Vista Home Basic with Rogue & Fake AV plus malware

axlmastr · Aug 27, 2012

Friend's Dell tower that was purchased as part of a lot in a storage sale. If it's not too bad he would like to use it as there are no recovery disks and I don't have a Vista Home Basic media disk. I followed malware guide for Vista and have posted the following logs. Machine is not currently connected to my network/internet to prevent something major getting to my machines. Once I see some actual removal I'll feel better about connecting this box. I know it's better to connect it to an active internet connection so the scanners can find and trap the more active malware, but I'm not quite ready to go there yet. Thanks in advance

TimW · Aug 28, 2012

I am not finding any malware remaining in your logs. MBAM seems to have removed what little there was. However, I am also not finding any AV program installed. You need to install and Anti-Virus program!!

You also need to use add/remove programs to uninstall:
Java(TM) 6 Update 16

Reboot and install:
Java Runtime 7

Tell me what malware issues you are having, if any.

axlmastr · Sep 1, 2012

Thanks TimW. I uninstalled the Java as requested and installed Java 7. I am running AVG Free on this machine but had it disabled while running scans. This machine is now on the net as I am writing and posting from it. I ran scans again and would like for you to look at the posts. Hitman seemed to find something but I did the ignore as instructed until you say otherwise. I updated everything (Windows update, shockwave, flash, etc.) once I put this machine on the net. I also added ZoneAlarm free as I do on all of my machines and those I support as an added barrier of protection. I did not update or use IE so I do not know its behavior. I use Firefox as primary. The user of this machine will probably use a combination of both.

TimW · Sep 2, 2012

They're no biggies, but you can have Hitman remove those items.

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.

Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
related to MGtools and some other items from our cleaning procedures.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Malware removal from a National Chain = $149
Malware removal from MajorGeeks = $0

axlmastr · Sep 3, 2012

Thanks TimW! All is well with this one. The final steps have been taken and its running like a top :-D I'll be handing this one over to its owner. Thanks again for your expert help :wave

This thread is considered closed.

TimW · Sep 3, 2012

You are quite welcome. Safe surfing.

Log in or Sign up

Vista Home Basic with Rogue & Fake AV plus malware

axlmastr Private E-2

Attached Files:

RKreport[1].txt

mbam-log-2012-08-19 (15-45-46).txt

HitmanPro_20120819_1625.log

TDSSKiller.2.8.6.0_19.08.2012_23.07.32_log.txt

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

axlmastr Private E-2

Attached Files:

mbam-log-2012-09-01 (19-15-11).txt

TDSSKiller.2.8.6.0_01.09.2012_21.12.13_log.txt

RKreport[1].txt

HitmanPro_20120901_2144.log

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

axlmastr Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member