Malware - Windows Efficiency Manager

I want to see if perhaps you can get anywhere by using Safe Mode with Command Prompt. But before trying to reboot in this mode, you first need to use another PC to download the below two files:

1. Malwarebytes Anti-Malware
2. MGtools.exe

Copying the above two files to the problem PC.

• Now copy the above two files to either a CD or flash drive.
• Put this CD or flash drive into the problem PC and see if you can use Task Manager to copy the files to the root folder of the Windows boot drive which is normally drive C. If you don't have any idea how to do this from Task Manager, try the below methods (I'll give to methods in case the 1st does not work)
  
  • Method 1 to Copy Files
    
    1. Click File, New Task (Run...) and then click the Browse button.
    2. Use the Browse windows to navigate to the CD or flash drive.
    3. Select the MGtools.exe file by clicking on it once so that it is highlighted.
    4. Then press CTRL-C to copy the file.
    5. Then navigate back to the C drive by clicking the My Computer icon in the Browse window. Select the C drive by double clicking on it.
    6. Then press CTRL-P to copy the file to the C drive root folder.
    7. Repeat the for the mbam-setup.exe file.
    
    
  • Method 2 to Copy Files
    
    1. Click File, New Task (Run...) and enter cmd and click OK.
    2. If the above works a command prompt window will open
    3. In the command prompt window type cd C:\ and hit the enter key. This should change the prompt in the window to C:\>
    4. Now you need to know the drive letter of the CD drive or the flash drive that you will be copying from to do the below command. I'm going to assume the drive letter is E and put that in my example command. So enter the below commands followed by the enter key:
       
       • copy E:\MGtools.exe
       • copy E:\mbam-setup.exe
       
       
    5. If the above copy commands work, you should get a response of 1 file copied for each command.
    
    
  
  
• Now reboot the PC by selecting the Shutdown tab in Task Manager and then select Restart to restart the PC.
• and press the F8 key to get to the boot menu.
• In the boot menu, select Safe Mode with Command Prompt
• When the PC boots up, you should eventually get a command prompt Windows to open (assuming everything works OK).
• In the command prompt window, enter the below commands (the commands are in black bold print. Other text are just comments or explanations).
• 
  
  • cd C:\
  • mbam-setup.exe
    
    • this will attempt to install Malwarebytes. At the end of the installation procedure, just uncheck the option to update Malwarebytes but leave the option to Launch the program checked. This should automatically run the program.
    • If it installs and runs, select Perform quickscan
    • when it finishes running, make sure your fix everything it finds and then save a log.
    • Now continue on with the next commands below
    
    
  • mgtools.exe
    
    • wait for MGtools to finish running. When it finishes, the C:\MGlogs.zip file will exist. Now continue on to the next steps below
    
    
  • Now hit CTRL-ALT-DEL to bring up Task Manager and select the Shutdown tab and then select Restart to restart the PC. See if it will boot in normal mode now.
  
  
• If you can log in now and get to a normal Desktop, attach the C:\MGlogs.zip file and the log from Malwarebytes.
• The attempt to run SUPERAntiSpyware and ComboFix per the instructions in the READ & RUN ME and also attach these two logs.

 

I need to see the logs in order to assist you. Where you able to run the two scanners? Do you have the log from running MBAM as well as the C:\MGLogs.zip?

Can you do any of this in safe mode:

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator


You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

1. Rkill.exe
2. Rkill.com
3. Rkill.scr
4. Rkill.pif

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.

If you are having problems running Rkill, you can download iExplore.exe or eXplorer.exe, which are renamed copies of Rkill.com, and try them instead.

* If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run then try to immediately run the following.

Now download and Run exeHelper from Raktor

• Please download exeHelper to your desktop.
• Double-click on exeHelper.com to run the fix.
• A black window should pop up, press any key to close once the fix is completed.
• A log file named log.txt will be created in the directory where you ran exeHelper.com
• Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

If you already have them installed, be sure to update Malwarebytes and SUPERAntiSpyware before the scan!

Now run this: Using Malwarebytes Anti-Malware

Now run this: SUPERAntiSpyware - running & getting a log

Now run this: Using MGtools


Now you need to attach (See: HOW TO: Attach Items To Your Post ) the below logs created while running the above scans

• exeHelper log
• Malwarebytes Anti-Malware log
• MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.