win32.agent

Discussion in 'Malware Help (A Specialist Will Reply)' started by toperchal, Nov 22, 2008.

  1. toperchal

    toperchal Private E-2

    Neither my spybot nor superantispyware will complete the scan without shutting down the computer. I have tried to download your .exe file for winME but it keeps giving me the error "for win NT only". I have done ccleaner and made sure the hidden files are not hidden. I am at my wits end.
     
    toperchal, Nov 22, 2008
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi and Welcome

    I just have to double check that you are using the specific Read Me Removal Instructions for WinME? in this one Windows 98 and ME Cleaning Procedure as the files listed work with WinME PCs, cannot comment on what file is giving the error as you dont mention it but if its the MGTools.exe then their is a specific download for that one listed in the Win 98/ME guide.

    See if that helps if not post back, but if you can run the MGTools file and gain those scans and attach the zip file it creates they will help, even if the other two mentioned scans shut your PC down while scanning, did you try running them in Safe Mode?
     
    DavidGP, Nov 23, 2008
    #2
  3. toperchal

    toperchal Private E-2

    Going to the specific .exe file helped (what a dummy I am). It unzipped just fine. I will try the spybot and superantivirus each in safe mode and see what happens. Is that my next step? If the computer shuts down during one or both of those tries I will post back.
     
    toperchal, Nov 23, 2008
    #3
  4. toperchal

    toperchal Private E-2

    ok. spybot nor superantivirus completed in safe mode. spybot found some malware (adware) but the computer shut down before the scanning was done so I could not fix it. I have attached mglog, so I hope it provides you helpful info. I am open and willing for any help.
     

    Attached Files:

    toperchal, Nov 23, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not attach the log from it.

    Did you setup your start page to be about:blank ?

    First you must disable Spybot's Teatimer as we requested in the READ & RUN ME. See this: How to disable Spybot's TeaTimer


    Start by downloading a tool we will need - Pocket KillBox

    Save it to its own folder somewhere that you will be able to locate it later.

    Run HijackThis (Note: if using Vista, use right click and select Run As Administrator). (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O1 - Hosts: 207.44.236.200 auto.search.msn.com
    O1 - Hosts: 207.44.236.200 auto.search.msn.co.uk
    O1 - Hosts: 207.44.236.200 search.msn.com
    O1 - Hosts: 207.44.236.200 search.msn.co.uk
    O1 - Hosts: 207.44.236.200 www.msn.com
    O1 - Hosts: 207.44.236.200 www.msn.co.uk
    O1 - Hosts: 207.44.236.200 auto.search.msn.com
    O1 - Hosts: 207.44.236.200 auto.search.msn.co.uk
    O1 - Hosts: 207.44.236.200 search.msn.com
    O1 - Hosts: 207.44.236.200 search.msn.co.uk
    O1 - Hosts: 207.44.236.200 www.msn.com
    O1 - Hosts: 207.44.236.200 www.msn.co.uk
    O1 - Hosts: 207.44.236.200 auto.search.msn.com
    O1 - Hosts: 207.44.236.200 auto.search.msn.co.uk
    O1 - Hosts: 207.44.236.200 search.msn.com
    O1 - Hosts: 207.44.236.200 search.msn.co.uk
    O1 - Hosts: 207.44.236.200 www.msn.com
    O1 - Hosts: 207.44.236.200 www.msn.co.uk
    O1 - Hosts: 207.44.236.200 auto.search.msn.com
    O1 - Hosts: 207.44.236.200 auto.search.msn.co.uk
    O1 - Hosts: 207.44.236.200 search.msn.com
    O1 - Hosts: 207.44.236.200 search.msn.co.uk
    O1 - Hosts: 207.44.236.200 www.msn.com
    O1 - Hosts: 207.44.236.200 www.msn.co.uk
    O1 - Hosts: 64.255.2.119 search.msn.co.uk
    O1 - Hosts: 64.255.2.119 www.xupiter.com
    O1 - Hosts: 64.255.2.119 xupiter.com
    O1 - Hosts: 64.255.2.119 search.msn.co.uk
    O1 - Hosts: 64.255.2.119 www.xupiter.com
    O1 - Hosts: 64.255.2.119 xupiter.com
    O1 - Hosts: 64.255.2.119 search.msn.co.uk
    O1 - Hosts: 64.255.2.119 www.xupiter.com
    O1 - Hosts: 64.255.2.119 xupiter.com
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKCU\..\Run: [MalwareRemovalBot] C:\PROGRAM FILES\MALWAREREMOVALBOT\MalwareRemovalBot.exe -boot
    O4 - HKUS\.DEFAULT\..\Run: [MalwareRemovalBot] C:\PROGRAM FILES\MALWAREREMOVALBOT\MalwareRemovalBot.exe -boot (User 'Default user')
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    After clicking Fix, exit HJT.

    Now reboot your PC

    Now delete the below folder if it exists:
    C:\PROGRAM FILES\MALWAREREMOVALBOT

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs9x.bat file by double clicking on it.

    Then attach the below logs:
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Nov 24, 2008
    #5
  6. toperchal

    toperchal Private E-2

    You gave me unbelieveable help. I have initiated a number of your rec for avoiding the problems I am having. Thank you.
     
    toperchal, Dec 2, 2008
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not complete my previous instructions and answer my questions too. Until you do this, we cannot move on to final instructions.
     
    chaslang, Dec 4, 2008
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds