TechSpot

Adware Virus

By pc_noob005
Nov 23, 2008
Topic Status:
Not open for further replies.
  1. I've done the 8 step removal, and here's my logs.
  2. mflynn

    mflynn Newcomer, in training Posts: 2,793

    You did a great job of scanning but not to good at cleaning.

    The MBAM says "No action taken" meaning you did not click the next and select Clean Delete.

    So run it again after dong the extra configs
    MalwareBytes extra config

    After update and yes update again, but before running
    Click settings and confirm all are Checked.

    It will find them again this time remove them send log, then run it again to make sure it comes up clean.

    Mike
  3. pc_noob005

    pc_noob005 Newcomer, in training Topic Starter Posts: 58

    it's weird the one I uploaded in the first post says no action taken, but the one on my computer says quarantined and deleted for everything.
  4. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Actually in the mbam log almost every line!

    Mike
  5. pc_noob005

    pc_noob005 Newcomer, in training Topic Starter Posts: 58

    Here's the one I have on my computer.
  6. mflynn

    mflynn Newcomer, in training Posts: 2,793

    You've already ran it with the changes I posted?

    Did it ask to reboot and did you do it!

    Mike
  7. pc_noob005

    pc_noob005 Newcomer, in training Topic Starter Posts: 58

    That is from the first time I ran it, and I rebooted for the superantispyware, which was after the mbam, so I believe it's been rebooted.
  8. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Open MBAM click Logs

    Open and send me the last log.

    Then proceed with the SAS and get me a log for that also!

    Mike
  9. pc_noob005

    pc_noob005 Newcomer, in training Topic Starter Posts: 58

    Both the Logs are above, the SAS one in the original post, and Mbam one a few posts down. Or do you want me to rescan my whole computer with each again, because seriously it takes like 6 hours each and I need to use my computer.
  10. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Well you are infested bad. Not only in quantity but in severity.

    You need to scan again with both but if you are scanning more than the boot drive (usually Drive c: ) then uncheck the other drives for both scans. This will speed it up some.

    Seriously I know it takes a while but has to be done!

    If you can use the computer and just have too knock something out. But with what you had and what you have left you are at risk if reinfection.

    Your call!

    Mike
  11. pc_noob005

    pc_noob005 Newcomer, in training Topic Starter Posts: 58

    ok I'll rescan, thanks for all your help.
     
  12. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Ok I will expect logs.

    I am headed to a movie and dinner in a couple hours. If I don't see anything before I go I will check when I get back.

    Mike
  13. pc_noob005

    pc_noob005 Newcomer, in training Topic Starter Posts: 58

    I was at a friends house all last night just got home, here's the logs.
  14. mflynn

    mflynn Newcomer, in training Posts: 2,793

    PC

    It says in the log you posted "No action taken" you can't spend this amount of time scanning and not delete them.

    Or is something else going on?

    And 6hrs to scan means slow computer or slow HD or so infested it is dragging down the scan times.

    You may have a huge amount of temp and useless files so lets clean them now. If you do have a huge amount of this junk and we clean it the scans will not be as long.

    Run CCleaner again twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

    Then

    D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

    http://www.majorgeeks.com/ATF_Cleaner_d4949.html
    ----------------------------------------------------------------------------------------------------------------------
    This is usually the last thing I would do but we need to clean and the SR is infected anyway.

    The issues are in System Restore so do the below

    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "During cleanup at TechSpot".

    Then

    Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    This is if you have the Volume Shadow Copy running which is the default.

    We will need to clean this again and create a new Restore point after you are clean. Give these cleanups time because if you do have much it could take a while.

    After you are finished with all the above then run MBAM again and this time click the next or continuse and delete them and sent new log!

    Mike
  15. pc_noob005

    pc_noob005 Newcomer, in training Topic Starter Posts: 58

    I will do all that, but I don't understand why it says no action, if I go to mbam and look at the log, it says they were all deleted and quarantined, I'll re upload it I guess.
  16. mflynn

    mflynn Newcomer, in training Posts: 2,793

    You are somehow sending the wrong logs.

    But this one is the correct one.

    Now do the entirety of my last post.

    Start the scan when watching TV or sleeping or at work but mbam needs to be ran again because it found so many and so many really bad.

    It needs to come up clean. Look at the log you send and you can see if any are left.

    Do it any how you can. I will be here often to check on you.

    Mike
  17. pc_noob005

    pc_noob005 Newcomer, in training Topic Starter Posts: 58

    I've done everything above and I am now running mbam, will post the log when it's done.
  18. pc_noob005

    pc_noob005 Newcomer, in training Topic Starter Posts: 58

    Sorry again, I was gone with some friends last night.
    Here's the mbam log, It came up clean.
  19. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Ok good.

    Post a final HJT log.

    Return tomorrow for closing and advice to stay clean.

    Mike
  20. pc_noob005

    pc_noob005 Newcomer, in training Topic Starter Posts: 58

    Here it is, thanks.
  21. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Whups!!!

    These 04s are suspicious and undocumented can't find in google & 20 is also and should not be there.

    O4 - HKCU\..\Policies\Explorer\Run: [{B82BCDA7-0A65-1033-0815-050416200001}] "C:\Program Files\Common Files\{B82BCDA7-0A65-1033-0815-050416200001}\Update.exe" mc-110-12-0000272
    O4 - HKCU\..\Policies\Explorer\Run: [{B82BCDA7-0A64-1033-0815-050416200001}] "C:\Program Files\Common Files\{B82BCDA7-0A64-1033-0815-050416200001}\Update.exe" mc-110-12-0000272

    O20 - AppInit_DLLs: hhfkxv.dll apxwmz.dll

    Do not remove them with HJT yet do below.

    Download SD Fix to Desktop among other things Catchme to look for RootKits.

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-click to RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Copy and attach the Report.txt file to your next post.

    Mike
  22. pc_noob005

    pc_noob005 Newcomer, in training Topic Starter Posts: 58

    Here you go.
  23. mflynn

    mflynn Newcomer, in training Posts: 2,793

    I see several malware inviteriners Kaaza Warez.

    Do this run SDFix again post new log.

    Then the below

    ComboFix

    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall

    Then new HJT log also.

    Mike
  24. pc_noob005

    pc_noob005 Newcomer, in training Topic Starter Posts: 58

    Hi sorry, I went out of town for a few days for thanksgiving, probably should of said something, I'm back now and will do what you said.
  25. pc_noob005

    pc_noob005 Newcomer, in training Topic Starter Posts: 58

    there is a issue with sdFix, it works fine through the safe mode part, but when it restarts and finished on my normal comp. it freezes up and stays in the This may take a few minutes screen, for like 10 hours.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.