MBS account manager

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis​

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Please follow the directions in step 7 of the READ & RUN ME and rename HijackThis.exe as requested. You have this:

C:\Program Files\hijack\HijackThis.exe

You should have this:

C:\Program Files\hijack\analyse.exe

Not renaming HijackThis can prevent certain forms of malware from even showing in logs! Please fix this now before continuing.

You also did not do step 2 of the READ ME properly. You still have file extensions hidden. Please do step 2 properly now or you may not find things I ask you to delete later.

Why was WinWord running? It should ot be running when getting a HijackThis log. In reality as specified in the READ ME, neither should your Internet Explorer browser. Having a browser open when using HijackThis to fix things can prevent the fixes from working.

Why didn't you attach the log from CounterSpy? If you have it, please attach it. If not, don't worry about it since we are going to uninstall it now.

Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Cleanup\counterspy

Also Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 10

Did you know that you Spyware Doctor version 3.5 is way out of date?

Please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.

C:\WINDOWS\system32\mbssm32.exe
c:\windows\system32\mbsrm32.exe

After killing all the above processes, click Back.
Then please click Scan and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mbssm32] C:\WINDOWS\system32\mbssm32.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\system32\mbsrm32.exe
C:\WINDOWS\system32\mbssm32.exe

Now run Ccleaner.

Now reboot in normal mode

Now attach the below new logs and tell me how the above steps went.

1. ShowNew
2. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

You did not get the below line fixed in HJT:

O4 - HKLM\..\Run: [mbssm32] C:\WINDOWS\system32\mbssm32.exe

Try again. Then reboot and attach a new HJT log!

 

From my instructions in message number 5 did you choose not to fix the below?

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

You don't need this to run at Startup! Quicktime will still work.

You can also fix the below too which will conserve some system resources:
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"


If you are still having problems with being asked for your XP installation CD, you may need to just put it in to see what it needs. Are you sure it said XP installation or was it MS Office?


Your log is clean. If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!