Still Having Trouble After Quarantining Malware

Discussion in 'Malware Help (A Specialist Will Reply)' started by StraddleCreek, May 12, 2015.

  1. StraddleCreek

    StraddleCreek Private E-2

    Hi,
    We are having the following trouble on our computer:
    1. After startup and after the desktop loads, some of the shortcuts on the desktop flash. If those shortcuts are clicked, they duplicate themselves.
    2. If I click the Start button, in the "search programs" field, a lowercase "s" fills it as if someone is holding down the "s" key. This also happens in the search field when Chrome or IE are opened. Usually, holding down the backspace key will stop the "s's" and then remove them so that the search fields can be used. However, today, that did not work. I should also note that it usually, but not always occurs.
    3. Two different times, the computer has itself down and then gives the message that it's "Configuring Windows Updates". Perhaps this is not a problem, except that we have always had our computer set to update only when we shut down, not for it shut down on its own.
    4. Sometimes the computer beeps when we turn it on. Our memory is all good and the beeping does not match any of the beep codes for our computer.

    I ran Malware Bytes and it detected "PUP.azlyrics...." and I quarantined it. The problems continued, so I ran it again and it does not find anything. On researching what to do next, I found this forum. I followed all the steps in the "Read Me". After rebooting (on Sunday), the computer ran fine. On start up yesterday (Monday), all the problems were back and are continuing today.

    The only program that picked up anything was RogueKiller. Per instructions, I did not do anything to try to fix it. I've attached all the logs that I ran on Sunday.

    Thanks for any help!
     

    Attached Files:

    StraddleCreek, May 12, 2015
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs aren't showing any significant malware. I suspect you are having hardware issues, esp. the keyboard. This is a laptop, right?
     
    TimW, May 12, 2015
    #2
  3. StraddleCreek

    StraddleCreek Private E-2

    Yes, it is. It's about 3.5 years old. The hard drive was replaced at the beginning of December.
     
    StraddleCreek, May 12, 2015
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I had a similar problem with phantom writing and it turned out to be a few screws too tight. Perhaps you should pursue this in the hardware forum.

    You can rerun RogueKiller and have it fix this item:
    ¤¤¤ Registry : 9 ¤¤¤
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found

    Then run Hitman and have it remove the one item it found.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now go to the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, May 12, 2015
    #4
  5. StraddleCreek

    StraddleCreek Private E-2

    Thanks for your help. I've just now had the chance to rerun RogueKiller and received a different report from the last scan. I had RogueKiller delete the file you indicated (except now it's not calling it PUP). Can you tell me which other files I should delete now? I've attached the new log.
     

    Attached Files:

    StraddleCreek, May 14, 2015
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Just delete all the entries titled Orphan. Your logs are clean.
     
    TimW, May 14, 2015
    #6
  7. StraddleCreek

    StraddleCreek Private E-2

    Thanks again. I've completed the final steps and will now see what the hardware forum has to say. I really appreciate your advice and direction. Keep up the great work!
     
    StraddleCreek, May 14, 2015
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. Good luck. :)
     
    TimW, May 14, 2015
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds