8 replies to this topic

[SMStumphauzer]

Requesting help to remove PriceGong from Registry and other areas.

Attached Files

•  a2scan_100715-120159.txt   1.53K   263 downloads
•  ISeeYouXP.txt   955.89K   370 downloads
•  HiJackFree.log   18.65K   106 downloads

[ShadowPuterDude]

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1
Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  See HERE for help
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:
1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

-----------------------------------------------------------

Attach logs for:

• ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

[SMStumphauzer]

Dear Kevin, Thank You for your assistance. Just finished running the sequence you posted for me. Had to right click and open tho download the ComboFix from Link 1. Recovery Console installed ok. Did get 3 Registry Editor pop-up boxes requesting reporting to Microsoft during the scan - ok'd the first - did not send the 2nd or 3rd. So far seems to be running ok - will scan again with a-squared to see if it PriceGong shows up again. ComboFix log is attached.
Thank You again - Steve

Attached Files

•  ComboFix.txt   22.03K   135 downloads

[ShadowPuterDude]

Attach fresh logs for EAM and ISeeYouXP.

[SMStumphauzer]

Here are the attached EAM and ISeeYouXP fresh logs. It took 2 runnings of EAM because the first one did not finish correcvtly - most likely because a box popped up claiming "Socket xxxxx for Logitech or Intel did not load correctly" or something like that and had an "OK" box to click, which ended up being the wrong thing to do. The secont running of EAM had the same thing and I just closed the window with the X. Still found 2 traces of PriceGong!A2 in the Registry. I know the Trace File "Find Out Now Spy Software goes with the ConsensusDocs software I use for my business, so that one is OK, but need to get rid of the PriceGong.

Attached Files

•  a2scan_100719-115929.txt   1.54K   81 downloads
•  ISeeYouXP.txt   958.65K   142 downloads

[ShadowPuterDude]

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).

REGEDIT4

[-HKEY_USERS\S-1-5-21-742796253-152626329-2963622988-1005\software\PriceGong]

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

-----------------------------------------------------------

Unless you are having problems from Malware it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:

• Make sure you have an Internet Connection.
• Download OTC to your desktop and run it
• A list of tool components used in the cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to begin the cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

Delete everything in C:\!KillBox (If I didn't have you use KillBox, then this won't be present)

Delete the following from your Desktop (If they exist)
Avenger.exe
Avenger.txt
Avenger.zip
CFscript.txt
dds.scr
dds.pif
DisableAutoRuns.reg
fixes.bat
FixMe.reg
FixReg.reg
ISeeYouXP.exe
ISeeYouXP.lnk
ISeeYouXP.txt
Win32kDiag.exe
Win32kDiag.txt
Anything else I had you use

Delete the following files: (If they exist)
C:\Avenger.txt
C:\ComboFix.txt

Delete the following folders: (If they exist)
C:\Avenger
C:\AvoidTDSS
C:\ComboFix
C:\SDFix
C:\Qoobox

Empty the Recycle Bin

Run CCleaner

Turn off System restore to flush all your restore points then turn system restore back on. See How To Enable and Disable System Restore.

Inside the ISeeYouXP folder, locate and double-click HideIT.bat (C:\ISeeYouXP\HideIT.bat). This will return viewing of Hidden and System Files and Folders to the default settings.

Delete C:\ISeeYouXP

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

Articles to read:
How to Protect Your Computer From Malware
How to keep you and your Windows PC happy
Web, email, chat, password and kids safety
10 Sources of Malware Infections

That should take care of everything.

Safe Surfing!

[SMStumphauzer]

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).

REGEDIT4

[-HKEY_USERS\S-1-5-21-742796253-152626329-2963622988-1005\software\PriceGong]

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

-----------------------------------------------------------

Unless you are having problems from Malware it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:

• Make sure you have an Internet Connection.
• Download OTC to your desktop and run it
• A list of tool components used in the cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to begin the cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

Delete everything in C:\!KillBox (If I didn't have you use KillBox, then this won't be present)

Delete the following from your Desktop (If they exist)
Avenger.exe
Avenger.txt
Avenger.zip
CFscript.txt
dds.scr
dds.pif
DisableAutoRuns.reg
fixes.bat
FixMe.reg
FixReg.reg
ISeeYouXP.exe
ISeeYouXP.lnk
ISeeYouXP.txt
Win32kDiag.exe
Win32kDiag.txt
Anything else I had you use

Delete the following files: (If they exist)
C:\Avenger.txt
C:\ComboFix.txt

Delete the following folders: (If they exist)
C:\Avenger
C:\AvoidTDSS
C:\ComboFix
C:\SDFix
C:\Qoobox

Empty the Recycle Bin

Run CCleaner

Turn off System restore to flush all your restore points then turn system restore back on. See How To Enable and Disable System Restore.

Inside the ISeeYouXP folder, locate and double-click HideIT.bat (C:\ISeeYouXP\HideIT.bat). This will return viewing of Hidden and System Files and Folders to the default settings.

Delete C:\ISeeYouXP

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

Articles to read:
How to Protect Your Computer From Malware
How to keep you and your Windows PC happy
Web, email, chat, password and kids safety
10 Sources of Malware Infections

That should take care of everything.

Safe Surfing!

[SMStumphauzer]

Finally had a chance to run through your instructions from your last post. Ran FixReg - seemed to run ok. Could not download OTC - access was denied. Deleted files and folders and ran CCleaner. Disabled and Re-Enabled System Restore - seemed to go ok. Ran HideIT - seemed to be ok. Ran Windows Update - previously had all critical updates - just picked up a few minor updates. Ran Secunia Online - got an updated download for Skype. Will run EAM when I have more time to see if anything is still there and will report when run. I will be filing all of the instructions for future reference. Thank You for your assistance. Steve

[ShadowPuterDude]

The site that hosts OTC is currently offline. Hopefully they will be back online soon.