Disconnect infected computer from local network (router / modem).
Turn off all Internet security programs, including FW, AV, AS
2 runs of combofix
Follow ComboFix instructions referenced before.
Examine the last few lines in the log for ‘Completion time:’ ……. ‘machine was rebooted’
Restart the computer, if first run of ComboFix did not concluded with ‘reboot’.
Repeat ComboFix.
Restart the computer
Scan with HJT. (part of instructions for ComboFix)
Turn on appropriate Internet Security programs.
Protect from contamination of unknown origin- . This is where I grasp at straws. Folklore…
I offer some consideration of the folklore. Power cycle (poc) of the router is different than the ‘hard reset’ using the microswitch somewhere on the router. The latter technique forces factory defaults & it a guaranteed cleaning. POC cleans volatile memory on the router. Once the exploits alter router settings, the hard reset is indicated. Passwords assigned by user are better than leaving it defaulted.
Skip this if it is not practical.
Disconnect all computers from the router (local network).
Power cycle the router (remove power, restore power).