SMStumphauzer

Requesting Assistance to Remove PriceGong from Computer

9 posts in this topic

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

-----------------------------------------------------------

Attach logs for:

  • ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

0

Share this post


Link to post
Share on other sites

Dear Kevin, Thank You for your assistance. Just finished running the sequence you posted for me. Had to right click and open tho download the ComboFix from Link 1. Recovery Console installed ok. Did get 3 Registry Editor pop-up boxes requesting reporting to Microsoft during the scan - ok'd the first - did not send the 2nd or 3rd. So far seems to be running ok - will scan again with a-squared to see if it PriceGong shows up again. ComboFix log is attached.

Thank You again - Steve

0

Share this post


Link to post
Share on other sites

Attach fresh logs for EAM and ISeeYouXP.

0

Share this post


Link to post
Share on other sites

Here are the attached EAM and ISeeYouXP fresh logs. It took 2 runnings of EAM because the first one did not finish correcvtly - most likely because a box popped up claiming "Socket xxxxx for Logitech or Intel did not load correctly" or something like that and had an "OK" box to click, which ended up being the wrong thing to do. The secont running of EAM had the same thing and I just closed the window with the X. Still found 2 traces of PriceGong!A2 in the Registry. I know the Trace File "Find Out Now Spy Software goes with the ConsensusDocs software I use for my business, so that one is OK, but need to get rid of the PriceGong.

0

Share this post


Link to post
Share on other sites

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).

REGEDIT4

[-HKEY_USERS\S-1-5-21-742796253-152626329-2963622988-1005\software\PriceGong]

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

-----------------------------------------------------------

Unless you are having problems from Malware it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:

  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

Delete everything in C:\!KillBox (If I didn't have you use KillBox, then this won't be present)

Delete the following from your Desktop (If they exist)

Avenger.exe

Avenger.txt

Avenger.zip

CFscript.txt

dds.scr

dds.pif

DisableAutoRuns.reg

fixes.bat

FixMe.reg

FixReg.reg

ISeeYouXP.exe

ISeeYouXP.lnk

ISeeYouXP.txt

Win32kDiag.exe

Win32kDiag.txt

Anything else I had you use

Delete the following files: (If they exist)

C:\Avenger.txt

C:\ComboFix.txt

Delete the following folders: (If they exist)

C:\Avenger

C:\AvoidTDSS

C:\ComboFix

C:\SDFix

C:\Qoobox

Empty the Recycle Bin

Run CCleaner

Turn off System restore to flush all your restore points then turn system restore back on. See How To Enable and Disable System Restore.

Inside the ISeeYouXP folder, locate and double-click HideIT.bat (C:\ISeeYouXP\HideIT.bat). This will return viewing of Hidden and System Files and Folders to the default settings.

Delete C:\ISeeYouXP

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

Articles to read:

How to Protect Your Computer From Malware

How to keep you and your Windows PC happy

Web, email, chat, password and kids safety

10 Sources of Malware Infections

That should take care of everything.

Safe Surfing!

0

Share this post


Link to post
Share on other sites

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).

REGEDIT4

[-HKEY_USERS\S-1-5-21-742796253-152626329-2963622988-1005\software\PriceGong]

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

-----------------------------------------------------------

Unless you are having problems from Malware it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:

  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

Delete everything in C:\!KillBox (If I didn't have you use KillBox, then this won't be present)

Delete the following from your Desktop (If they exist)

Avenger.exe

Avenger.txt

Avenger.zip

CFscript.txt

dds.scr

dds.pif

DisableAutoRuns.reg

fixes.bat

FixMe.reg

FixReg.reg

ISeeYouXP.exe

ISeeYouXP.lnk

ISeeYouXP.txt

Win32kDiag.exe

Win32kDiag.txt

Anything else I had you use

Delete the following files: (If they exist)

C:\Avenger.txt

C:\ComboFix.txt

Delete the following folders: (If they exist)

C:\Avenger

C:\AvoidTDSS

C:\ComboFix

C:\SDFix

C:\Qoobox

Empty the Recycle Bin

Run CCleaner

Turn off System restore to flush all your restore points then turn system restore back on. See How To Enable and Disable System Restore.

Inside the ISeeYouXP folder, locate and double-click HideIT.bat (C:\ISeeYouXP\HideIT.bat). This will return viewing of Hidden and System Files and Folders to the default settings.

Delete C:\ISeeYouXP

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

Articles to read:

How to Protect Your Computer From Malware

How to keep you and your Windows PC happy

Web, email, chat, password and kids safety

10 Sources of Malware Infections

That should take care of everything.

Safe Surfing!

0

Share this post


Link to post
Share on other sites

Finally had a chance to run through your instructions from your last post. Ran FixReg - seemed to run ok. Could not download OTC - access was denied. Deleted files and folders and ran CCleaner. Disabled and Re-Enabled System Restore - seemed to go ok. Ran HideIT - seemed to be ok. Ran Windows Update - previously had all critical updates - just picked up a few minor updates. Ran Secunia Online - got an updated download for Skype. Will run EAM when I have more time to see if anything is still there and will report when run. I will be filing all of the instructions for future reference. Thank You for your assistance. Steve

0

Share this post


Link to post
Share on other sites

The site that hosts OTC is currently offline. Hopefully they will be back online soon.

0

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.