WORM and tojans took over

Discussion in 'Malware Help (A Specialist Will Reply)' started by zordic, Jun 6, 2008.

  1. zordic

    zordic Private E-2

    yesterday my avg free indicated infections...as did windows defender.
    when I hit start menu I noticed my programs were gone (winxp), and any effort to view c was denied as I now don't have administration rights. whatever hit me hit hard and continues to spread. I tried safe mode and restore..big mistake..
    so now safe mode behaves as my windows ..
    no control panel..nada..is this reformat time?
    please advise on anything I may do..I do have a hijack this log..
    thx
     
    zordic, Jun 6, 2008
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Are you able to download programs?

    If so, please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide

    Do as much as you can....let me know what happens.
     
    TimW, Jun 6, 2008
    #2
  3. zordic

    zordic Private E-2

    I am unable to see my c drive so any program loading to C will be unavailable to me.
    Can I just use my desktop?
    When I hit start all I see is games and set program access.., admin tools, dell solution ctr.
    that's it..nothing else.
    same in safe mode
     
    zordic, Jun 6, 2008
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes....download to desktop...run ComboFix first...then malwarebtyes and Super-Antispyware....then see if you cant install MGTools on the C drive....if not, run it from the desktop....attach all those logs.
     
    TimW, Jun 6, 2008
    #4
  5. zordic

    zordic Private E-2

    ok..had started the process before reading your last mail..so I was a bit out of order..after running combo fix I think that did it..I have access to my whole drive again..I had disabled system restore, but did make a backup registry in spybot..(should I delete that and how)
    will wait further instructions
    see attached files as requested
    will send the malware bytes log next

    and thanks for helping me..
     

    Attached Files:

    Last edited by a moderator: Jun 6, 2008
    zordic, Jun 6, 2008
    #5
  6. zordic

    zordic Private E-2

    OK..one last log file from malarebytes
     

    Attached Files:

    zordic, Jun 6, 2008
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Actually you are looking good....let's just do this:

    Please use add/remove programs to uninstall:
    J2SE Runtime Environment 5.0 Update 10"
    J2SE Runtime Environment 5.0 Update 2"
    Jasc Animation Shop 3"
    Java 2 Runtime Environment, SE v1.4.2

    Please disable all anti-virus and anti-spyware programs while we do the following:

    Run C:\MGtools\analyse.exe by double clicking on it(Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.


    Reboot and install:
    Java Runtime 6

    Now tell me how things are running.
     
    TimW, Jun 7, 2008
    #7
  8. zordic

    zordic Private E-2

    Tim: You are the best..I am virus/worm free and also have a screamin machine..the extra tips are appreciated.:)
    Thanks again..one helluva service..and to think I was ready to reformat...wow
     
    zordic, Jun 7, 2008
    #8
  9. zordic

    zordic Private E-2

    Almost forgot to ask..spyware doc picked up registry keys with the Legacy_catchme entries..about 14 of them as I recall..any problem with them or should I manually rid them in the registry?
    thx
     
    zordic, Jun 7, 2008
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Is Spyware Doctor a paid for version? What are the keys (exactly) that it reports.
     
    TimW, Jun 7, 2008
    #10
  11. zordic

    zordic Private E-2

    HKey-local machine\system\currentcontrolset\enum\legacy_catchme

    they all seem to have vanished except this one..

    and no I don't have the paid version of spyware doctor

    I'm not stressing over this..as they have disappeared

    thanks again for your diligent help...
     
    zordic, Jun 7, 2008
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Then you should uninstall it ( spyware doctor). I think the key is a legit key for combofix.

    If you are not having any other malware problems, it is time to do our final steps:

    1. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    2.
    * Click START then RUN
    * Now type "%userprofile%\Desktop\cf" /u in the runbox and click OK.
    * Note: The space between the cf and the /U, it must be there.
    3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    4. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    5. If you are running Windows XP or Windows ME, do the below:
    * Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    * Then reboot and Enable System Restore to create a new clean Restore Point.
    6. After doing the above, you should work thru the below link:
    How to Protect yourself from malware!
     
    TimW, Jun 7, 2008
    #12
  13. zordic

    zordic Private E-2

    thanks Tim..did all you suggested..
    I still have malware installed should I take that out as well???
    I also got so industrious I updated windows xp to sp3...and that wasn't such a good thing to do..My boot time is now very slow...buggy update..sorry I did it..
    anyhow no bugs..just ran spyware and no infections...thanks again..
    ben
     
    zordic, Jun 8, 2008
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you are referring to MalwareBytes...yes you can keep it....

    SP3 should not affect your speed.....You may wish to use a Startup Manager

    You may wish to post in the software section for your speed issues.
     
    TimW, Jun 8, 2008
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds