Malware removal unsuccessful... what next

Discussion in 'Malware Help (A Specialist Will Reply)' started by cleverbeefalo, Dec 4, 2008.

  1. cleverbeefalo

    cleverbeefalo Private E-2

    I came across this forum in search of a fix to a recently acquired virus.

    As an attempt to remove this malware/virus/trojan, I followed the instructions under the faq on removing malware and am still experiencing problems. Specifically, while running firefox, an internet explorer window continuously pops up about every few minutes, give or take. Also, my cpu usage is constantly at 50% or higher, according to task manager.

    While I'm sure there is a way for the problem to be fixed without taking my laptop to a professional, I am not the most computer savvy person and do not know if I have enough experience to fix the problem myself. With that being said, what would be in my best interest? Should I just fork over the money to get my problem fixed, or will it be possible for me, very inexperienced with regards to computer programming and virus removal, to rid my laptop of this malware/trojan/virus.

    My lack of computer lingo may be an indicator as to how inexperienced I am with this sort of problem.

    Here are the logs after running MG Tools, hopefully they may be of some help in solving this problem.
     

    Attached Files:

    cleverbeefalo, Dec 4, 2008
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I also need you to attach these logs:
    Code:
    C:\Users\Zack\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
supera~1.log  Dec  3 2008         818  "SUPERAntiSpyware Scan Log - 12-03-2008 - 15-44-48.log"
supera~2.log  Dec  3 2008         461  "SUPERAntiSpyware Scan Log - 12-03-2008 - 23-05-53.log"

"C:\Users\Zack\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
mbam-l~1.txt  Dec  4 2008        1339  "mbam-log-2008-12-04 (01-55-30).txt"


"C:\"
combofix.txt  Dec  4 2008       17583  "ComboFix.txt"
     
    TimW, Dec 5, 2008
    #2
  3. cleverbeefalo

    cleverbeefalo Private E-2

    Sorry about that.
     

    Attached Files:

    cleverbeefalo, Dec 5, 2008
    #3
  4. cleverbeefalo

    cleverbeefalo Private E-2

    And the last one...
     

    Attached Files:

    cleverbeefalo, Dec 5, 2008
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It appears that the scans took care of most of it...so let's just do this:

    Please disable all anti-virus and anti-spyware programs while we do the following ( be sure to re-enable when we are finished):


    Run C:\MGtools\analyse.exe by double clicking on it. (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Now download The Avenger by Swandog469, and save it to your Desktop.

    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the "Input script here:"
    part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

    Be sure to tell us how things are running.
     
    TimW, Dec 5, 2008
    #5
  6. cleverbeefalo

    cleverbeefalo Private E-2

    It seems like everything is working well. I haven't had any popups the past two days, but I suppose only time will tell.

    I'm not sure where the avenger log is on the computer but I attached what I believe is the new MGtools log.

    Sorry about my inexperience and whatever troubles it may cause. :-/
     

    Attached Files:

    cleverbeefalo, Dec 7, 2008
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The log is here:
    C:\avenger.txt

    I will look at the logs when I can. :)
     
    TimW, Dec 7, 2008
    #7
  8. cleverbeefalo

    cleverbeefalo Private E-2

    And, hopefully, the last you will be hearing of me (at least in regards to malware).

    Thanks again for all your help.:)
     

    Attached Files:

    cleverbeefalo, Dec 8, 2008
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    None of the fixes ran correctly. Did you disable your AV and AS programs?

    Let's try this again:

    Please disable all anti-virus and anti-spyware programs while we do the following ( be sure to re-enable when we are finished):


    Run C:\MGtools\analyse.exe by double clicking on it. (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Let me know if you get a success message. If you don't it did not work.

    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the "Input script here:"
    part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.
     
    TimW, Dec 8, 2008
    #9
  10. cleverbeefalo

    cleverbeefalo Private E-2

    Ok. So I started following your directions and to make sure all AV and AS programs were disabled I uninstalled the extra ones that were downloaded according to the faq and then disabled AVG.

    After doing this, I started to do your next step using mgtools, but none of the specified lines you suggested to check existed, so I went to the next step and created the fixME.reg and merged it into the registry; a success message was displayed.

    Finally I ran the avenger.exe again and inserted the given text into the prompt box. After rebooting the computer my own quick scan over the log, which is mostly mumble jumble to me, said something about how none of the specified folders existed.

    I then ran the getlogs.bat and here are the two requested logs:
     

    Attached Files:

    cleverbeefalo, Dec 8, 2008
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It appears that you did not let the MGTools run to completion. It contains only one log. Please try again by double clicking on the C:\MGtools\GetLogs.bat file and waiting for it to tell you when it is finished.
     
    TimW, Dec 9, 2008
    #11
  12. cleverbeefalo

    cleverbeefalo Private E-2

    Hmm... I am unsure whether or not I closed the program too early, but I ran it again as you suggested.
     

    Attached Files:

    cleverbeefalo, Dec 9, 2008
    #12
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Same results....:(

    You are sure you are double clicking on this file: C:\MGtools\GetLogs.bat?

    What I want you to do is to remove all of it ( C:\MGTools.exe, C:\MGTools folder) and redownload it again after a reboot.....) then be sure to agree to the HJT license and let it run till it tells you to hit any key to close it.
     
    TimW, Dec 10, 2008
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds