StopZilla

Welcome to Major Geeks!

While StopZilla is not something we recommend, it is not malware. It is something you or someone else using the computer just installed on July 19th. If you don't want it on your PC, then you should just uninstall STOPzilla

You also have Spyware Doctor installed. Is this a paid program or just a trial?


Are you currently having any malware problems?

 

There is no link to StopZilla on the page that the link to Defogger sends you to so I don't know what you clicked on.

Ccleaner is not supposed to be used to make changes to the registry. See our instructions which stated only to use the temp files cleaner and nothing else. Ccleaner does not ask you to use Registry Mechanic. You are looking at advertisements again instead of the download link for Ccleaner.

Yes Spyware Doctor and Registry Mechanic are both from PC Tools and neither of them were requested downloads. We asked you to download and installed CCleaner. Download links are under the http://www.majorgeeks.com/images/dll.gif icon which should be fairly obvious.

If you have not already done so, uninstall StopZilla, Spyware Doctor, and Registry Mechanic.

Do you know what the below are for?

O2 - BHO: WtecA - {AE064650-CC28-4f68-BBD3-3D4AC9C8E48C} - C:\Documents and Settings\All Users\Application Data\Microsoft\Machine\Wtec.dll
O2 - BHO: Reserch - {B2249032-6464-466D-A58E-C588F7DBAC22} - C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Credentials\wscr.dll


Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 20

Now install the current version of Sun Java from: Sun Java Runtime Environment

 

Let's check these files out a little. Please locate the below two files and put them into a ZIP file and attach it here:

C:\Documents and Settings\All Users\Application Data\Microsoft\Machine\Wtec.dll
C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Credentials\wscr.dll

 

I don't like what I see in those files. They may be a form of a fake antivirus program. Let's fix these BHOs.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: WtecA - {AE064650-CC28-4f68-BBD3-3D4AC9C8E48C} - C:\Documents and Settings\All Users\Application Data\Microsoft\Machine\Wtec.dll
O2 - BHO: Reserch - {B2249032-6464-466D-A58E-C588F7DBAC22} - C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Credentials\wscr.dll

After clicking Fix, exit HJT.

Now reboot your PC.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

Make sure you tell me how things are working now!


After a couple days, if everything seems to be working OK (like no error messages from your browser or anything else ) then you can delete those two files.

 

You're welcome. Your logs are clean.




If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely!