Malware Removal on a Matrix Level

Discussion in 'Malware Help (A Specialist Will Reply)' started by riotchld, Dec 29, 2009.

  1. riotchld

    riotchld Private E-2

    Hi,

    I moonlight doing malware/virus removal and this one has me at wit's end. The machine was given to me with the classic symptoms of the PC running very slowly and Windows XP taking up to 10 minutes to startup and shutdown.

    The first true sign of trouble was when the usual removal tools wouldn't run (or would shut themselves down). At the moment, these are the programs that will not run:

    MalwareBytes (start for 4 seconds then close)
    Spybot Search & Destroy
    CleanUp!
    HijackThis!

    Truth be told, before finding this website, I did attempt to run the usual programs, but these came up as finding only tracking cookies or nothing at all:

    Super AntiSpyware
    Spyware Doctor
    CCleaner

    Windows functionality programs that will run:

    regedit
    msconfig


    Here are the logs. Remember, there won't be a log for Malware Bytes as it will not run.
     

    Attached Files:

    riotchld, Dec 29, 2009
    #1
  2. riotchld

    riotchld Private E-2

    UPDATE:

    Spybot Search & Destroy will now run, but it found nothing.
     
    riotchld, Dec 31, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Part of the problem is the machine needs twice the amount of RAM it currently has.

    I am not seeing anything in the way of malware. But could you tell me what these are:
    c:\windows\UDB.zip
    c:\windows\IDB.zip

    You need to use add/remove programs and uninstall:
    J2SE Runtime Environment 5.0 Update 2
    Viewpoint Media Player

    Reboot and download and install:
    Java Runtime 6

    What AV program is running on this system?
     
    TimW, Jan 2, 2010
    #3
  4. riotchld

    riotchld Private E-2

    Those zip files only contained txt files with urls in them and Google turned up nothing, so I removed them.

    I removed J2SE Runtime Environment 5.0 Update 2 and installed Java 6 per your instructions, but Malware Bytes still only starts for about 4 seconds then closes. I even renamed the installer and renamed the exe, but to no avail.

    The only AV installed when I got the computer was a ridiculously outdated McAfee that required a monetary renewal.
     
    riotchld, Jan 4, 2010
    #4
  5. riotchld

    riotchld Private E-2

    UPDATE:

    Installed AVG Antivirus 8.5 Free. It ran but it wouldn't update. Installed a AVG-based program called RMAGENT which ran a scan on startup before Windows loaded. It ran overnight.

    Now, MalwareBytes will run. I haven't tried it on its native settings (without renaming), but so far, it has found one infected object. Will try to run HijackThis next. I'm preparing a Windows Ultimate Boot CD to run the scans from there next.
     
    riotchld, Jan 5, 2010
    #5
  6. riotchld

    riotchld Private E-2

    UPDATE:

    MalwareBytes installed, updated, scanned, and completed (log attached).

    SpyBot installed, updated, scanned, and completed.

    CleanUp! ran and completed.

    HijackThis ran and completed.

    Connected to the LAN and successfully got on the Internet.

    Debating whether or not to leave AVG or put Avast on it (it must be a free solution). Other than that, I'm going to call this thing fixed.

    Thanks for your help.
     

    Attached Files:

    riotchld, Jan 6, 2010
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Sounds good to me!! :)

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    TimW, Jan 9, 2010
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds