Used HD with Old Problems

Discussion in 'Malware Help (A Specialist Will Reply)' started by shagschain, Feb 23, 2010.

  1. shagschain

    shagschain Private E-2

    Quite a few problems going on here. I've read that most, if not all of these are likely virus related, but if I'm off the mark on any of these please feel free to poke me and tell me to head off to a different forum. ;)

    Ran all the way through the 'Read and Run Me First' and have the logs attached here, but am still having problems. Seems like every single scan came up with something new and there are other issues beyond that, so I'm not sure what to do next.

    Here's the details on what's going on:


    Last harddrive crashed (I'm pretty sure it was virus related. A friend's website got hacked, I got infected, and my computer never fully recovered.) So I swiped a harddrive from an old family computer - seems to have quite a few issues though. The computer with said hdd had been purchased used and used heavily by my family (I was rarely on it though so I'm not sure all what was going on with it).

    It's running a bit slowly, not properly, am unable to authorize many processes, despite being set up as an administrative user (ie couldn't run scandisk, couldn't delete other users, etc.). Microsoft Word can't open (which I don't remember being a problem with this hd before I installed it here, but I could be wrong) because it's missing the msointl.dll. (Again, as this was purchased used I might have the installation disk, but I doubt the original certification numbers are with it, but haven't tried that yet anyhow since I know it can be virus related)

    Also apparently have registry errors. Ran the registry cleanup with CCleaner, but when I scan with the Uniblue Registry Booster it finds 700+ issues. Plus, as mentioned above, I'm trying to run harddrive scanners, but the Windows-included one won't run, as it says it can't access the specific Windows files and must be restarted (tried multiple times), and then I downloaded SeaTools to try with that but it won't even install.

    Sigh. At this point I'm almost wondering if it's salvageable. I'm using it - a bit - but just basic internet stuff, as I'm sketchy about doing anything password related and I can't even access Word. I'm only hesitant about replacing the harddrive because, if I can't find the certification numbers for the Office Install disks then I have to repurchase all that as well.

    So I'm hoping maybe someone here will see a bit more hope in the situation and a possible way for me to clean this all out.
     

    Attached Files:

    shagschain, Feb 23, 2010
    #1
  2. shagschain

    shagschain Private E-2

    Last log here
     

    Attached Files:

    shagschain, Feb 23, 2010
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    The scans took care of alot in the way of malware, I see only a little more to do here in this forum. For any remaining software and hardware issues you should visit the appropriate forum.

    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
    Code:
    KILLALL::

DirLook::
c:\windows\V4D238TYBSPYBO16

Folder::
c:\documents and settings\Computer Owner\Application Data\Blitware
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe

      http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Combofix.
     
    Kestrel13!, Feb 24, 2010
    #3
  4. shagschain

    shagschain Private E-2

    Here are the results of those scans.
     

    Attached Files:

    shagschain, Feb 24, 2010
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Looks good, let's just do this:

    Delete the below directories using windows explorer:

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    Kestrel13!, Feb 24, 2010
    #5
  6. shagschain

    shagschain Private E-2

    was unable to find either of these files. After seeing that most of the Blitware was related to DriverFetch I went ahead and uninstalled that program so I figure that might be where the second file went, but still having no luck with the first (and yes, I have hidden files shown) - unless it was also related to that program. Is there a way to make sure it is gone and not just lurking somewhere?

     
    shagschain, Feb 27, 2010
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    c:\windows\V4D238TYBSPYBO16 The directory is empty anyway, so nothing inside of it to do any kind of damage. I cannot explain why it is not there now. If you have not followed final steps yet and you are worried abouyt it I can knock up a quick combofix script to be rid of it?

    Let me know...
     
    Kestrel13!, Feb 27, 2010
    #7
  8. shagschain

    shagschain Private E-2

    As long as I'm trying to clean this thing up I figure I might as well do it as thoroughly as possible. So if it's simple for you to do and you wouldn't mind...?
     
    shagschain, Feb 27, 2010
    #8
  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:
    Code:
    KILLALL::

Folder::
c:\windows\V4D238TYBSPYBO16
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe

      http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Combofix.
     
    Kestrel13!, Mar 1, 2010
    #9
  10. shagschain

    shagschain Private E-2

    I was assuming you didn't really need the logs again, that you had just pasted in a form answer you normally use, but just in case here they are. At this point I'm assuming its safe to just follow the rest of the instructions for clearing everything off in the 'final step'?
     

    Attached Files:

    shagschain, Mar 6, 2010
    #10
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes...you can now follow final steps :)
     
    Kestrel13!, Mar 6, 2010
    #11
  12. shagschain

    shagschain Private E-2

    Great. Thank you for all the input and help. :)
     
    shagschain, Mar 6, 2010
    #12
  13. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You're welcome :)
     
    Kestrel13!, Mar 8, 2010
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds