Nar.vbs

Welcome to Major Geeks!

The very first instructions in the READ & RUN ME specify that you must only have one antivirus installed. You have Avast and Bitdefender installed. You must unintall one of these immediately before continuing.

Note that all writeable removable media that has been plugged into this PC is most likely infected. Also any PCs that this removable media has been plugged into are also likely infected.

You need to put your PC into Normal Startup mode with MSconfig as was requested in step 1 of the READ & RUN ME.


Uninstall the below old versions of software:
Java(TM) SE Runtime Environment 6

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - AppInit_DLLs: kus109.dat

NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.
After clicking Fix, exit HJT.

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

You need to look for any of the below files on all hard disks and removable drives and delete these files if found.
Autorun.inf
bdod.bin
nar.vbs
auto.exe
d.com
autorun.exe
Install FreeAgent Tools.exe


Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Please finish the procedure and only attach the logs that I asked for.

 

Because you did not follow the instructions given. You need to do the below as requested to get a new log:

Hoiwever before getting a new MGlogs.zip file, you did not run combofix like the procedure requested. You were supposed to create the CFScript.txt file and drag it on top of the ComboFix.exe file on your Desktop. What you did was just run ComboFix which does not apply the fix.

 

Then it is still the same log. Delete the current MGlogs.zip file that you have right now. Make sure you still have UAC disabled as requested in the READ & RUN ME. If it is not disabled, you must disable it and then reboot. And then run C:\MGtools\GetLogs.bat and make sure you let it finish running. Then attach the new C:\MGlogs.zip file.