seeking malware removal help

Discussion in 'Malware Help (A Specialist Will Reply)' started by catladynyc, Oct 12, 2013.

  1. catladynyc

    catladynyc Private E-2

    Hi. I have had ongoing problems with my Acer netbook for a long time now. A few months ago, I ran three different antivirus programs and only SuperAnti-Spyware was able to detect a virus, a trojan. But a few months later, my regular anti-virus, Avast, stopped working and my computer won't let me download it again, nor will it let me download any other antivirus or firewall program. So something is preventing it from working. I also can't download the new version of iTunes, flash or other program updates i've tried. I always get errors. Aside from this, the main indication I have that I have some kind of virus is that the sound on my computer is messed up. You can hear it even in the startup sounds. There is always some kind of delay and crackling sound in part of the sound that is supposed to be played. (I hope this makes sense...it's hard to describe.) Last night I ran ComboFIx and came here to seek help understanding the results and what to do next. I followed all of the instructions and ran all of the scans. Please note all scans were done AFTER I ran ComboFix. Please also note, while Avast won't open and I have no icon showing it working on my computer, ComboFix kept telling me Avast was working and that I had to disable it. But I could not disable it since I am unable to open it at all. Thanks SO much, in advance, for your help!
     
    catladynyc, Oct 12, 2013
    #1
  2. catladynyc

    catladynyc Private E-2

    Here are my scan logs. I can only upload 5 so i can't add the combofix one...
     

    Attached Files:

    catladynyc, Oct 12, 2013
    #2
  3. catladynyc

    catladynyc Private E-2

    here is the combofix log. please let me know if you need anything else. again, i really appreciate the help!
     

    Attached Files:

    catladynyc, Oct 12, 2013
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    OK, I am not seeing anything relating to malware. I do want you to delete this though:

    C:\Documents and Settings\ACER\Local Settings\Application Data\Updater26276

    Also... I would like for you to use MSConfig to put this machine back into normal start up mode.

    With regards to the Avast let's uninstall it with Revo Uninstaller.

    Once you have done that, do this so I can see what remains of it if anything: Run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

    Next we will work towards getting you protected again. But do let me review the logs you provide me with/and respond to you before you attempt to install anything else.
     
    Kestrel13!, Oct 13, 2013
    #4
  5. catladynyc

    catladynyc Private E-2

    the registry keys found by roguekiller were not malware? do i need to do anything about them. in any case, thanks and i will do as you said and will report back.
     
    catladynyc, Oct 13, 2013
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    No, do not fix any of the entries RK found.
     
    Kestrel13!, Oct 13, 2013
    #6
  7. catladynyc

    catladynyc Private E-2

    OK, all done. Attached is the requested log.
     

    Attached Files:

    catladynyc, Oct 14, 2013
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    This folder didn't delete, try again:

    C:\Documents and Settings\ACER\Local Settings\Application Data\Updater26276

    Let me know.

    Delete this also.
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\avast! Internet Security (2).lnk

    Now run Ccleaner. Not the reg scanner, just the cleaner itself to be rid of a chunk of temp files.

    At this point, are you able to install antivirus of some kind?
     
    Kestrel13!, Oct 14, 2013
    #8
  9. catladynyc

    catladynyc Private E-2

    I just deleted it manually. Is there some other way I should be doing it?

    I didn't try re-installing Avast because you told me not to do so yet. I can try now.

    I realized from the un-install process that what had not been functioning on my computer was the Avast interface. When I clicked on it it would tell me it didn't have the right configuration. But what I found out from using Revo was that it was actually there and had been working all the time even though I never saw the icon like I used to.

    Anyway, I will do everything you instructed now. Do you need a log from ccleaner?
     
    catladynyc, Oct 14, 2013
    #9
  10. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    No, don't need a ccleaner log.

    Does this folder exist now or not? (Navigate back to where it was and check)
    C:\Documents and Settings\ACER\Local Settings\Application Data\Updater26276
     
    Kestrel13!, Oct 14, 2013
    #10
  11. catladynyc

    catladynyc Private E-2

    sorry, i had deleted the folder's contents but not the folder. gone now.

    also...avast has re-installed! so yay, thanks!!! at least one thing is back working properly now. of course, when the avast lady (before i changed my settings so it would no longer talk to me, which i hate) told me my computer was now protected, her little speech was completely messed up by my computer's audio problem that i believe (because i was told long ago when a similar thing happened and it turned out to be true) is indicative of this virus i can't seem to get rid of...

    so, yes. all these steps are now done. next step?
     
    catladynyc, Oct 14, 2013
    #11
  12. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Next step is final steps if everything is running well. :) Ready for those?


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

    7. After doing the above, you should work thru the below link:
     
    Kestrel13!, Oct 15, 2013
    #12
  13. catladynyc

    catladynyc Private E-2

    hi. everything is really running the same, unfortunately. problem with the sound continues, and computer won't let me install flash or itunes--both programs it has downloaded with no problem in the past. if it's not malware, could it be something else?


    i tried to uninstall hijackthis but i didn't see it on the list. we didn't download it for this, right? so is it something you saw in my logs? how can i get rid of it?

    i r-Renabled Disk Emulation software with Defogger and ran the mg registry file.

    but when i clicked on MGclean.bat i got an error and then the entire contents of the mg tools folder disappeared. is that what was supposed to happen?

    thanks again for your help! not sure if you have any other advice on figuring out what is wrong and/or helping me try to fix it but...i'm open to suggestion! thanks!
     
    catladynyc, Oct 16, 2013
    #13
  14. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    topic for the software forum. :)


    If it doesn't show up in installed programs then don't worry about it.

    Is there anything at all remaining of MGTools or is it all gone? If all gone, despite the error, it must have all been cleared as it should be.
     
    Kestrel13!, Oct 16, 2013
    #14
  15. catladynyc

    catladynyc Private E-2

    it's gone, so i guess we're good. thanks again for your help!

    i'll have to try to find out what else might be at the root of my problems.

    two more questions, though:
    1. so did we not, then, find any malware on my computer after all?
    2. what about the registry items found by roguekiller?
     
    catladynyc, Oct 16, 2013
    #15
  16. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Malware Bytes found a little bit. RogueKiller shows nothing bad.
    I found a little bit also. Nothing major though.
     
    Kestrel13!, Oct 17, 2013
    #16
  17. catladynyc

    catladynyc Private E-2

    ok, well, i really appreciate your help! take care!
     
    catladynyc, Oct 17, 2013
    #17
  18. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You're most welcome. :)
     
    Kestrel13!, Oct 18, 2013
    #18

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds