Problem with MGTools

Discussion in 'Malware Help (A Specialist Will Reply)' started by Poppi22, Mar 20, 2010.

  1. Poppi22

    Poppi22 Private E-2

    Tried running MGTools. I see a window open for about 20msecs and then nothing more. I can not find an MGLogs.zip file in the folder in the root directory of MGTools.

    Any advice?

    Thanks
     
    Poppi22, Mar 20, 2010
    #1
  2. Poppi22

    Poppi22 Private E-2

    Suspected Malware onboard please help

    Recent odd performance by MS Outlook and some finnicky IE7 behaviour, along with Chase Card Fraud call has me suspecting malware onboard. Files attached, please note: No log from SAS or MGLogs.zip. When run, none were generated.


    MS Outlook opens email on a single click (never did that before) then closes application when a 2nd email is selected.

    IE7 seems to have a little "hitch" when it is opened. Never noticed that before. These both occur in my non-administrative user.

    Thanks
     

    Attached Files:

    Poppi22, Mar 20, 2010
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please answer the below questions:
    1. Are you running our READ & RUN ME cleaning procedure?
    2. What version of Windows are you running (include the Service Pack level too)?
    3. Also what protection software is running?
    4. Do you see the C:\MGtools folder? (assuming C is you Windows boot drive)
    Note: MGlogs.zip will not be in the MGtools folder. As stated in the procedure, it is in the root folder of the Windows boot drive which would normally mean you would have C:\MGlogs.zip when it runs properly.
     
    chaslang, Mar 20, 2010
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay, I just saw you have another thread with other logs and are apparently running the cleaning procedure. Please stay in one thread. Your two threads were merged into one.

    Seeing your other logs also answers question # 2 and part of # 3.

    SAS always generates a log whether anything is found or not. Same goes for MBAM.

    The logs you have attached thus far show no problems but we need a complete MGlogs.zip file to continue. Since you have Win XP, try the below.

    Run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\MGlogs.zip
     
    Last edited: Mar 20, 2010
    chaslang, Mar 20, 2010
    #4
  5. Poppi22

    Poppi22 Private E-2

    Sorry for the 2 posts. MGLogs.zip attached. I found it in the root, thought it was going to be in the created floder.

    Re: SAS, there was no log generated from my scan as part of this cleanup procedure IAW your posted standing instructions. Not sure what the problem is with that.

    Thanks for your quick response.
     

    Attached Files:

    Poppi22, Mar 20, 2010
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    According to your logs, the last time it was fully run was March 13, 2010. Below is the location of and logs from previous scans.
    Code:
    "C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
Feb 20 2010     3410  "SUPERAntiSpyware Scan Log - 02-20-2010 - 07-12-14.log"
Mar 13 2010     4953  "SUPERAntiSpyware Scan Log - 03-13-2010 - 07-27-07.log"
Jan  9 2010    13343  "SUPERAntiSpyware Scan Log - 01-09-2010 - 07-32-31.log"
Jan 16 2010     3093  "SUPERAntiSpyware Scan Log - 01-16-2010 - 06-11-46.log"
Jan 30 2010     7186  "SUPERAntiSpyware Scan Log - 01-30-2010 - 06-30-04.log"
Feb 13 2010     3033  "SUPERAntiSpyware Scan Log - 02-13-2010 - 07-35-35.log"
    If you ran a scan after March 13th, it must not have properly finished otherwise there would be a log even if nothing is found. However, all of the logs you have attached thus far are clean so it likely does not matter since a current SAS log may also be clean. It would be interesting to see what was found on March 13th. Was it just cookies? Attach that log.
     
    chaslang, Mar 21, 2010
    #6
  7. Poppi22

    Poppi22 Private E-2

    Yes, it was run on 3-13. That file is attached. Additionally as part of Majorgeeks recommended cleaning before submitting files a complete scan was run on 3-20 and no log was generated (I do believe it said nothing was found as well). I tried a quick scan today to see if a log would be generated, none was generated and again feedback was nothing found.

    I understand that a log is generated every time a scan is run and that checkbox has been verified checked (for the logs). It has always generated logs in the past, so I am not sure why now it does not.

    Thanks for your support and attention.
     

    Attached Files:

    Poppi22, Mar 21, 2010
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Perhaps you have unchecked the option to save empty/clean logs. The default options should be like below:

    saslogs.jpg

    Your previous log just showed cookies which you really don't need to scan for. Our procedure even stated to disable looking for cookies since they are not problems.

    Since your logs were clean, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Mar 21, 2010
    #8
  9. Poppi22

    Poppi22 Private E-2

    You are correct, the check on the empty/clean logs option was unchecked. Sorry about that but thanks for your assistance. I was a little paranoid after the CC Fraud alert from Chase. They cancelled my card as a result.

    Thanks again for your support.
     
    Poppi22, Mar 21, 2010
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Mar 23, 2010
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds