Malware removal

Discussion in 'Malware Help (A Specialist Will Reply)' started by aabillthecat1, Mar 24, 2015.

  1. aabillthecat1

    aabillthecat1 Private E-2

    My wife's computer seems completely f**ed. Started with endless pop-ups, redirects, dropping the internet. I've done the malware removal process. Couple of things. MBAB did not give me an option to save a log. It apparently DID quarantine a bunch of stuff. Second, MGTools seemed to be denied excess many times. I'm running Win8, should I have tried to disable UAC? Also the MGzip log is in the MGTools folder. I'm going to attach it with the other logs I WAS able to get. But later in the instructions you say not to attach that log but one out of the MG.exe. I'm confused. Can't find the TDS log.
     

    Attached Files:

    aabillthecat1, Mar 24, 2015
    #1
  2. aabillthecat1

    aabillthecat1 Private E-2

    also she's got a bunch of crazy sounding folders on her drive called: doeal4ReAll, easitOshoop, Flexible SHoppeir, PriceDownloader, SSAVEEnron, StickyNotes Just popped up, and Supplement Pro. WTF?
     
    aabillthecat1, Mar 24, 2015
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The instructions did state that you needed to disable UAC before running the scans.

    However, do this:

    Use add/remove programs to uninstall:
    SupplementPro

    Rerun Hitman and have it fix all it found.

    Then rerun RogueKiller and have it fix these items:
    Code:
    ¤¤¤ Registry : 11 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} (C:\Program Files (x86)\Browser Good\bin\feff35ba2139454fbd8ebc1ab8b3774d64.dll) -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -> Found
    Reboot and Download OTM by Old Timer and save it to your Desktop.




    Code:
    :Processes
explorer.exe

:files
C:\Program Files (x86)\doeoal4ReAll
C:\Program Files (x86)\eaSyitOshoop
C:\Program Files (x86)\FlexibleSHoppeir
C:\Program Files (x86)\predm
C:\Program Files (x86)\PrriceDownlooaderr
C:\Program Files (x86)\ssAvErron
C:\Program Files (x86)\SupplementPro

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.


    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator)

    Attach the new C:\MGLogs.zip
     
    TimW, Mar 24, 2015
    #3
  4. aabillthecat1

    aabillthecat1 Private E-2

    Thank you again for your quick reply. Two things right off the bat. Could you send future replies regarding this issue to conniemccord0108@gmail.com? This would be my wife's address. She doesn't have access to my e-mail address on her computer. If not, no biggie. I forwarded your initial response to her from my computer. Second thing is I went to add/remove programs to uninstall SupplementPro. Got this message "There was a problem C:\prog\supple-l\supple-dll specified module could not be found"
     
    aabillthecat1, Mar 24, 2015
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The replies are automatic, you would have to change your email address in the user Control panel.

    Did you do the rest of the fix?
     
    TimW, Mar 24, 2015
    #5
  6. aabillthecat1

    aabillthecat1 Private E-2

    Should I proceed w/o being able to uninstall Supplement Pro? Or just wait until you get back to me? No rush, just back from work, so have until tomorrow morning off. thanks again. Bill
     
    aabillthecat1, Mar 24, 2015
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you cant uninstall it, just carry on with the rest of it.
     
    TimW, Mar 24, 2015
    #7
  8. aabillthecat1

    aabillthecat1 Private E-2

    Hello Tim, sorry it took me awhile to get back to you. Been wicked busy. I ran the last set of instructions. Logs are attached. Thank you, Bill

    P.S. I ran the MGtools getlogs.bat as instructed. It doesn't look like it created a new zip file that is different from yesterday's. If it did, I can't find it.
     

    Attached Files:

    aabillthecat1, Mar 25, 2015
    #8
  9. aabillthecat1

    aabillthecat1 Private E-2

    I've got to run. May not be able to respond to any new instructions until tonight. Thanks again, Bill
     
    aabillthecat1, Mar 25, 2015
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What issues are you still having?
     
    TimW, Mar 25, 2015
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds