Outer info pop-ups!

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis​

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy - only for Windows XP, 2K, & NT users
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Sorry but you have not follow our procedure which I can already tell. Examples of how I know:

• None of the required logs were provided
• CounterSpy is not installed and neither is AVG Antispyware if you could not run CounterSpy
• Spybot my not be installed (cannot quite tell)
• Bitdefender OnlineScan was not run
• PandaActiveScan was not run
• GetRunKey was not run
• ShowNew was not run
• HijackThis is installed improperly
• HijackThis is not renamed
• HijackThis log was posted in line rather than being attached
• HijackThis log was from safe boot mode and it must be from normal boot mode.

 

In fact you say that you have tried everything yet your PC appears to be totally unprotected. You have no antivirus, no antispyware blocking tool, and no real firewall (the Windows XP SP2 firewall is totally inadequate)

 

Yes it will take awhile to complete the READ ME, but when we get finished working with you, your PC will be clean. Make sure you don't skip any steps. Also be sure in step 0 that you work thru the link it gives you for uninstalling malware. OuterInfo will often appear in Add/Remove programs.

 

If you had both installed at the same time, that will make each program work less effective. You must never install multiple antivirus programs at the same time.

 

It does not say install the logs! It says to attach the logs which is covered in the READ & RUN ME instructions.

 

Let's try out a new version of our tools.

Download MGTools.exe to your Desktop.

run the MGTools.exe program by double clicking on it.

• It will create a folder named MGTools in the root folder of the hard disk where Windows is installed ( typically C:\MGTools ).
• It will also automatically extract a bunch of files into this folder.
• It will the automatically start running three batch ( .bat files are batch programs ) programs in that folder.
• It will sequentially run GetRunKey.bat, ShowNew.bat, and GetUnKey.bat. Each of these programs will create logs respectively named runkeys.txt, newfiles.txt and GetUnKey.txt. You will notice a command prompt window open and messages will appear in this window. This window will close when the scans are complete for all Win 2K and XP users. Win 9x and ME users will have to close this window manually but only when the scans complete.
• These log files while be placed in the root folder of your Windows drive. The log file will also automatically be put into a ZIP file name MGlogs.zip which you will be uploading as an attachment to your message in the forum. Unlike older versions of the programs, no popups of the logs will appear when they finish running during this initial installation. At a later time, running any of the individual batch files will still cause the logs to automatically pop up.

Don't forget to attach the MGLogs.zip file to your message in the Malware Forum.

At a later time to get new logs as requested, you can individually run any one of the three batch files by double clicking on them from a Windows Explorer window. Windows Explorer is easily opened by right clicking Start and selecting Explore. The batch file will create a new log and will also update the MGlogs.zip file with each new log created. The person helping you my either request the MGlogs.zip file or the individual logs named runkeys.txt, newfiles.txt and GetUnKey.txt.


Notes: Possible Error Messages

Error Message Type 1

If any of your logs appears to be empty or semi-empty or if you get an error message similar to the below when running any of the three batch files and you are running Windows XP or Windows 2000, follow the steps further down that relate to your OS.

To fix the above error message, choose the download below which is appropriate for your system and extract the files into the default folder which will be either C:\Windows\system32 or C:\Winnt\System32 depending on how you installed windows. Do not extract the below fix files to the MGTools folder as it will not help to fix the problem that way.

• For Windows XP Pro: download and run XPproFix
• For Windows XP Home: download and run XPHomeFix
• For Windows 2000: download and run: W2KFix

Error Message Type 2

• A second possible type of error message that may occur is shown in the quote box below! If you get either of these two messages, perform the Resolution steps given in this: Virtual Device Driver Error Message in 16-Bit MS-DOS Subsystem

Error Message Type 3


The below error message is not a problem and you could see none of these or a few of these. It just means a registry key we are checking for does not exist. The scan will continue after any of these occur.

After attempting to fix Error Types 1 & 2, run batch file again and attach the log.

The skip to step 7 of the READ & RUN ME and follow the instruction for HijackThis and attach a log from HJT.

Also attach the log from CounterSpy or AVG Antispyware that was requested.

 

I'll be here when your ready.

 

Please avoid posting inline logs. Next time just click refresh a few times and see if you can attach the file. Also it sometime helps to empty your browser cache too. Also watch for the non-obvious error messages in the Manage Attachments window.

Uninstall Viewpoint Media Player as requested in step 0 of the READ ME

Now let's run a tool to fix some of your remaining malware.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log ( C:\combofix.txt ) for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT
4. the ComboFix log

Make sure you tell me how things are working now!

 

It's written right in the instructions given. I need all of the logs requested in message # 20.

 

It is still highly recommend that you attach the other three follow up logs that were requested. Specifically this is: GetRunKey, ShowNew, and HijackThis. We really need to make sure that nothing has been left hanging around.

 

It's a good thing I made you attach those followup logs. We still have little more to do.


Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Xwspuh] C:\WINDOWS\W?nSxS\m?config.exe
O4 - HKCU\..\Run: [Widp] "C:\WINDOWS\YMBOLS~1\logonui.exe" -vt ndrv

After clicking Fix, exit HJT.

Now delete the below files:
C:\3D3.tmp
C:\3D5.tmp

Now run Ccleaner!

Now attach a new HijackThis log.

Make sure you tell me how things are working now!

 

You're welcome!

Your log is clean. If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, and the C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
7. If we had you run Avenger, you can delete all files related to Avenger now.
8. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
9. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
10. If you are running Windows XP or Windows ME, do the below:
    • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Are you saying it took you almost 6 weeks to realize that your PC is running slow or is this a new problem that has just started happening? Many reasons for slow PC's are not malware related. Since it has been so long since your last problems were resolved, you really need to run the READ & RUN ME again and then start a new thread which decribes your problems in exact details and also attach the logs.

To answer your question, no we did not delete anything that could cause the problem you are describing. We just remove a PurityScan infection.

 

It was not an inconvience. I was just stating a fact that 6 weeks is a long time to wait to decide your PC is slow and that if you want to find out if your current problems are malware related, run the READ ME and start a new thread to post your logs in.