Post Malware Issue

Discussion in 'Software' started by rculley1970, Sep 10, 2009.

  1. rculley1970

    rculley1970 Private E-2

    I received help in the Malware forum that help to rid a laptop I am working on of malware. Everything seems to be running great now but I am having a problem with something that I think a virus or trojan horse did. I am unable to delete anti-spyware executables.

    I was originally not able to run any anti-spyware programs after installing them. I was able to clean the machine up partially on my own and finished with the help in the Malware forum. I have old folders from spybot and windows defender and SAS that I cannot delete because a virus changed the programs exe file attributes to read-only, hidden and system but I am unable to remove those attributes. I even went into command prompt and tried to remove the attributes that way as well but I still get the "Access Denied" error.

    Is there any other way that I can remove those attributes so I can finish cleaning up the laptop by deleting those old folders and exe files so I can reinstall the programs into their default folders? I currently have them installed in different folders so I can run the programs. Thanks!
     
    rculley1970, Sep 10, 2009
    #1
  2. plodr

    plodr MajorGeek Super Extraordinaire Moderator Staff Member

    plodr, Sep 10, 2009
    #2
  3. rculley1970

    rculley1970 Private E-2

    The unlocker worked like a charm. But I have a new problem that just cropped up. I started getting the windows update shield in the taskbar indicating an update. It claims i need to update KB890830. After running the update it comes back stating I need to update again. Even going to the windows update site it shows that as an update. I tried downloading and installing the update manually from the desktop in normal and safe mode but it keeps stating that I need to install it when I go to windows update site. I found a thread on another site where someone recommended updating the MRT reg key for "version" and "guid" to see if that works but it didn't for me. The manual update download is 8Mb download but the windows update shows the update as 0kb. Any ideas? I am attaching a hijackthis log file.
     

    Attached Files:

    rculley1970, Sep 15, 2009
    #3
  4. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Hello, rculley1970

    You might try this:
    Windows Installer CleanUp Utility

    My review of your HJT log:

    * A bad entry -Fix!
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    * Questionable entry
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

    *Valid programs but is not required to run on startup.
    O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUP\SUPERAntiSpyware.exe

    # You have a leftover from gameguard in your log with this file that needs removing:
    GameMon.des.exe

    Please run Notepad and copy the following text into a new file:
    Code:
    sc config npggsvc start= disabled
sc stop npggsvc
sc delete npggsvc
    Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Locate remove.bat on the Desktop and double-click on it to run it. Please note any errors encountered.

    Then using Windows Explorer, delete the following file if present:
    GameMon.des.exe

    http://i268.photobucket.com/albums/jj5/drmoriarty/Emoticons/char145.gif
     
    dr.moriarty, Sep 15, 2009
    #4
  5. rculley1970

    rculley1970 Private E-2

    I didn't run the installer cleanup utility since I wasn't sure what programs I would have to reinstall. It is a friends computer and not sure what programs she still has.

    I did fix the R3 URLsearchhook entry

    I uninstalled the Ask toolbar that was the questionable entry

    I disabled "device detector" and SAS to run at startup

    I did find a GameMon.des file in my windows/sys32 folder but not the GameMon.des.exe file. I deleted the file anyways.

    I saved and ran the text file, remove.bat, with no errors at all.

    I rebooted and am still getting the yellow windows update shield for the windows malicious tool remover update that is 0kb. I even get the update available on their update site but nothing happens when I run it. I am including a new HJT log. I only have till friday to get this back to her.

    I really appreciate all the help I have been getting from this site. You guys are wonderful!

    Thanks,

    rculley1970
     

    Attached Files:

    rculley1970, Sep 16, 2009
    #5
  6. thesmokingun

    thesmokingun MajorGeek

    thesmokingun, Sep 17, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds