mom's computer

Discussion in 'Malware Help (A Specialist Will Reply)' started by vini_i, Jul 25, 2013.

  1. vini_i

    vini_i Private E-2

    my mom gets her work schedule emailed it to her as an excel file. this all started when both internet explorer and google chrome would flag the download at a virus and delete it. i found that all downloads were flagged this way. i found a work around by disabling the Microsoft attachment manager which allowed me to download files again. i then uninstalled AVG virus scan using their removal tool and switched to microsoft security essentials. i later found that the windows firewall is not running and that the service cannot be started.

    after completing all of the instructions in this forum downloading works normally gain but the windows firewall service still won't start. i have re enabled the microsoft attachment manager and that works normally.

    all of the requested logs are attached and all of the programs ran normally.
     

    Attached Files:

    vini_i, Jul 25, 2013
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Clean out your recycle bin and then re-run Hitman and attach the new log. We may need to send you to the software forum for additional assistance.
     
    TimW, Jul 25, 2013
    #2
  3. vini_i

    vini_i Private E-2

    the recycling bin was already empty
    here is the new hit man log
     

    Attached Files:

    vini_i, Jul 25, 2013
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Rerun Hitman and have it delete these item:
    Code:
    Malware remnants ____________________________________________________________

   C:\$RECYCLE.BIN\S-1-5-18\$b61a9cbf1a6e3ea0475eeb852f83b31b\L\ (ZeroAccess)
   C:\$RECYCLE.BIN\S-1-5-18\$b61a9cbf1a6e3ea0475eeb852f83b31b\U\ (ZeroAccess)
    Reboot and rescan with Hitman and attach the log.
     
    TimW, Jul 25, 2013
    #4
  5. vini_i

    vini_i Private E-2

    i deleted the files and here is the new log
     

    Attached Files:

    vini_i, Jul 25, 2013
    #5
  6. vini_i

    vini_i Private E-2

    thanks for the help. i found the fix for my problem.
    i found that there were a bunch of registry keys missing that relate to the firewall. i exported the whole directory from my computer and patched the registry. the firewall started right up.

    the missing keys were in
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
     
    Last edited: Jul 25, 2013
    vini_i, Jul 25, 2013
    #6
  7. vini_i

    vini_i Private E-2

    here are the exported registry keys that fixed my moms computer
     

    Attached Files:

    vini_i, Jul 25, 2013
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix
      (This uninstall will only work as written if you       installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK.

        Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows
          defaults.

    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and
      deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any
      others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the
      C:\MGtools\enableUAC.reg       file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file
      to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush
        your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:


    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0
     
    TimW, Jul 26, 2013
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds