Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Mleady-MWR

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Scotty » July 15th, 2007, 6:50 am

Well, I do believe there is only need for one real-time scanner so I'llmake the suggestion first of uninstalling Defender. I'll take my time with her and just post back when I actually come to do a fix?
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland
Advertisement
Register to Remove

Unread postby askey127 » July 15th, 2007, 7:04 am

OK.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby Scotty » July 16th, 2007, 9:45 am

Hi Askey

Is it something Im doing, or not doing? That 023 just wont go away.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Unread postby askey127 » July 16th, 2007, 10:28 am

The batch file is not correct:
@echo off
sc stop "Content Monitoring Tool"
sc delete "Content Monitoring Tool"
del Fixservices.bat
exit


should be:
Code: Select all
Open Notepad and choose [b]File, New[/b]
Copy the content of the quote box below into notepad.
[quote]@echo off
sc stop "Content Monitoring Tool"
sc disable "Content Monitoring Tool"
sc delete msCMTSrvc
[/quote]
Use Notepad's [b]File, Save As[/b] and save to your desktop as FileType [b]All Files[/b] and Filename [b]FixService.bat[/b] 
Do not save as File Type [b]Text[/b] or it won't work.
Exit Notepad

Then double-click [b]FixService.bat[/b] on your desktop.



sc delete always needs the name in parentheses in the O23 line.
Then the O23 line can be removed in HJT if it's still there.

Post it and get one more HJT log.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby Scotty » July 16th, 2007, 11:47 am

Im getting some great replies today! Tried google but cant find a definitive answer. Maybe it's something to do with (file missing)?
Im just guessing now.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Unread postby askey127 » July 16th, 2007, 1:55 pm

Mistakenly posted this in the real thread instead of here.
Got to stop leaving both open at once!
That's twice in the same month!
I deleted it, but his ref to me is that.
suggested remove the kernel dump O4
and
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
and suggested that he was probably OK after that.
the O23 is only a minor nuisance.

He posted he's still worried about the McAfee malware.j note he's getting.
I don't know if it's just a heuristics catch (that name sounds like it).
No other AV's have noted that one yet.
Can't find out anything else online either.
Maybe you can ask the user if he is able to find out what file is involved and we can upload it to Virustotal or Jotti.


I would run a Kaspersky Online scan and see if it picks up anything.
If nothing, I would give the all clear.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby Scotty » July 16th, 2007, 4:11 pm

Hi askey

Will do.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Unread postby Scotty » July 16th, 2007, 4:22 pm

I should add, asking this op to id and find a file might be a bit much. :D
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Unread postby askey127 » July 16th, 2007, 5:01 pm

Think I owe you a pint for this one.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby Scotty » July 16th, 2007, 7:18 pm

OK. I think I can guide her to delete the two temp files and the My Websearch folder. How do you clear out Spysweeper's temp files?
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Unread postby askey127 » July 16th, 2007, 7:31 pm

You don't need to delete the Spysweeper Temp files and they are probably protected. They are no risk to the user.

Go ahead and make up your post for the other stuff.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby Scotty » July 16th, 2007, 7:54 pm

We have three files we need to delete. First these files:

Go to Start then My Computer and double-click on the Local Drive ( C ) icon.
You should see these two files.

47.tmp/data0002 and 47.tmp NSIS.

Right-click once on each and in the sub-menu that appears select Delete.

Stay in that same location and double-click on the Program Files folder.
Now seek out this file in there

Uninstall My Web Search.dll

right-click on it and select Delete.

Close all open windows then right-click on the Recycle-bin and select Empty Recycle Bin.

Let me know you have done that correctly or if you have any problems.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Unread postby askey127 » July 16th, 2007, 8:27 pm

47.temp may be a folder. Have User delete it whatever it is.

Post it.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby Scotty » July 17th, 2007, 10:45 am

Hello Askey

One more HJT log or All-Clean? She got the files.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Unread postby askey127 » July 17th, 2007, 12:30 pm

Looks OK.

All-clean
this one needs a few extra protections against the operator
SWBlaster prob a must in this case.

Good job
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 291 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware