Possible Malware, READ ME seemed to make things worse

xingu · Dec 1, 2009

This morning, my wife's Yahoo email account was hacked, and someone tried sending a bogus "I was mugged, please wire money" message to everyone in her contacts list. I figured it was a spoof, but when we got the PW changed, there were two messages in her Sent box, including the original and a secondary response to a skeptical friend who had written back. To be safe, I had her shut the computer down for the rest of the day until I could get home and try running the READ ME.

Until that point, the computer (a Dell Vostro laptop running XP SP3) appeared to be running fine, with all Windows security updates and standard, up to date protection via AVG Free, Spyware Blaster, Spybot S&D, Windows Firewall. I was paranoid about doing anything before going through the READ ME steps, but did keep the wireless connection on to catch the SAS and other necessary updates prior to running and did not notice any slow response throughout the process.

Several items were picked up - a few related to a Coupon printing program and a few other things I did not recognize. After completing the READ ME steps, the things (especially Internet-related) seem to be locking up - I was unable to update Spyware Blaster, Gmail was taking forever to load and that made me worry even more. Logs are attached.

xingu · Dec 2, 2009

MG logs zip attached.

chaslang · Dec 4, 2009

Welcome to Major Geeks!

You are not having malware problems. Someone may have just figured out the password to your account. Use a more secure password.

You do need to uninstall the below old Sun Java versions:
Java(TM) 6 Update 13
Java(TM) 6 Update 7

Since you are not having malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /uninstall

Notes: The space between the combofix" and the /uninstall, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

xingu · Dec 4, 2009

Thanks very much for the prompt reply. My post-READ ME problems were solved by resetting and reconfiguring my router - just didn't want to bump the thread. I got rid of the old Java versions yesterday, so should be good to go. I was guessing/hoping it was a simple password hack, which has been taken care of - just wanted to be sure there wasn't a keylogger involved. Thanks again!

chaslang · Dec 6, 2009

You're welcome. Surf safely!

Log in or Sign up

Possible Malware, READ ME seemed to make things worse

xingu Private E-2

Attached Files:

SASlog.txt

MBAM-LOG.TXT

ComboFix.txt

RRlog.txt

xingu Private E-2

Attached Files:

MGlogs.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

xingu Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member