Need Help Removing Malware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Stormy4757, Aug 23, 2017.

  1. Stormy4757

    Stormy4757 Private E-2

    I am working on a family members computer. They have been experiencing a pop-up on their desktop for about 1.5 weeks. That message is:

    "Failed to connect to the System Event Notification Service service. This problem prevents standard users from logging on to the system."

    I have looked in the MMS Console and everything is running that should be that is related to this. I have tried the following DOS command but it failed also. "netsh winsock reset". I have done extensive research on the internet, but have not been able to find a resolution to this. Also, important to note, I cannot get any programs to run. I cannot get a browser to launch. Everything is slow.

    Here are the specs for this Gateway DX4300-11 computer:

    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: AMD Phenom(tm) II X4 805 Processor, AMD64 Family 16 Model 4 Stepping 2
    Processor Count: 4
    RAM: 8191 Mb
    Graphics Card: NVIDIA GeForce 210, 1024 Mb
    Hard Drives: C: 916 GB (116 GB Free); K: 931 GB (566 GB Free);
    Motherboard: Gateway, RS780
    Antivirus: Kaspersky Total Security, Enabled and Updated

    I have come to the conclusion that the computer has some kind of virus and I am going to need your expertise in removing it. I have run the scans per your "Malware Removal/Cleaning Procedure" guide. Also, please note that these scans were completed in Safe Mode. They would not run otherwise. Attached are the logs except for Hitman Pro. I ran this three times (as Administrator) just to get the log saved and it would act like it was saving to the desktop. Then the program would lock up and I would have to shut it down. I would go look for the Hitman log and it was no where to be found. When looking at the results it found only 3-4 cookies, and a PUP. Please let me know how to proceed.

    Thank you for your help

    Stormy4757
    A+ Certified
     

    Attached Files:

    Stormy4757, Aug 23, 2017
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please remove everything that all three scans found. Reboot and see if you can run the scans in normal mode. If so, attack the new logs. If not, try again in safe mode and attach the new logs.
     
    TimW, Aug 23, 2017
    #2
  3. Stormy4757

    Stormy4757 Private E-2

    Here are the next set of logs from Normal mode.
     

    Attached Files:

    Stormy4757, Aug 24, 2017
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Looking much better. Finish cleaning out what ADWCleaner found and remove the two items in Hitman under "Potential Unwanted Programs"......reboot and tell me how things are running.
     
    TimW, Aug 24, 2017
    #4
  5. Stormy4757

    Stormy4757 Private E-2

    Done! Things appear to be running normally. No more pop-up window.
     
    Stormy4757, Aug 24, 2017
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8 or 10, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. After doing the above, you should work thru the below link:
     
    TimW, Aug 24, 2017
    #6
  7. Stormy4757

    Stormy4757 Private E-2

    I followed your closing steps and everything seems to be running good. Can you recommend any back-up software? I have SpotMau BootSuite 2012 but have noticed that they have not updated their software since. Looking for something similar to this tool.

    Thanks again Tim for all your help! ;)
     
    Stormy4757, Aug 25, 2017
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You should ask in the software forum.....
     
    TimW, Aug 25, 2017
    #8
  9. Stormy4757

    Stormy4757 Private E-2

    Ok, thanks Tim for all your help! I think we can close this thread.
     
    Stormy4757, Aug 26, 2017
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You're welcome.
     
    TimW, Aug 26, 2017
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds