UPDATED 4-Step Viruses/Spyware/Malware Removal Preliminary Instructions

Very Important: Malware infections can possibly lead to identity theft, stolen bank funds, misuse of credit card information etc. Therefore we strongly encourage you to read this thread before deciding what course of action to take regarding your infection.

If after reading the above you wish to clean your system, please follow the steps below and create new topic HERE

NOTE: This thread is a work in progress. As malware evolves, so must the programs that find the bad entries and remove them. Thanks to all the members who have kept this progress going.

• These steps are NOT meant to be a ONE-STOP-FIX-ALL.
• If your computer cannot stay running, as in it either cannot boot, or, it is automatically restarting after a certain amount of time, then just start a new thread and ask for help.
• They only serve to help you produce some logs, so we can see if your system needs further attention and cleaning.
• Please make sure to complete ALL the steps in this thread, in the order that they are listed BEFORE you post the requested log files.
• Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it into a couple of replies.
• Please run all scans in Normal Mode unless instructed otherwise. If you are not able to access Normal mode, please let us know.
• Do NOT perform a System Restore while we are cleaning, as this can reinfect the system.
• Please stay with your thread. We usually mark your thread inactive after five days, to help maintain the list of active topics.
• If you have any problems following any of the instructions, please ask for assistance in the thread you start.
• Do NOT PM malware helpers asking for help.
• We don't provide 911 services. We're just volunteers providing free help in our free time so be patient.

-
Step 1: Antivirus scanning

If you have a functioning, updated antivirus program, please leave it enabled pm the system for now. Do NOT add any of the free AV programs below.

If you're NOT running any antivirus, you should install one now. If you install a new antivirus, be sure to update it. - Neither a scan nor log are requested at this time.

Recommended Free Antivirus for temporary means:

• Avast Home
• Microsoft Security Essentials
• Comodo Antivirus

-
Step 2: Malwarebytes Anti-Malware (MBAM)

Download Malwarebytes Anti-Malware.

Double-click mbam-setup.exe to install the application. If you already have the program installed, just follow the directions. No need to re-download or re-install!

Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Copy and paste the entire report in your next reply.

-
Step 3: DDS

• Download DDSby sUBs from one of the following links. Save it to your desktop.
  • DDS.com
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
• Notepad will open with the results.
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Include the contents of both logs (DDS.txt and Attach.txt) in your new topic.
The scan will instruct you to post Attach.txt as an attachment. No need for that though, just post it's contents as you would any other log.

-
Step 4: Log Handling Instructions

Include the following logs into your next reply (copy & paste them). Please do not put logs in a quote box or code box.

• Malwarebytes Anti-Malware log
• DDS logs: both DDS.txt and Attach.txt

If any further steps are recommended, it will be done so in your thread.
-

Changelog:

July 2010
* New changes, mostly on the order and clearness of the guide's wording.

April 2010
* New rules/steps - brought completely up to date.
* Special thanks to Bobbye and Broni for the continued support on the forums and for the instructions.

* Many, many changes before writing this.
* Step 6, contributed by Blind Dragon. Updated AVG AS for SuperAntiSpyware OR Malwarebytes' Anti-Malware.
* Most installers available straight from TechSpot Downloads section.
* Added disclaimer/special rules for the malware board.

October 2010
* Step 4, deleted statement that GMER does not run on W7, 64 bit.

November 2010
* Step 4. Completely revised Step 4 (per Broni) but added "Show all" warning (per Bobbye).
* Step 1. Added line ref running scans in normal mode before Step 1 (per Bobbye).

March 2011
* Replaced Extended Guidelines section with edited material from Broni's post. (per Bobbye's request)

May 2011
* Deleted Step 2. (per Broni's request) Renumbered steps and changed thread title from 8-Step to 7-Step to reflect changes.

June 2011
*Revised Step 1. (per Bobbye's request)
*Added an instruction near top. (per Broni's request)

July 2011
*Added an instruction in Step 5, "Do not put logs in a quote box or code box." (per Bobbye's request)

August 2011
*Deleted last section about updating. (per Broni's request) Changed thread title from 7-Step to 6-Step.

September 2011
Replaced certain text with: "Neither a scan nor log are requested at this time." Revised some related wording. (per Bobbye's request)

October 2011
Changed Step 6 to "Note." (per Broni's request)

November 2011
Updated links in Step 3. (per Broni's request)
Revised Gmer instructions. (issue raised by Bobbye and per Broni's request)

January 2012
Revised recommended free anti-virus programs in step 1. (per Broni's request)
Added note to end of Step 3. (per Broni's request)
Changed url in Malwarebytes link. (per Bobbye's request)

August 2012
Overall clean-up, no changes to the content, only cosmetic.

November 2012
GMER step removed.
Redundancy cleaned up, as well as grammar and spelling.
Post style clean up.

Bump...