cleaning because Combofix sounded like a major program!
    Using the laptop tonight seemed fine with google working as per normal, however it just started doing the redirect thing again!!!!!

    Any help appreciated, i am sure i will get the usual response, but before i can do the full PC clean, i need to disable AVG.

    Thanks
     
    fmicw, Jul 6, 2009
    #1
  2. fmicw

    fmicw Private E-2

    Here are logs for the first 2 stages of the 'readme' which i have just done.

    SAS removed 26 items!
    wheras anti-malware found nothing.

    thanks in advance.
     

    Attached Files:

    fmicw, Jul 6, 2009
    #2
  3. fmicw

    fmicw Private E-2

    Ok, computer turned off and back on, then RRlog and MGtools.zip created.

    Attached.

    Waits patiently ;)
     

    Attached Files:

    fmicw, Jul 7, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You did not attach a log for ComboFix.

    Please use add/remove programs to uninstall:
    Viewpoint Media Player <-- should have been uninstalled in step 1 of the READ ME

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Please double-click the RootRepeal.exe previously downloaded.

    * Select File then Scan
    * On the Select Drives form select drive [ insert drive infected here ] by "ticking" the box for drive [insert drive here] and click OK
    * When the scan is complete - highlight each of the following file(s) (one at a time if more then one is listed) by left clicking it. Then use right mouse click and select the Wipe File option only for each file.
    C:\WINDOWS\system32\hjgruigiaptnkd.dll
    C:\WINDOWS\system32\hjgruimsenopmt.dll
    C:\WINDOWS\system32\hjgruiqqtmxepk.dat
    C:\WINDOWS\system32\hjgruiskonbaiv.dat
    C:\WINDOWS\Temp\hjgruijxwfpqhahr.tmp
    C:\WINDOWS\Temp\hjgruiyfwoiboegl.tmp
    C:\WINDOWS\system32\drivers\hjgruifrmujxys.sys
    * After Wiping all files, immediately reboot your pc!

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now use windows explorer to find and delete:
    C:\WINDOWS\Temp\ppehxvquwp.exe

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip
    * A new RootRepeal log
    Make sure you tell me how things are working now!
     
    TimW, Jul 9, 2009
    #4
  5. fmicw

    fmicw Private E-2

    Thanks so much for your response!!! :cool

    I did all you asked, not the entire list appeared in rootrepeal. I don't know if the following entry was anything to worry about-
    c:\windows\temp\perflib_perfdata_c74.dat

    After i rebooted, i had a file on my desktop called settings.dat

    The above appeared to fix another issue that had come about whereby my DVD drive was being duplicated as both a D:\ and an E:\

    After running MGtools the ppehxvquwp.exe file you asked me to delete was not there. I may have ridden of that as i ran a spybot scan yesterday.
    There was a perflib_perfdata_930.dat in that folder.

    Logs attached, i will have a look at how things are looking now.

    thanks.

    ps, just noticed you asked for a Combofix log, i am not confident running that as i cannot disable my AVG as stated in the 1st post. I will certainly run it under your advice following this.
     

    Attached Files:

    fmicw, Jul 9, 2009
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am still finding traces of malware on your system. So I do want you to run ComboFix.

    See these instructions
    How to temporarily disable your AV protection

    Use windows explorer to find and delete:
    C:\WINDOWS\system32\drivers\hjgruifrmujxys.sys

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Jul 11, 2009
    #6
  7. fmicw

    fmicw Private E-2

    Tim,
    Thanks a lot for your response/advice.
    My original symptoms no longer exist, however Spybot still finds malware when i scan daily...

    I have run Combofix and MGTools with the logs attached. The file in system32/driver was not there, perhaps combofix erased it?

    Thanks again, i look forward to your response!
     

    Attached Files:

    fmicw, Jul 11, 2009
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes, combo found and removed what we needed it to do. As far as Spybot, either it is doing what it should or it is finding FP's.....you need to attach a spybot log so I can see what it is reporting.

    Your logs are clean. So in the meantime.........If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    TimW, Jul 13, 2009
    #8
  9. fmicw

    fmicw Private E-2

    Tim, thanks a lot for your reply!

    I have run a spybot scan and it has brough up the usual things, they are tracking cookies. I have attaches the log.

    If you can let me know if these are an issue, that would be great... if they aren't i will start the cleanup!!!

    Thanks again
     

    Attached Files:

    fmicw, Jul 14, 2009
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes, just tracking cookies...not a problem.

    You are most welcome....safe surfing. :)
     
    TimW, Jul 17, 2009
    #10
  11. fmicw

    fmicw Private E-2

    Thanks for that.

    I have installed Outpost Firewall to support my router firewall along with AVG free.
    I will be running Malware Bytes and SAS every so often.

    Consider this thread fixed!!:cool:cool
     
    fmicw, Jul 18, 2009
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know.
     
    TimW, Jul 20, 2009
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds