Malware Wont Let me Open MalwareRemoval software

Currently reviewing your logs and will get back to you with a set of instructions as soon as possible.

 

What software were you using from symantec?

You have Spybot Search and Destroy's "Teatimer" feature active which I will need for you to disable otherwise it will hinder the fix.

How to disable Spybot's TeaTimer

Uninstall this outdated java

• Java(TM) 6 Update 16
• Java(TM) 6 Update 7

If you did not deliberately set this proxy yourself then please include it in the HJT fix below:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix exit HJT.

Use windows explorer to find and delete:

• C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}

I suggest you run the AVG Removal Tool

Make sure you also delete any AVG folders in Program Files and Documents & Settings/Application Data directories.

Reboot your machine and install the most current and up to date version of Java available here at the below link:

Java Runtime 6

Now rename combofix.exe to 123.com and try to run it in normal mode. If you have problems, switch to safe mode.

Also delete all files in the below bold folders except ones from the current date (Windows will not let you delete the files from the current day).

• C:\WINDOWS\temp
• C:\Documents and Settings\Dan\Local Settings\TEMP

Go to TDSSKiller and Download TDSSKiller.zip to your Desktop

• Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
• Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor.
• Allow the application to run and a window will open showing that it is TDSSkiller from Kaspersky
• Click Start scan
• It will run rather quickly and will notify you of whether anything is found or not.
• Follow the instructions to delete/quarantine if asks you what to do when if finds something.

Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

I strongly advise you to cleanup your Desktop. Remove eveything but links to run programs. Do not download and save programs here and defintely do not use it for long term storage. You need to keep ComboFix.exe here for now as we need it, but we will be removing it when we are finished with your cleanup. A cluttered Desktop is malware's playground and it can also cause performance degradation especially when you start saving large files here.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

Don't forget to answer my question about symantec.

 

You are currently not using any antivirus and that is a wide open door for nasties to slip by often un-noticed.

Please give the Norton Removal Tool (SymNRT) a run > reboot your machine and then run it again for good measure.

Rename 123.exe back to combofix.exe

Also delete all files in the below folder except ones from the current date (Windows will not let you delete the files from the current day).

• C:\Documents and Settings\Dan\Local Settings\TEMP

Install some antivirus!

Run a full system scan with your anti virus and let me know how things are running after a couple of days.

 

Nothing to be concerned about. Get back to me again tomorrow to let me know how things are running and then I can give you final steps.

 

No, don't delete anything!

Most of what you mentioned are to do with combofix and will be gone when you follow final instructions anyway.

 

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

Any non malware related issues can be worked out in the software forum.