Malware removed but still can't change msconfig....

Discussion in 'Malware Help (A Specialist Will Reply)' started by bigsky78, Feb 26, 2009.

  1. bigsky78

    bigsky78 Private E-2

    Dear Major Geeks,:wave

    Thank you soooo much for the Cleaning Procedure! I have gained a ton of respect for all of you guys and gals who give of your time on this forum! :)

    It took every one of those programs to clean up my XP laptop. I had to download them all to a disk and upload to the laptop because my Firefox isn't loading any webpages.

    I had Virtumonde and Vundo and several others. I think I got those when I tried to download the IE 8. I never could get the IE to install and run. What a waste! :( (Even though I am a Firefox user, I like to have an IE copy to check links.)

    There is still something "fishy" going on.

    1) I was not ever able and still am not able to change the msconfig to "Normal" and I am the Adminstrator. What am I missing here?

    2) When I run Firefox, it still doesn't load the page. My Internet connection is strong because 2 of my other computers are accessing the Internet just fine (one that is wired and the other one has a wireless connection.)

    I uninstalled Firefox and reinstalled using a disk but still is not loading the page.

    Here are my txt files:
     

    Attached Files:

    bigsky78, Feb 26, 2009
    #1
  2. bigsky78

    bigsky78 Private E-2

    Here are my other 3 files:
     

    Attached Files:

    bigsky78, Feb 26, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let's start with this:

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    o If it is not on your Desktop, the below will not work.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

File::
c:\windows\system32\juwotiko.dll

Folder::
C:\Program Files\NoAdware

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the prvevious file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Combo.
     
    TimW, Feb 27, 2009
    #3
  4. bigsky78

    bigsky78 Private E-2

    Hey Tim,
    Attached are your requested files.
    Sue
     

    Attached Files:

    bigsky78, Feb 27, 2009
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What issues are you still having?
     
    TimW, Mar 1, 2009
    #5
  6. bigsky78

    bigsky78 Private E-2

    Tim,
    Still 2 issues left:

    1) I cannot change my msconfig to Normal Startup. When I attempt to change it to Normal per the READ and RUN first instructions, the error message reads: "An Access Denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes." I looked into the account settings and it shows my sign-in name as the "Administrators". :confused

    2) My Firefox loads the first webpage very slowly and takes forever (several minutes) to change pages after loading the first one..... "It doesn't even give me a "timed out" message, just sits there until finally loading the page. (I have two other computers on the same router, one wired and one wireless and they both are loading webpages at the regular speed.....:confused

    Sue
     
    bigsky78, Mar 1, 2009
    #6
  7. bigsky78

    bigsky78 Private E-2

    P.S. After my Firefox browser finally loaded the second webpage, it froze up meaning, I can't enter any new webpage requests and I can't even close the browser. I have to exit out using the Task Manager.

    I have uninstalled and reinstalled Firefox and I get the same problem: slow loading the first two webpages that I request and then freezing up.

    Sue
     
    bigsky78, Mar 1, 2009
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Lets find and delete this:
    C:\WINDOWS\system32\d3d8caps.dat

    Then I want you to run both SAS and MBAM on each user account ( you should not have all users and administrators....)

    Attach the logs with ID's for which account they are if they find malware.
     
    TimW, Mar 2, 2009
    #8
  9. bigsky78

    bigsky78 Private E-2

    Hey Tim,

    I deleted the C:\WINDOWS\system32\d3d8caps.dat file.
    I ran the SAS and MBAM on 2 more user accounts that I hardly ever use, twice a year maybe...and nothing was detected.

    The msconfig issue is due to operator error (me). I was reading the selection incorrectly. I apologize for this. I value your time.

    My last problem is that my Firefox loads a webpage very slowly and takes forever (several minutes) to change pages after selecting a second one.....

    It doesn't even give me a "timed out" message, just sits there until finally loading the page. (I have two other computers on the same router, one wired and one wireless and they both are loading webpages at the regular speed.....

    After my Firefox browser finally loads the second webpage, it freezes up meaning, I can't enter any new webpage requests and I can't even close the browser. I have to exit out using the Task Manager.

    I have uninstalled and reinstalled Firefox and I get the same problem: slow loading the first two webpages that I request and then freezing up.

    I reactivated my McAfee and ran another scan and only one Unknown file came up and it listed the combofix.exe as a Trojan. (If I need to run combofix again, I can reinstall it from my disk.)

    Any ideas?

    Sue
     
    bigsky78, Mar 2, 2009
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    When you uninstalled FF, did you uninstall all related files? Profiles, etc.?

    You may need to pursue this in the software forum.
     
    TimW, Mar 4, 2009
    #10
  11. bigsky78

    bigsky78 Private E-2

    Hey Tim,
    Woo Wooooooo! Thank you so much! I went to a Mozilla support site and the instructions walked me through how to test for a slow loading Firefox browser..... choose "normal mode" when starting up Firefox, check for updates and if that doesn't cause a change, turn off add-ons one by one and it did the trick. I discovered that my McAfee (that I had reactivated after running all the Malware programs) Siteadvisor 2.8 was the culprit. I don't need the Siteadvisor anyway.

    Great guidance and thank you for your patience, Tim, with another clueless one in the world! :)

    Do I need to follow some sort of "exit procedure" after having done all of the READ ME FIRST stuff and loading all of those programs?

    Thanks again,
    Sue
     
    bigsky78, Mar 4, 2009
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes, it is often toolbars and add-ons that are the culprits......If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, Mar 7, 2009
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds