XP SP3 had 177+ bugs - ran MG cleanup - issue with RootRepeal

Discussion in 'Malware Help (A Specialist Will Reply)' started by JanetE, Aug 21, 2010.

  1. JanetE

    JanetE Private E-2

    Neighbor's Dell Inspiron 5100 slowed to glacial. Malwarebytes, SuperAntispyware, Spybot-S&D, Norton removed 177 or more infections. Computer still crabby. Bogus messages in system tray that firewall was off, but when checked it seemed was on. Hard to shut down computer. Services always running. CPU cranking at 100%. Suspected Vundo based on "error message" balloon. Ran Trojan.Vundo removal tool. Said it found nothing. Computer runs faster now but doesn't seem entirely normal.
    I ran all Windows XP Cleaning Procedure from MajorGeeks, but could not run RootRepeal, it hung the system with message "Initializing, please wait...." and I had to do an interrupt with power button. Any kind of real-time virus/firewall protection is turned off as far as I can tell. Tried cleaning temp files, disconnecting from Internet but still RootRepeal would not run.
    I saw bleepingcomputer advice to use Sophos instead but held off. Would rather have your advice before I start substituting. Thanks!
     

    Attached Files:

    JanetE, Aug 21, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are clean. However, you are taxing the system by having both Norton and McAfee when you only have this amount of RAM:
    Code:
    Total Physical Memory    512.00 MB    
Available Physical Memory    354.63 MB
    Since you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:




    Support MajorGeeks with Geek Wear!
     
    TimW, Aug 21, 2010
    #2
  3. JanetE

    JanetE Private E-2

    Wow, you made my day! And so fast too. Will heed your advice and uninstall the McAfee (it's just the small program that checks whether you have virus/firewall protection in place, but we don't need it eating up resources now so out it goes). I really appreciate the detailed wrap-up instructions and will follow them to the letter. Can't thank you enough for helping me help my 80-year-old computer-loving neighbor to get back up and running. This feels so good! Thank you, thank you, thank you.
     
    JanetE, Aug 21, 2010
    #3
  4. JanetE

    JanetE Private E-2

    Help, I congratulated myself too soon! Very sorry to bump, but I'm freaked. Forgot that Norton had passed its 5-hour limit and re-enabled its real-time protection. So now I am stuck with the ComboFix uninstall script running. It's given me the warning that Norton AntiVirus real time scanner is active but ComboFix will continue to run. I am in safe mode and cannot find any way to instruct Norton to disable its scanner. I have not clicked OK to ComboFix yet. Is there anything I can do to abort the process? Or what else should I do? Sorry!!! Thank you!
     
    JanetE, Aug 21, 2010
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You are just uninstalling ComboFix so just let it run. Then continue on with the next steps no matter what. When you run the MGclean.bat file it will cleanup after ComboFix anyway.
     
    chaslang, Aug 21, 2010
    #5
  6. JanetE

    JanetE Private E-2

    Thanks so much, ComboFix uninstalled. Another worry: I had renamed HijackThis at some point. When not found in Add/Remove list, I renamed it back to HijackThis.exe and then it appeared. I clicked to remove it, and received message that Add/Remove would go ahead and do its thing but I would have to delete the HijackThis.exe file manually. I put the executable in the Recycle Bin. This leaves me with a folder C:\Program Files\Trend Micro containing a backup folder with a couple backup files in it. I left these there. Was that right? Really appreciate the help.
     
    JanetE, Aug 22, 2010
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You can just delete the entire folder if you wish. You should have no need for it at this point.
     
    TimW, Aug 22, 2010
    #7
  8. JanetE

    JanetE Private E-2

    Thank you, TimW, thank you, chaslang, thank you, MajorGeeks. It's been one heck of a learning curve and I can't thank you enough for all your help.
     
    JanetE, Aug 22, 2010
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. Safe surfing. :)
     
    TimW, Aug 23, 2010
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds