Request for help

mjgriffo · Jun 17, 2009

Thanks in advance.

After having some initial problems installing the various scanning software (BSOD's), Root repeal managed to remove the trojan causing the install problems.

After running SAS, then MWB AntiMalware, Combofix ran through until after the restart then BSOD'd with a cause of catchme.sys (pretty sure that's what it said)

After restart again, a new desktop image, and browser defaulting to IE again (rather than Firefox) I have run RootRepeal and MGTools.

log files attached - hoping for some help to remove catchme.sys, and anything else you suggest (wasn't able to get combofix log due to BSOD)

mjgriffo · Jun 17, 2009

Just ran combofix again, and generated a log file this time:

dr.moriarty · Jun 19, 2009

Welcome to MajorGeeks!

I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first.

Thanks for your patience.
dr.m

dr.moriarty · Jun 23, 2009

Hello, mjgriffo

The scanners removed the malware - we just have to get Sun Java updated.

Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and proceed

Java(TM) 6 Update 13
Java(TM) SE Runtime Environment 6
Click to expand...

*Open CCleaner - select "Cleaner" > "Run Cleaner" <---use this function ONLY!

*Now install the latest Sun Java Runtime Environment

Finally - follow these cleanup instructions:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significan amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (=This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combofix folder and the C:\QooBox folders from combofix (if it exists and note that you may need to substitute a different drive letter than C: if you have Windows installed on a different drive.)

Also delete the below two files that are left behind by ComboFix, some scanners falsely detect these as problems which they are not:

C:\WINDOWS\NirCmd.exe

C:\WINDOWS\PEV.exe

If we had you run Avenger, you can delete all files related to Avenger now.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip

If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware

Click to expand...

Safe surfing! http://i268.photobucket.com/albums/jj5/drmoriarty/Emoticons/char145.gif

mjgriffo · Jun 25, 2009

Thanks doc....much appreciated!!:-D

dr.moriarty · Jun 25, 2009

:cool

You're very welcome!

Log in or Sign up

Request for help

mjgriffo Private E-2

Attached Files:

mbam-log-2009-06-17 (20-10-39).txt

MGlogs.zip

rr.txt

SUPERAntiSpyware Scan Log - 06-17-2009 - 20-02-35.log

mjgriffo Private E-2

Attached Files:

ComboFix.txt

dr.moriarty Malware Super Sleuth Staff Member

dr.moriarty Malware Super Sleuth Staff Member

mjgriffo Private E-2

dr.moriarty Malware Super Sleuth Staff Member