No internet access after Shopperz & Trojan Patched.AO

Welcome to Major Geeks!

Please follow the instructions below.

Since you may not be able use your infected computer to download any of the tools we need, please use another computer to perform the download onto a USB flashdrive and then copy them onto the Desktop folder of your infected PC.

If your protection software blocks downloading because it calls these malware then shutdown your protection software because it is mistaken and is just getting in the way.

• MGtools - Recent bugs in many antivirus programs are detecting this as malware. Disable your AV while you download and run MGtools if you have this problem. Rest assured that it is clean. Your AV is incorrect.
  • If you use FireFox and still have it set to defaults, it will not let you choose where to download files to. To change FireFox, run FireFox and Click Tools, Options, and on the Main tab select Always ask me where to save files.
  • Note if you have problems just trying to complete the download of MGtools, it may be due to your browser especially if you are using Chrome or Firefox. See the Using MGtools link for help with these browser issues.
  • Copy MGtools.exe to the Desktop folder of your infected PC.
• Please download FRST from the below link and copy it to the Desktop of your infected PC. Get the correct 32 bit or 64 bot version for your PC.
  • Farbar Recovery Scan Tool and save it to your Desktop.

On the infected PC, perform the below instructions to disable UAC


Disabling User Account Control


For Vista users - to turn off UAC ( UAC = User Account Control )

1. Click Start, and then click Control Panel.
2. In Control Panel, click User Accounts.
3. In the User Accounts window, click User Accounts.
4. In the User Accounts tasks window, click Turn User Account Control on or off.
5. If UAC is currently configured in Admin Approval Mode, the User Account Control message appears. Click Continue.
6. Clear the Use User Account Control (UAC) to help protect your computer check box, and then click OK. If it is already uncheck, then you should also notice a red shield with an X in it located in your system tray. Ignore any mesages about UAC being disabled.
7. Click Restart Now to apply the change right away. (Restart even if you did not make the above change, we need to be sure that a reboot has occurred since the first time that UAC was disabled.)
8. Keep UAC disabled until malware cleanup is complete and you have been given the okay to enable it.

NOTE: DO NOT CONTINUE UNTIL UAC has been disabled and you have rebooted.

For Windows 7 and Win 8 users - to turn off UAC ( UAC = User Account Control )

1. Click Start, and then click Control Panel.
2. In Control Panel, look under System and Security and select Review your computer's status.
3. In the Action Center window, select Change User Account Control settings in the left column
4. Then move the Slider all the way to the bottom to Never Notify
5. Click OK and then Yes to the popup warning that you are turning off UAC
6. If it is already unchecked, then you should also notice a red shield with an X in it located in your system tray. Ignore any mesages about UAC being disabled.
7. Click Restart Now to apply the change right away. (Restart even if you did not make the above change, we need to be sure that a reboot has occurred since the first time that UAC was disabled.)
8. Keep UAC disabled until malware cleanup is complete and you have been given the okay to enable it.

For Windows 10 users - don't worry about UAC. Just remember to use Right Click select Run As Administrator for all the tools.

NOTE: DO NOT CONTINUE UNTIL UAC has been disabled and you have rebooted.


Now run MGtools.exe that shoulby right clicking on it and selection Run As Administrator. If you have any problems running it then see the Using MGtools link for help. It will create a log file named C:\MGlogs.zip and it will also attempt to copy it to your Desktop for easier access.

Now please attach (See: HOW TO: Attach Items To Your Post ) ( Or View: How to Attach Items to Your Posts) the MGlogs.zip file to your next message.

Even if you cannot run MGtools continue with the below FRST instructions.


Note: Make sure you download the proper version ( 32 bit or 64 bit ) for your PC. Only one will run, the correct one. So it you make a mistake and download the wrong one, go back and get the other.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Download this >> fixlist.txt


Save fixlist.txt on your Desktop. Make sure you save it as a txt file.

• You should now have both fixlist.txt and FRST64.exe on your Desktop.
• Run FRST64.exe by right clicking on it and selecting Run As Adminstrator
• Click the Fix button just once and wait.
• Your computer should reboot after the fix runs.
• If it does not reboot then reboot it yourself.
• The tool will make a log on the Desktop (Fixlog.txt) please attach this new log to your next reply (attach or paste)

Be patient while doing the below. The fixes can sometimes take quite awhile to run. Especially the permissions repairs. It may be best to kick it off and goto bed or do something else. It is better not to run anything while the repairs are going on.


Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
• Now select the Start Repairs tab.
• The click the Start button.
• Create a System Restore point if prompted.
• On the next screen, click the Unselect All button to first deselect all repairs.
• Now select the following repair options:
  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Remove Policies Set By Infections
  • Repair Winsock & DNS Cache
  • Repair Proxy Settings
  • Repair Windows Updates
  • Repair MSI (Windows Installer)
• Now on the lower right side check the box to Restart/Shutdown System When Finished
• Then make sure the Restart System radio button is enabled.
• Shutdown any other programs that you are running now before continuing.
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• It should reboot automatically when finished. If it does not then reboot it yourself.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• Fixlog.txt
• C:\MGlogs.zip

Please attach the above two log first before you continue with the below.

Also at this point, I want to double check your status by having you run another scan with FRST like in my last message and attach the new FRST.txt log.


Make sure you tell me how things are working now!

 

You need to attach the full MGlog.zip file with all the logs in it. If you do not have it, perhaps you need to properly run GetLogs.bat first. However per the Fixlog.txt file you attached, you did not run the fix I last gave you. You ran a fix for someone else apparently. Please run the fixlist.txt file I posted for you.

 

SHould be the same as for other files. Perhaps you are not rerunning GetLogs.bat as requested to get a new log! You will not be able to upload MGlogs.zip again unless it has changed/been updated. However maybe we do not need it. This time you ran the correct FRST fix and it looks better now. Is everything still working okay?

 

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
   • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore​
   • For Windows 8 and 8.1 system restore see this link: Win 8 System Restore - How to enable/disable​
   • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
   • Then we want you to Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • 
     How to Protect yourself from malware!

 

Sorry, I fixed this now! It was due to the new forum software not allowing ZIP files or other compressed types! We had not noticed it at this time. But now it is fixed.