Messed Up Laptop, Vista Antivirus

Hi there,

A friend's brother had managed to cripple their laptop by not using any form of antivirus or antimalware, and somehow got Vista Antivirus thus making internet browsing near impossible due to redirects etc. I pointed them to use your READ AND RUN ME guide, which they ran to some success. I'm not sure how far they got, or if they ran it correctly, so I followed the steps again and have now obtained the logs. Windows seems to run Ok-ish now, there are several command prompts that appear on login, and searches seem to redirect. So if you could please look through the logs and point out what needs removing so that his laptop can run fine again!

Regards,

Jack

 

Here are the MGTools logs

 

Hello jackyaz.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

RenV::
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\applesyncnotifier .exe
c:\program files\Epson Software\Event Manager\eeventmanager .exe
c:\program files\Google\Quick Search Box\googlequicksearchbox .exe
c:\program files\Windows Live\Family Safety\fsui .exe
c:\program files\Windows Live\Messenger\msnmsgr .exe

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

http://img249.imageshack.us/img249/1218/cfscript1.gif

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze



Go to Add or Remove Programs and uninstall:

• Java(TM) 6 Update 13
• Java(TM) 6 Update 3

Now install the latest version of Java. Updating Sun Java



Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 // MSE 64 bit Download
4-a) Microsoft Security Essentials for Windows XP



Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and logs posted for each one)

* Copy the file path in the below Code box:

Code:

c:\users\Ollie\AppData\Roaming\GabPath\gabpath.exe

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.



Now run the C:\MGtools\GetLogs.bat file by right click on it and select Run As Administrator. Attach the new C:\MGlogs.zip file that will be created along with the new comboFix log.

Also let me know how the computer is running now.

 

Hi there,

Only the two logs as Combofix deleted the file you asked me to scan! Computer seems to be running better, still some popups in Internet Explorer though!!

Regards.

Jack

 

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX Checked until you exit all browser sessions including the one you are reading in right now:

• O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)

After clicking Fix checked, exit HijackThis.



Go to TDSSKiller and Download TDSSKiller.zip to your Desktop

• Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
• Click Start > Run and copy/paste the following bold command into Run box and hit Enter.

"%userprofile%\Desktop\TDSSKiller.exe" -v

• Follow the instructions to type in "delete" when it asks you what to do when if finds something.
• When done, a log file should be created on your C: drive named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply.

Use the Kaspersky Lab Online Scanner

* Read through the requirements and privacy statement and click on Accept button.
* It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
* When the downloads have finished, click on Settings.
* Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

* Spyware, Adware, Dialers, and other potentially dangerous programs
* Archives
* Mail databases

* Click on My Computer under Scan and then put the kettle on!
* Once the scan is complete, it will display the results. Click on View Scan Report.
* You will see a list of infected items there. Click on Save Report As....
* Save this report to a convenient place like your desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
* Attach the report into your next.

 

Sorry for the slow response on this one, my friend has gone back to university for the next couple of months so I am unable to fix his brothers laptop for the time being. I will carry out these instructions when I next get a chance! Thanks for all your brilliant help so far

 

Thanks for letting us know.

After that long you will need to start over with the READ ME and post new logs in a new topic.