Need help removing trojan-clicker.win32.wistler.a

Let's try another way....

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning ISO Images to a CD or DVD

2. Boot from created disk.
At first screen click on Repair your computer:

This will bring you to a new screen where the repair process will look for all Windows Vista installations on your computer. When done you will be presented with the System Recovery Options dialog box:

After this, it will present you with a list of options including startup repair, system restore and command prompt:

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.

OK, here is a problem.
Basically, if MBRCheck script, which we tried before is not able to fix E drive MBR, there is no other way to do it.
The reason is, it's not bootable drive.
On the other hand, since it's not bootable drive, MBR (master boot record) is not active.
It shouldn't have any impact on safety of your computer.

If you're still in doubt, you'd have to format that drive to remove that bad MBR.

Is your computer experiencing any ill symptoms at the moment?

This is not good then....



Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

OK, Combofix doesn't see any issue, which is good, because Combofix would be triggered by a Whistler bootkit.
However, I looked at your OTL log again and I can see very likely culprit of your redirection.


Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
Restart computer and ....

Download OTL to your Desktop.
Run "Quick scan", post its log and also check for redirections.

It looks good now.
How is redirection?

Good news

It definitely gives a false location (see my reply #43).
Neither MBRCheck, or Combofix see it on drive C, which is crucial.

Now, you have to repeat, OTL cleanup and system restore reset as in my reply #31 (important!)

OK ..............

Sure thing

That's your drive E.

If you're willing to format E drive and have a peace of mind, you're more than welcome to do so.

Did you go for full format, or quick format?
Please, post fresh MBRCheck log.