spyware, malware and everything else!!

Welcome to Majorgeeks


Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

After these are attached our malware experts will review these to see if your OK, if not they will issue you some further removal instructions, So logs that you will get to attach are:

MGlogs.zip (which has 5 logs inside it, including Hijackthis, just attach the whole Zip )
AVG log. ( Which is the report scan txt file )
Combofix logs.

http://img117.imageshack.us/img117/829/60272555mm4.jpg


plus a guide on how to attach the logs HOW TO: Attach Items To Your Post

 

Your F-Secure antivirus was broken by the Vundo infection. It would actually be best to uninstall it right now and then when we have finished, you will be able to reinstall it. I would not reinstall until we finish cleaning things up because it could just get reinfected during the install.

ComboFix did not run properly. Did you see any error messages? Did you shut down all protection software before running it as was requested?


Okay now we need to use a new tool.

• Download and save to RenV.exe to your Desktop (must be on the Desktop)
• Now Copy the bold text in the below code box to notepad. Save it as Log.txt to your desktop. (It must be on your Desktop).

Code:

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\F-Secure\common\FSM32 .EXE
C:\Program Files\F-Secure\FSGUI\TNBUtil .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\Launch Manager\HotkeyApp .exe
C:\Program Files\Launch Manager\LaunchAp .exe
C:\Program Files\Launch Manager\Wbutton .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\igfxpers .exe
C:\WINDOWS\system32\igfxtray .exe

• Now using your mouse, drag Log.txt onto RenV.exe
• When finished, RenV.exe will produce a new log names Log.txt on your Desktop may or may not ask for this log later.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Is your copy of Spyware Doctor a paid version or free trial? If free, uninstall it now.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 7
Java(TM) 6 Update 3
Mozilla Firefox (2.0.0.7)

Also see if any of the below are still installed an if they are then uninstall them:
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Then install the current version of FireFox from: Mozilla Firefox

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\user\Local Settings\TEMP

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Make sure you tell me how things are working now!

 

You need to complete the rest of my instructions and attach the followup MGlogs.zip file.

What do you mean RenV cannot find the files? Do you mean the Log.txt file or the files that we put in Log.txt?

 

Okay then just continue with the rest of the instructions and attach the followup MGlogs.zip file as requested.

 

You're logs are clean now. You did not tell me how things are working so I will assume everything is okay. If this is the case you should reinstall your F-Secure Antivirus now and then continue on with the below.

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN
   • Now type combofix /u in the runbox and click OK.
   • Note: The space between the X and the /U, it must be there.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
7. If we had you run Avenger, you can delete all files related to Avenger now.
8. If we had you run RenV.exe, you can delete it and the Log.txt file on your Desktop.
9. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
10. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
11. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
12. If you are running Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
13. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Cookies are not problems. Did you do my final steps and did you read and run all of the How to protect yourself thread which explains cookies among other things?

What item was not fixed? You can just delete the below file if it was not removed. You don't need anything in this Temp folder as temp means only temporary.

C:\Documents and Settings\user\Ustawienia lokalne\Temp\mmansmtg.dll


But note that the above folder did not appear in your previous logs. Only the below did?

C:\Documents and Settings\user\Local Settings\Temp

 

Problems with Chrome and other software should be posted in the Software Forum as this forum only deals with malware issues.


If you have malware problems then you need to start a new thread after you have run the full READ & RUN ME FIRST. Malware Removal Guide cleaning procedure and then attach the new logs. This thread is too old to use and is now closed.