This 1 has ME stumped.. MSA/Nordbull (S. Shot incl)

Welcome to Major Geeks!

Please disable TeaTimer:
* Run Spybot and click Mode
* Select Advanced Mode.
* Then click Tools and select Resident.
* Now in the right window pane, uncheck TeaTimer.
* Also while this is open, in the left column now select IE Tweaks
* and then in the right pane make sure all the Miscellaneous locks are unchecked.
* Now quit Spybot!

Now use windows explorer to find and delete:
C:\WINDOWS\system32\fafdbaacbbdbfbaa.dll
C:\WINDOWS\system32\TmpA366796
C:\WINDOWS\system32\TmpA404500
C:\WINDOWS\system32\TmpA440906

Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Please try doing the below:

Download and save the below to your PC (save it anywhere you can find it. The Desktop is fine). Then doube click on it to run it.

AVPFind.bat

It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the c:\avplog.txt file that is will hopefully create as long as the malware does not block the batch file from running.


Now download and Run exeHelper

• Please download exeHelper to your desktop.
• Double-click on exeHelper.com to run the fix.
• A black window should pop up, press any key to close once the fix is completed.
• Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


Also please try running the below online scan:

http://www.superantispyware.com/onlinescan.html

Reboot immediately after scanning if it finds and removes anything. Let me know if anything was found. It does not save a log.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Attach the below logs when finished with all of the above:

• C:\avplog.txt - from AVPfind
• log.txt - from exeHelper
• C:\MGlogs.zip - from MGtools

The C:\ assumes that drive C is you Windows boot drive. If you boot from another drive, then use the correct drive letter above.

 

Good to know...and you are welcome.