TechSpot

UPDATED 4-Step Viruses/Spyware/Malware Removal Preliminary Instructions

By Julio Franco
Dec 1, 2007
Topic Status:
Not open for further replies.
  1. Very Important: Malware infections can possibly lead to identity theft, stolen bank funds, misuse of credit card information etc. Therefore we strongly encourage you to read this thread before deciding what course of action to take regarding your infection.

    If after reading the above you wish to clean your system, please follow the steps below and create new topic HERE

    NOTE: This thread is a work in progress. As malware evolves, so must the programs that find the bad entries and remove them. Thanks to all the members who have kept this progress going.
    • These steps are NOT meant to be a ONE-STOP-FIX-ALL.
    • If your computer cannot stay running, as in it either cannot boot, or, it is automatically restarting after a certain amount of time, then just start a new thread and ask for help.
    • They only serve to help you produce some logs, so we can see if your system needs further attention and cleaning.
    • Please make sure to complete ALL the steps in this thread, in the order that they are listed BEFORE you post the requested log files.
    • Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it into a couple of replies.
    • Please run all scans in Normal Mode unless instructed otherwise. If you are not able to access Normal mode, please let us know.
    • Do NOT perform a System Restore while we are cleaning, as this can reinfect the system.
    • Please stay with your thread. We usually mark your thread inactive after five days, to help maintain the list of active topics.
    • If you have any problems following any of the instructions, please ask for assistance in the thread you start.
    • Do NOT PM malware helpers asking for help.
    • We don't provide 911 services. We're just volunteers providing free help in our free time so be patient.
    -
    Step 1: Antivirus scanning

    If you have a functioning, updated antivirus program, please leave it enabled pm the system for now. Do NOT add any of the free AV programs below.

    If you're NOT running any antivirus, you should install one now. If you install a new antivirus, be sure to update it. - Neither a scan nor log are requested at this time.

    Recommended Free Antivirus for temporary means:
    -
    Step 2: Malwarebytes Anti-Malware (MBAM)

    [​IMG] Please download Malwarebytes Anti-Malware to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    -
    Step 3: DDS

    • Download DDSby sUBs from one of the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    NOTE 1: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
    NOTE 2: Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    Include the contents of both logs (DDS.txt and Attach.txt) in your new topic.
    The scan will instruct you to post Attach.txt as an attachment. No need for that though, just post it's contents as you would any other log.

    -
    Step 4: Log Handling Instructions

    Include the following logs into your next reply (copy & paste them). Please do not put logs in a quote box or code box.
    Attached logs won't be reviewed.
    • Malwarebytes Anti-Malware log
    • DDS logs: both DDS.txt and Attach.txt
    If any further steps are recommended, it will be done so in your thread. :)
    -
    Last edited by a moderator: Apr 1, 2014
    Kaal202 likes this.
  2. momok

    momok TS Rookie Posts: 2,272

    Instructions have been shortened and updated for future convenience towards users as well as helpers.
    Credits to originator, Blind Dragon, and a few others, namely - kimsland, xxdanielxx, CCT, and Bobbye for their input.
  3. Julio Franco

    Julio Franco TechSpot Editor Topic Starter Posts: 6,536   +318

    Changelog:

    July 2010
    * New changes, mostly on the order and clearness of the guide's wording.

    April 2010
    * New rules/steps - brought completely up to date.
    * Special thanks to Bobbye and Broni for the continued support on the forums and for the instructions.

    * Many, many changes before writing this.
    * Step 6, contributed by Blind Dragon. Updated AVG AS for SuperAntiSpyware OR Malwarebytes' Anti-Malware.
    * Most installers available straight from TechSpot Downloads section.
    * Added disclaimer/special rules for the malware board.

    October 2010
    * Step 4, deleted statement that GMER does not run on W7, 64 bit.

    November 2010
    * Step 4. Completely revised Step 4 (per Broni) but added "Show all" warning (per Bobbye).
    * Step 1. Added line ref running scans in normal mode before Step 1 (per Bobbye).

    March 2011
    * Replaced Extended Guidelines section with edited material from Broni's post. (per Bobbye's request)

    May 2011
    * Deleted Step 2. (per Broni's request) Renumbered steps and changed thread title from 8-Step to 7-Step to reflect changes.

    June 2011
    *Revised Step 1. (per Bobbye's request)
    *Added an instruction near top. (per Broni's request)

    July 2011
    *Added an instruction in Step 5, "Do not put logs in a quote box or code box." (per Bobbye's request)

    August 2011
    *Deleted last section about updating. (per Broni's request) Changed thread title from 7-Step to 6-Step.

    September 2011
    Replaced certain text with: "Neither a scan nor log are requested at this time." Revised some related wording. (per Bobbye's request)

    October 2011
    Changed Step 6 to "Note." (per Broni's request)

    November 2011
    Updated links in Step 3. (per Broni's request)
    Revised Gmer instructions. (issue raised by Bobbye and per Broni's request)

    January 2012
    Revised recommended free anti-virus programs in step 1. (per Broni's request)
    Added note to end of Step 3. (per Broni's request)
    Changed url in Malwarebytes link. (per Bobbye's request)

    August 2012
    Overall clean-up, no changes to the content, only cosmetic.

    November 2012
    GMER step removed.
    Redundancy cleaned up, as well as grammar and spelling.
    Post style clean up.

    April 2014
    MBAM new instructions updated.
    Last edited by a moderator: Apr 1, 2014
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.