Malware Removal Request

Welcome to Major Geeks!

Is AntivirXP08 your antivirus program? Is is really installed and running???

Are the below items that you installed? If not, add the to the fix further down where analyse.exe is run.
O4 - HKLM\..\Run: [superclean] c:\Program Files\superclean\superclean.exe hidden
O4 - HKLM\..\Run: [DrPlus] c:\Program Files\drplus\drplus.exe hidden

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below software:
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment, SE v1.4.2_03
My Way Search Assistant <-- should have been uninstalled in step 1 of the READ ME
Viewpoint Media Player <-- should have been uninstalled in step 1 of the READ ME

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [SMrhc9eoj0el1g] C:\Program Files\rhc9eoj0el1g\rhc9eoj0el1g.exe
O4 - HKLM\..\Run: [VaccineKorea] C:\Program Files\vaccinekorea\vaccinekorea.exe bg
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Nemart Search Engine] c:\program files\nemart\browser\webmain.exe SL

After clicking Fix, exit HJT.


Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.


Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

No! But just get to it as soon as possible.

The goto Add/Remove programs and look for AntivirXP08 and uninstall it if found before doing the other steps. If you do not find it it, then continue with the other steps anyway. Make sure you tell me what you find.

Also note that this also means you do not have any antivirus program installed. Also you have no firewall or antispyware protection! Why not?

Make sure you answer my question about those other two programs.

 

Okay then also look for the below two folders and delete them if they exist:
c:\Program Files\superclean
c:\Program Files\drplus

Okay! What message did you get and make sure you try again and be sure to create the fixME.reg patch exactly as requested. The REGEDIT4 line must be the first line in the file and there must not be any blank lines above it. The text saying Quote: is not part of the fix.

Please explain what operations are slow! For example answer the below:

• Is boot up slow?
• Is shutdown slow?
• Is browsing/surfing slow?
• Is downloading slow?
• Is running any application?
• Is it also slow in safe boot mode?
• Also are any process showing in Task Manager to be using a lot of CPU time?
• Anything else slow?

I expect that it is just due to all the unnecessary junk that you are running. And this is compounded by the fact that you do not have adequate amount of RAM. Truthfully 256 MB is really about 1/4 of what you really need to really run Windows XP effectively. None of the below are really required startup processes. You should uninstall any of these that you don't use. Then for others that cannot be simply uninstalled, remove the startup entries so that they do not waste memory and waste CPU processing power.

Uninstall SUPERAntispyware now since we are finished with it.

 

Okay but aren't these better now after you removed all of those startups.

But are you still having these problems after malware removal. If so, it probably is not related to malware. Try shutting down the wireless interface before using the wired connection. Also make sure your cable is good.