"Read & Run Me First" but still have problems

Cleaning Computer of Viruses via Malware Removal Guide

My Computer is: Dell Dimension 4600i Desktop 32 bit Windows XP SP3 (Home Edition)
2.5 GB Ram 70 GB HD drive 3.00 Ghz Pentium

Prior to 4/1/2009: I noticed there were times I could move the cursor with the mouse, but I could not click on anything. Then the screen would go black for a second or 2, and then the cursor would function again. At this time, I had an outdated Norton Anti-virus software and was trying to find something better. Your site helped with this!

4/1/2009: My computer was hit by the April fool’s virus, and it was excruciatingly slow for approximately 4+ weeks. After trying to use it a number of times, I just stopped using it. At some point later in time with no help from me, I powered up the computer, and it just started working.

During this time I researched how to clean my computer of viruses on the internet via public computers (the library) and attempted to clean my computer while it was slow. It didn’t seem to do much good. I found multiple sites/procedures for cleaning computers of malware. I attempted some of these procedures but they weren’t well explained. I finally found your site (MajorGeeks.com). The procedures seemed more understandable because it was stated in a more step-by-step manor. What I didn’t know how to do I could look it up on the net (e.g. how to get in and out of “Safe” and “Normal” modes.).

I printed out all your guides/ procedures that related to malware/cleaning my computer since I couldn’t refer to them on line because the computer was so slow. I did part or all items in the procedures ( 6/2009 – I don’t remember now) but was not able to send off the malware logs due to extenuating circumstances. There were problems when I ran Combofix. The then malware guide did help me delete (via add/delete) a lot of malware.

I did add the following anti-malware sw (all freeware) to my computer: (AVG AntiVirus, CCleaner, Spybot (with Teatimer turned off), Super Anti-Spyware, PC Tools Firewall) I did use Malwarebyte Anti-Malware (freeware). I don’t know if it continued to run after I used it once. I don’t know if AVG Anti-Virus also installed AVG Anti-Spyware as well.

While running the anti-malware sw, I noticed some files scrolling by with the name Virtumonde ( possibly Spybot) though the results from some of the anti-malware sw came back “No infections”.

6/2010: Recently, my email had been hacked – with everyone in the address book sent a blank email. I have since started the malware cleaning process again and have reprinted all your malware guides from MajorGeeks.

I cannot uninstall McAfee Security Scan—even when logged in as Administrator.

First and foremost, I very much appreciate that you have these guides available for all to use. They are a life saver!

What follows are my notes/ some of my mistakes while trying to follow this/these procedures. Printing out all these procedures resulted in well over 100 pages to read/ keep track of. I felt more secure having it all on paper due to past computer problems.

In the Windows XP Cleaning Procedure in the section (1) for downloading the Anti-Malware SW (Super-AntiSpyware, MalwareBytes Anti-Malware, and the rest— I only used the freeware versions of this software ), I downloaded the software someplace I could find them easily for installation. In Step 2 ( Installing and Running) even though I consider myself good at following directions, it appeared that I needed to reinstall/ move some files to the correct locations. So I moved/re-downloaded them at that time. MGTools download was deleted. I had to download that software again.

AVG AntiVirus and PC Tools firewall were disabled prior to running Combofix. Teatimer on Spybot was already disabled. I did not disable SuperAntiSpyware (freeware) or any other sw. It appeared that AVG was doing a scan during the run of one of the AntiMalware SW even though it had been disabled. Is that supposed to happen??? Is that good to happen when running AntiMalware SW??? I don’t think I have AVG AntiSpyware. I think I’ve become the poster child of how to do this anti-malware procedure wrong.

I have an external 250 GB hard drive (F-drive) that has been used to backup my current hard drive in the past and to backup a hard drive for an old computer. It has Norton AntiVirus files/ sw from a bygone time.

Power was turned OFF on the F-drive while the Anti-Malware programs ran on my computer.

RootRepeal was going on 10hrs+ when I stppped it. If appeared as if every file on the F-drive had an error status. The computer screen sometimes goes black after long periods of use which is why I stopped RootRepeal. I didn’t know where the log file would be stored and didn’t want it to be lost/non-existent. The scan on the F-drive appeared (to me) not useful since it appeared to list every file with a comment/error possibly due to the fact that the F-drive had the power OFF. I thought the <Save Report> function would be available for use once RootRepeal was stopped. Since it did not become available, I did a PrintScreen of what I thought was most important from the RootRepeal log file into a .doc file to send to you. It included all the C-drive comments/errors and a sample of the F-drive comments.

I’m guessing the power probably should have been ON for the F-drive for the anti-malware sw??

I continued on with the anti-malware sw with the power OFF on the F-drive for consistency.

If I need to redo all the anti-malware scans with the F-drive powered on, please let me know.

Through out the use to the anti-malware sw, the computer has been connected to the internet unless the sw itself disconnected the computer from the internet.

I assume at the end of Step 3 of the Windows XP Cleaning Procedure, I should Enable the AntiVirus sw, the SW Firewall, the AntiSpyware SW, CD Emulation programs and hide unhidden files or should I leave it unprotected until I hear further notice from you??? I did Enable the disabled sw since I wanted use the computer before you got back to me.

Can you tell me if any of the Anti-malware sw (software) (i.e. Spybot, Super-AntiSpyware, or others) resident on my computer ever get updated when the SW Firewall (PC Tools) is ON??? At this point, I only have freeware Anti-malware sw on my system.

I know AVG AntiVirus will ask to be updated, and I’m guessing the SW Firewall (PC Tools) will update itself.

After I stopped RootRepeal, I had to leave, and I shut the computer down.

When I powered the computer back up,CHKDSK ran on F-drive. It looked like it was in SAFE mode, but later when I looked at it again, it looked like it was in NORMAL mode.

I ran MGTool.exe. Messages flew across the screen. At one point, a statement came up that stated that if any key was pressed it would end the program ( I believe). The next statement stated “Press any key to continue “. I waited awhile expecting the program to continue. It did not. So I pressed a key, and the window closed. It appeared that MGTool had ended. The statements seemed contradictory, and I didn’t know what to do.

I have several problems/ concerns:
1. Is the April Fool’s virus gone or just laying dormant?
2. How to fix the cursor problem ( it can move but does not always select until the screen goes black for a second or 2)? This is still a problem.
3. How to remove the McAfee Security Scan? It probably came with Adobe Flash update which did not install at all. I have tried to remove it via Control Panel and the Start menu while in the Administrator account.
4. Based on your guide How to Protect Yourself from Malware
I will make the following changes hopefully soon:

AVG AntiVirus to AntiVir Personal Edition (Is this a good to do?)
PC Tools Firewall to Comodo Personal Firewall (without the antivirus)(Is this good todo?)
Have CCleaner already
Upgrade to the Paid SUPERAntiSpyware
Have Spybot with TeaTimer disabled
ADD SpyWare Blaster with all protection enabled

5. How to remove Virtumonde if I have it? I do have popup blocker that shows itself at the top of a web page when a popup occurs.
6. Should I rerun Windows XP Cleaning with F-drive Power ON?
7. How to get rid of a 2 inch x 5 inch (approximate) popup(?) that appears in the lower right hand corner and has celebrity news on it? I’m sorry I did not note a name for it, and it has not appeared since the malware cleaning. So it may be gone.
8. Yes, powering up is slow. I do not know which programs NOT to load at Startup.


Sorry for being so verbose—just trying to be thorough – mistakes and all! Thank you for any and all help.

 

The logs - the purpose for this post in the first place.

There is a problem. For the Rootrepeal log, I couldn't cut and paste it to a .doc file. I had to do a print screen to a .doc file. The file is 374 KB which is larger than the 97 kb max for an attachment to this forum.

I've tried copying it to a wordpad or notepad. It either did not work or the file size became even larger.

Any suggestions?

 

Rootrepeal log - I typed to a .txt the unique and the repetitive info from the .doc file. I'm sure the F-drive needs to be cleaned among other things.

Thanking you in advance

 

Here are the 2 logs. Last time, I don't recall NOT agreeing to the license, and this time, I don't recall Agreeing to the license. So, I hope the MGTools ran correctly this time.

At some point in the future, will I have to run these test with the F-drive powered ON?

Thank you for all your help.

 

Thank you for all your help!

Looks like Revo removed McAfee Security Scan.

I still have the cursor problem/ the screen going black.

I have some questions. I'm not trying to give anyone a hard time. I know how to use a computer, but not how to fix one. When I see contradictions I'm not sure what to do.

[*]We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

1. The How to Protect Yourself from Malware guide says to use only one real time blocker. Is it ok to run both Superantispyware and malware bytes anti-malware (the paid versions of both ) long term?

2. Do I have Virtumonde?

 

Thank you for all your answers and help.

I was guessing that there are no McAfee Security Scan remnants since the files and/or folders that would needed to be deleted in Safe mode were not there.

I still have a problem...

How do I fix the cursor problem ( it can move but does not always select until the screen goes black for a second or 2)?

 

Thank you for ALL your help. I also had an email virus(?) in my yahoo account which instigated this round of malware removal. Blank emails were sent out to everyone in my Contact list. Would that be something that is resident in my computer? Did this round of malware removal remove the email virus?