Ran cleaning procedure for XP

Discussion in 'Malware Help (A Specialist Will Reply)' started by epicfail13, Oct 11, 2009.

  1. epicfail13

    epicfail13 Private E-2

    My aunt's computer doesn't have any noticeable problems, but I suspect most computers to be infected with something, and my first scans found things, so I came here again to run the Read Me Run Me list.

    Let me know if I missed a step, I'll go back and do it as soon as I can.
     

    Attached Files:

    epicfail13, Oct 11, 2009
    #1
  2. epicfail13

    epicfail13 Private E-2

    And posting MG tools log because it's one more file than the attachments allow...
     

    Attached Files:

    epicfail13, Oct 11, 2009
    #2
  3. epicfail13

    epicfail13 Private E-2

    :tired I could have sworn I changed to Normal Start up mode. :banghead

    So, I'm starting over with the scan from SuperAntiSpyware unless someone tells me it's unnecessary. I have today off, and should be home most of the day. My aunt is a school teacher, she wants her computer back, and she may take it whether I'm done with it or not at which point it will be about an hour away and unavailable for two weeks. When I first started with her computer, I ran Spybot Search and Destroy first found and said it removed a Virtumonde.sci infection; at which point I ran SuperAntiSpyware and Malwarebytes, then came here. I have not removed those first logs in case someone wanted to see them.
     
    epicfail13, Oct 15, 2009
    #3
  4. epicfail13

    epicfail13 Private E-2

    New logs, don't know if you need them.
     

    Attached Files:

    epicfail13, Oct 15, 2009
    #4
  5. epicfail13

    epicfail13 Private E-2

    MG tools
     

    Attached Files:

    epicfail13, Oct 15, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs are clean. You just have a left over BHO from MS Money to fix.


    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    After clicking Fix, exit HJT.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Oct 18, 2009
    #6
  7. epicfail13

    epicfail13 Private E-2

    I apologize for the long delay; my aunt took her computer back, and I don't know when I'll see it again. I'm relieved that there's no infection left. I installed Comodo Firewall and hid ComboFix and RootRepeal so they'd be out of her way but still there when I get access again. As long as this thread still exists, I'll finish the clean up as soon as I can.
     
    epicfail13, Oct 29, 2009
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Oct 31, 2009
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds