UAClxboeyrn

Discussion in 'Malware Help (A Specialist Will Reply)' started by Ebmocwen, Apr 30, 2009.

  1. Ebmocwen

    Ebmocwen Private E-2

    Thank you for reading my post. I have a Toshiba Satellite P30 Laptop with a Pentium 4 processor, Windows XP service pack 3.
    I started getting symptoms like computer locking up during start up, some software like Firefox or Windows Media Player crashing every minute or so, and unable to access my external USB hard drives (although they appear to be recognized by the system; they show up in "safely remove hardware", but I don't see them under explorer). Other USB devices do work, like my external DVD drive. I notice now that some programs like Firefox seem to start up (they show up under the "processes" tab in the task manager) but I don't "see" the program ... there is no window open to work in. I have also seen a number of times an error something like "Windows32 generic process" has crashed. Sorry I don't have the exact message, I haven't seen it since I clued in that it might be significant.
    On a routine Windows update, I got a message telling me the "Windows Malicious Software Removal Tool" deleted a trojan. So I ran A-Squared and it found a number of files with names similar to:
    [1184]
    \\?\globalroot\systemroot\system32\UACLxboeyrn
    that it said it couldn't delete.
    Since I had such great success with this forum before, I came straight here and went through the "Read and Run me first" thread and that all seemed to go well. When I got to "Windows XP cleaning procedure" I encountered some problems. I was unable to download combofix, I just got a download box for a few hours saying "unknown time remaining" and nothing happened.
    Super AntiSpyware would not run. I just get a message saying "Super AntiSpyware has encountered a problem and needs to close"
    I still had a version of Anti-Malware on my system, but it would lock up when I tried to uninstall it. When I try to run it nothing happens.
    MGtools was successful and I am attaching the log here ...

    I would be very greatful for any help and advice! Thank you for your time, I know you are all busy! :)

    Ron
     

    Attached Files:

    Ebmocwen, Apr 30, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You will need to tell me exactly what a-squared is reporting. In the meantime:

    I strongly advise you to cleanup your Desktop. Remove eveything but links to run programs. Do not download and save programs here and defintely do not use it for long term storage. You need to keep ComboFix.exe here for now as we need it, but we will be removing it when we are finished with your cleanup. A cluttered Desktop is malware's playground and it can also cause performance degradation especially when you start saving large files here like you are doing.


    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
    Also delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\TEMP
    C:\Documents and Settings\Ronald Newcombe\Local Settings\temp

    Now attempt to run SUPEAntiSpyware, Malwarebytes, and CombFix.

    Now run Ccleaner to clean out only temp files and nothing else!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • C:\avenger.txt
    • the logs from SAS, MBAM, and ComboFix if they ran
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    Last edited by a moderator: May 3, 2009
    TimW, May 3, 2009
    #2
  3. Ebmocwen

    Ebmocwen Private E-2

    TimW thank you for your reply. I think I followed all the steps correctly.
    Avenger seemed to run successfully, but the computer locked up when rebooting. On the next restart, I got an error message:
    "Windows cannot find C:/cleanup.exe. Make sure you typed the name correctly, and then try again."
    Once the computer finished booting, I reopened Avenger and got the log from the file menu.
    SAS gave me the same error message as soon as I clicked run: "SuperAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience."
    I tried renaming it to "SAS.exe" and it installed. It wouldn't run until I used the "alternate start".
    Everything else seemed to work fine.
    Thanks again!
    Ron
     

    Attached Files:

    Ebmocwen, May 6, 2009
    #3
  4. Ebmocwen

    Ebmocwen Private E-2

    Here is the MGlogs.zip file too! (only 4 files per post ... ;))
     

    Attached Files:

    Ebmocwen, May 6, 2009
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am only seeing two things we need to address.

    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:


    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\Avenger.txt
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, May 7, 2009
    #5
  6. Ebmocwen

    Ebmocwen Private E-2

    Here you go. A sincere thanks again for all your help.

    Everything seems to be running great now. The only issue I see is that if I try to browse a memory card in my memory card reader with Explorer it crashes. Don't know if it is related. But I can view all my USB devices now.

    Just out of curiosity, what was the problem?
     

    Attached Files:

    Ebmocwen, May 7, 2009
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You can go to your computer manufacturers web site and download any updated drivers you may need.

    As to the slowness, try one of these:

    Startup Manager

    Startup_CPL

    Your logs are clean, If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, May 11, 2009
    #7
  8. Ebmocwen

    Ebmocwen Private E-2

    Thanks TimW for all your help and to MajorGeeks and this forum. My computer is once again working great and as always there is a ton of useful information all over these forums. I sincerely appreciate the help and you taking the time to provide it.
     
    Ebmocwen, May 13, 2009
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome......go forth and surf. :)
     
    TimW, May 14, 2009
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds