E2Give please help!
Hi I'm new to the forum and I am also fairly useless when it comes to fixing computers but I am very good at getting them infected. I recently got E2Give and Ad Aware, spybot and Ewido won't touch it. I have removed various Reg keys, used CCleaner and it still returns. I have HJT and Prevx which seems to prevent it from spawning any more Reg keys but it seems to somehow be in System Restore and keeps trying to get on my computer. So far I have not had any pop ups but it slowing my machine down and occasionally causing it to crash. Please help!!!!!
-
You're welcome! Glad we could help
(I love my hat, thanks) This is me wearing it, in fact https://mvp.support.microsoft.com/profile=7...3a-3cd446aff7a5
0 -
To delete your old System Restore points:
Click on the Start button (bottom left corner)
Click on All Programs
Click on Accessories
Click on System Tools
Click on System Restore
Click on System Restore settings (left side)
Click on your hard-drive in the new window that comes up
Click on Settings...
Move the slider all the way to the left
Click on OK and OK again
That should now delete your old System Restore points. Should you want System Restore to use up more disk space, go back into the menus and move the slider back up again. It won't bring back the old restore points, so you'll be safe there.
Let us know how you get on.
0 -
Hi thanks for helping I did what you said but Prevx still pops up when I start the pc this is what it says:
The application is trying to modify registry key \REGISTRY\MACHINE\SYSTEM\CONTROLSET001\SERVICES\MCHINJDRV\\IMAGEPATH with "\??\C:\WINDOWS\TEMP\mc23.tmp"
\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B56A7D7D-6927-48C8-A975-17DF180C71AC}\\N/A with "n/a"
\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B56A7D7D-6927-48C8-A975-17DF180C71AC}\\N/A with "n/a
The application is trying to modify registry key \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B56A7D7D-6927-48C8-A975-17DF180C71AC}\\N/A with "n/a"
The application is trying to modify registry key \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B56A7D7D-6927-48C8-A975-17DF180C71AC}\\N/A with "n/a
The application is trying to modify registry key \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B56A7D7D-6927-48C8-A975-17DF180C71AC}\\N/A with "n/a"
The application is trying to modify registry key \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B56A7D7D-6927-48C8-A975-17DF180C71AC}\\N/A with "n/a"
The application is trying to modify registry key \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\\N/A with "n/a"
The application is trying to modify registry key \REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\\N/A with "n/a"
So all I do is keep denying it access through Prevx, I assume that there is an application on my pc doing this, but I have deleted the E2G folder from my program files and Prevx won't tell me what the application is. Thanks again for the help I don't know if this will be useful?
0 -
Thanks for the help I have done what you said here is the report:
E2TakeOut v1.00 [http://www.malwarebytes.org]
Removed orphaned leftovers
AppInit key reset
I shall restart my pc and see if anything happens thanks again to both of you.
0 -
New removal tool out for the E2give pest:
Please download E2TakeOut by RubbeR DuckY from here:
http://www.malwarebytes.org/E2TakeOut.zip
- Extract the file to your Desktop
- Double click E2TakeOut.exe
- Click the Begin Removal button
- Wait until the program is finished scanning
- Once done, it will produce a popup stating that the infection has been found and you need to reboot you computer to complete the removal
- Reboot your computer
- Once your computer has rebooted E2TakeOut will open and produce a report
- Please copy/paste that report into your next reply
0 - Extract the file to your Desktop
-
Prevx is still poping up so I assume that the remover has not quite got rid of E2Give, maybe I messed it up by deleting some of the reg keys and E2Give from the program files?
0 -
I think that your Prevx is just seeing the changes being made to fix the e2give entries. Try temporarily disabling prevx when you do the fix. You can turn it back on after the problem is resolved.
0 -
That seemed to work!!! Thanks for all the help and nice hat.
0
Vous devez vous connecter pour laisser un commentaire.
Commentaires
8 commentaires