Read & Run me completed, seems ok but just to be sure

Discussion in 'Malware Help (A Specialist Will Reply)' started by boogieman, Mar 1, 2009.

  1. boogieman

    boogieman Private E-2

    Hi

    The great applause
    Wanna start with a huge thanks for the READ & RUN that seems to have solved my problem that I first thought was only ONE,
    but showed to be NUMEROUS infections (rootkits, trojans and what not).


    The sad story
    1. It all started by ZoneAlarm warning about rdl32.tmp trying to access the internet. Clicked NO and instantly rdl33.tmp wanted to do the same thing...
    Now...something is fishy.

    2. Searched the forum and found a post which led me to mbamsetup.exe, which I downloaded and exectued.
    Nothing seemed to happen whn i tried to to run the file...at first...but after a while some on top window appeared,
    which I thought was mbam so I made a virus search and got loads of virus warnings with scary descriptions on each (that my passwords might have been logged and so on).
    Thought the descriptions were a bit pushy to be a virus prog...

    3. When I pressed CLEAN I got a "do you want to buy?" window and at the same time a BLOB popped up at the windows tray saying something like "anti spyware 2009" - mutiple infections found.
    Then it struck me :-o this wasnt mbam (I know now how it should look :p), this was a really nasty virus, that even had made a webapp to look like a virusscanner,
    just to sell some SHITTY app (that probably just plant more viruses)! I felt like such a fool...

    What I have done
    After finding your excellent helpfile and done all of the requested steps EXACTLY as instructed.
    I got a little confused at point 4, when reading the info for combofox, since a bleeping's site it said "do not run unless asked from forum member", but at your site it said "run all, then post".
    I thought I didn't want to to disturb twice and that your word is the one to follow, so I ran also this one.

    Now it works like this
    Everything seems to run a lot smoother now. No popups and ZA warnings and the files winloggn.exe, rdl3*.tmp, Twex.exe that I first discovered are gone and unregged.
    Plus the huge list of other crap that the software found that I did not have a clue off.
    Anyway, to be sure I will post the logs.
    I realize that if 5 softwares are needed to clean out everthing, theres a big risk that there are some traces left that might make my life miserable another sunday evening ;)

    Think if:
    Someone could merge those 5 programs to one and have them managed by a one click operation. What a blizz that would be :drool
    A big problem is to find relevant apps. There are so many "fakes" that just want to cash in (but work so so or not at all) so your tutorial is really priceless , the best I have seen!

    Attchments
    I Have attatched the logs (3/5 in this post, next 2/5 in next post).


    Best of regards
    Boogieman
     

    Attached Files:

    Last edited: Mar 1, 2009
    boogieman, Mar 1, 2009
    #1
  2. boogieman

    boogieman Private E-2

    and the last 2/5 logs.

    Hoping for a "its all clean" comment :)

    Cheers
    Boogieman
     

    Attached Files:

    boogieman, Mar 1, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You did not allow MGTools to run to completion....nor did you make the license agreement for HJT. Did you get any errors when you ran it? Did it get to the point where it said it was finished?

    Please run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.

    Do you know what this is ....and if not, delete it:
    c:\documents and settings\oh\poffzw.exe

    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    NOw attach the new MGLog.zip
     
    TimW, Mar 3, 2009
    #3
  4. boogieman

    boogieman Private E-2

    Hi

    Something must have gone wrong sinze my C:\MgLogs library was empty (only containted 5 txt files).

    Anyway I ran the MGtools.exe file again and now the log is a lot bigger (attatched) and C:\MgLogs contains the bat-file you mentioned
    .
    Deleted the exe file you mentioned, dont know what it was.

    Thank you very much for the help :)
    Boogieman
     

    Attached Files:

    boogieman, Mar 4, 2009
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs look good.....you still need to remove your old Java versions:
    J2SE Runtime Environment 5.0 Update 10"
    "DisplayName"="J2SE Runtime Environment 5.0 Update 11"
    "DisplayName"="J2SE Runtime Environment 5.0 Update 2"
    "DisplayName"="J2SE Runtime Environment 5.0 Update 4"
    "DisplayName"="J2SE Runtime Environment 5.0 Update 6"
    "DisplayName"="Java(TM) 6 Update 11"
    "DisplayName"="Java(TM) 6 Update 2"
    "DisplayName"="Java(TM) 6 Update 3"
    "DisplayName"="Java(TM) 6 Update 5"
    "DisplayName"="Java(TM) 6 Update 7"
    "DisplayName"="Java(TM) SE Runtime Environment 6 Update 1

    Reboot and download and install:
    Java Runtime 6

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, Mar 6, 2009
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds