Need help!!!!,Dropper. Agent.dgo :S

ok ive looked through this site so much today, looking at other peoples problems similar too mine, i am dumbfounded at most of it, some of the things you guys say too do dont work for me. Ive done avg, hjt, spyware search and destroy and combofix scans, i still have things popping up on avg, i need things explained in clear and more simple steps of what too do please. Right now avg says i have Dropper. Agent.dgo, i just cant seem to get rid of these things.

Please help, i dont even know how too attach logs to my messages. :S

thanks in advance.

 

Hi emph!
Welcome to MajorGeeks!

Since you've managed to install and run the various scans you mentioned, I see you are capable of running the instructions in the READ & RUN ME FIRST which include some of the scans you've already completed. Please go to the READ & RUN me link and do those steps you haven't done so far. This will include installing and running CCleaner, AVG Antispywre and the MGTools.exe. After you complete these three, you can attach them by returning to this thread and hitting the "Post Reply" button. In the answer window, simply mention that you finished the scans and if this changed any of the symptoms on your computer. Then scroll down to the section just under this box called Additional options where you'll see a button "Manage Attachments". Click on this and use the browse buttons to locate the logs you want to upload, then hit upload. Once they've been uploaded, you can click on "Close this window" and then remember to still click on the Submit Reply button.

You've already done half the work, so it would be a waste to stop now.

After you post the logs to us, we can tell you what needs to be done further.
If you have any questions, ask.

abri

 

oh yeah, i forgot to mention ccleaner as well, but the MGtools does not seem to work, so i think i may have stuffed something up there. It said not to save it to desktop to i just saved it to (c: ) but im not sure what to do really...

ill post the loggs from the other programmes when i run them again..

thanks abri

 

oh and by the way i actually did go through the whole read and run first, but i just didnt totally get some of it, and think i may havnt done it properly.. so i need help with MGtools because i dont understand it or what i exactly do with it.

oh and can you tell me exactly what logs i need to post because i dont think all of those programmes have logs...

 

Hi emph!

Installing the MGTools.exe to C:\ was correct. The MGlogs.zip will be created automatically the first time you allow this .exe file to install. To see if it ran correctly and produced a log, look under C:\ (on the righthand side of Windows Explorer when you click on your C-drive - the files will be at the bottom of the right-hand list, the folders at the top of the list. What you're looking for is a file not a folder.) You should see the superman icon of MGTools.exe and on top of that should be the MGlogs.zip. If you can't find the superman icon directly under C:\ then the tools may not have installed correctly. Are you running XP? If you are running Vista, you may have to disable UAC before you can get them to install. If you find the MGlogs.zip attach it with your next post. If not, try reinstalling it. Let me know either way.

Right, many of the tools don't produce logs. AVG Antispyware sometimes produces a log and sometimes it doesn't. If it gave you one, you can attach that too. The other one we need is Combofix.

abri

 

ok, ok abri i found the superman icon in c:/ and clicked on it, it went through a scan or something, but. At the end of it it said.. "ProcessDll.exe - Application Error.

The application failed to initialize properly (oxc0000135). Click on OK to terminate the application.

so i clicked ok and looked at the MGlogs programme and it said that scanning is complete and my log file is c:\MGlogs.zip

and hitting any key will close the application. So i closed it..

ok, so i found c:/MGlogs.zip and it was a winrar iconso i clicked on it and extracted 4 documents to c:\ (GetUnKey.txt, Hijackthis.log, newfiles.txt and runkeys.txt), so now im dumbfounded! what do i do?

I also have the hijackthis log and the combofix log which i will post once i find out what i have to do with this MGlogs business.

thanks..

 

Hi emph!

What I want is the MGLogs.zip file. You don't need to extract the files that are in it. Please do a reply here and just write something like "here are the logs". Then scroll down to the manage attachments button and find the MGlogs.zip file in your computer (under C:\ ) Click on upload and then submit the attachment. It sounds like it's the right one this time. I don't think the problem is that the tools are not running correctly. I think it's just a matter of getting the right logs attached with your post. We'll get there.

Thanks.
abri

 

ok, the same error came up at the end of it, BUT, the attatchments here are what i think you are looking for. Some of the logs may not be what you are expecting because i have done them before and tried to fix some files..

PS: the log.txt is just the combofix log.

 

Hi emph,

What did you try to fix and how?


1) To begin with, please disable Spybot's TeaTimer. This can be done two ways.
First:

• Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
• If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
• If you have Version 1.4, Click on Exit Spybot S&D Resident

or Second, For Either Version :

• Open Spybot S&D
• Click Mode, choose Advanced Mode
• Go To the bottom of the Vertical Panel on the Left, Click Tools
• then, also in left panel, click Resident shows a red/white shield.
• If your firewall raises a question, say OK
• In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
• OK any prompts.
• Use File, Exit to terminate Spybot

2) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O22 - SharedTaskScheduler: curdler - {bd0fc212-0a36-4232-83cc-2063fb9282e0} - (no file)

Do you know what any of the following three items are? If not, please fix them as well.

O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF74466C-F85A-40CF-8B5B-F23DE27D9691}: NameServer = 203.0.178.191
O24 - Desktop Component 0: (no name) - http://www.ambrosiasw.com/~andrew/funny/noob.jpg

After you click fix, just close hijackthis.


3) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run
Disable/Remove Windows Messenger

4) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

5) Run CCleaner at the default setting with the Windows tab as the one on top.

6) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

what i meant by tried to fix is with the hjt i deleted some files which i wasnt all that sure of what i did..

 

hold on i need to restart computer, everytime i open up a new window i get a thing saying it needs to close and i gotta send an error report

 

ok, when i clicked the traffic lights on avenger, it said error it cannot create a zip file or something, i clicked ok, a new message came up for me saying "error" press OK to log error or click cancel to abort, i clicked OK. Then a new message came up saying Error, Error code: 0, I clicked OK again and a message came up saying step 1 completed, and i should reboot now and i reboted.

Do you have any idea why the errors came up?

 

Are you trying to run Avenger from inside the zip folder? It needs to be extracted to the desktop before you can run it.

abri

 

i am using it from my desktop and when it rebooted my computer and logged back in, my internet explorer isnt working, but i could connect to steam, so my internet connection is fine. ( i am using my parents computer to type this message).

I suspect it is my dns, because ive had this problem before and fixed it, but i jusst forget how too, anyway. Please get back to me asap abri.

thx, emph..

and no i am running the sword icon programme, avenger.exe

 

Hi emph

I will come back to the internet explorer problem. You have some bad drivers and we have to get them out. Since Avenger is not working, let's try this.

Print the below instructions because at a point during them you MUST (this is can be critical) shutdown all browsers. I will tell you when to exit the browsers during the muti-part procedure.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have the below icons on your Desktop (click the link to see what they look like)

http://forums.majorgeeks.com/attachm...1&d=1199242009

• Now refer to the above image and use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from ComboFix.

Make sure you tell me how things are working now!

abri

 

i finally got my net working, yay, ok things are working ok for me at the moment, but!! avg seems to sense someproblems still.

 

well, heres my last combofix log

 

Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip. GetLogs.bat is in the MGTools folder. To run it, doubleclick on it and wait for it to finish. When it's finished, it will tell you to hit any key. The MGlogs.zip can be found directly under C:\ just above the superman icon. When you attach them here, you will know where to look for them.

Tell me if anything is changing or getting better?
abri

 

mg log..

 

I just realised when i went back over this that you said "new log", so here my new one, and btw there are problems occuring to my computer. These problems are..

My computer will just randomly turn off sometimes, it will also turn off sometimes, but it will still be on, but i get the no signal imput on my monitor and i have to turn the powerpoint off and on to get it working again, but i have to leave it for a few minutes or so because if i turn it back on straight away my computer fails to boot and makes a 3 consistant beeps that go on until i turn the power off again..

thanks

 

This sounds like a hardware problem. Your computer might be overheating, but I am not the person to help you with that. Please.start a thread in the Hardware Forum right away to ask about the three beeps. Also this does not mean your malware problems are solved. I'll look through your logs and get back to you.

abri

 

Hi emph!
The three beeps may indicate failing RAM. Be sure to back up things that are important to you before you do any testing.

There's one file I don't know what it is. C:\WINDOWS\666CF04177BE414E9A9D0A227E9B48F8.TMP

Please rename it by adding .zzz after .tmp.

Other than that, your logs show no other signs of malware. Aside from the unexpected shutdowns, are you having any other symptoms of malware? It would be a good idea now to go ahead with the final clean-up instructions. If you need to come back here after visiting Hardware, please do.

abri