Very Important: Malware infections can possibly lead to identity theft, stolen bank funds, misuse of credit card information etc. Therefore I strongly encourage you to please read this thread HERE before deciding what course of action to take regarding your infection.
If after reading the above, you wish to clean your system, do the following.
-----------------------------------------------------------------------------------------------------------------------------------
[center]
Please make sure you complete all steps in this thread, BEFORE you post the requested log files.
Make sure you read and follow all the STEPS below, otherwise it just makes it that much harder for us to help you effectively.
DO NOT SKIP ANY OF THE INSTRUCTIONS
If you have any problems following any of the instructions, please ask for assistance.
[/center]
-----------------------------------------------------------------------------------------------------------------------------------
[center]
STEP1:
Malware Removal: Temporarily Disable Real Time Monitoring Programs.
[/center]
This is because some real time protection programmes can interfere with any fixes we are trying to run.
Once your system is clean, you are advised to turn the protection back on.
See these instructions on how to disable some of the more common real time monitoring programmes. Thanks to CastleCops for the info.
------------------------------------------------------------------------------------------------------------------------------------
[center]
STEP2:
[/center]
If you`re NOT running any antivirus or firewall software, you should install some ASAP.
Download and install the free
AVG or
Avast antivirus programmes and either the free
Zonealarm Kerio or Comodo firewall programmes.
Install whichever firewall you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times. Run the antivirus updates.
[center]
ONLY INSTALL THE ABOVE ANTIVIRUS/FIREWALL SOFTWARE, IF YOU DON`T ALREADY HAVE ANY ANTIVIRUS OR FIREWALL SOFTWARE.
[/center]
-----------------------------------------------------------------------------------------------------------------------------------
[center]
STEP3:
[/center]
Run this
online virus scanner.
You will need to use Internet Explorer for this scanner. It`s one of the very few online scanners that will actually disinfect viruses etc.
NOTE: If you have any problems with the online scanner, skip it and continue with the rest of the instructions below.
-----------------------------------------------------------------------------------------------------------------------------------
[center]
STEP4:
Make sure you have the LATEST version of HJT (currently v2.0.2) from HERE.
[/center]
The above link will download the HijackThis installer. Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
It will also automatically OPEN HJT, close it.
-----------------------------------------------------------------------------------------------------------------------------------
[center]
STEP5:
THIS IS VERY IMPORTANT.
[/center]
Open the C:\Program Files\TrendMicro\HijackThis folder in program files.
Rename the Hijackthis.exe file to Crusty.exe. This is because some malware can hide from HijackThis.exe. Right click the HijackThis.exe file and choose rename. Click in the title box and press the delete key to clear what`s there, type Crusty.exe and press the enter key.
Right click the Crusty.exe file and choose send to desktop(create shortcut).
[center]
Under no circumstances should you add any items to the HJT ignore list.
Do not run a HJT scan, until step15 of this thread.
[/center]
------------------------------------------------------------------------------------------------------------------------------------
[center]
STEP6:
[/center]
Download and install
AVG Antispyware(formerly Ewido).
Double-click the icon on your desktop to run it.
On the top of the main screen
click Shield. Click the word
active to change it to inactive.
On the top of the main screen click 'Update'. Then click on 'Start
update'. The update will start and a progress bar will show the updates
being installed.
If you are having problems with the updater, you can get the manual update at
http://downloads.ewido.net/avgas-sig...ll-current.exe
When you have finished updating, exit AVG Antispyware.
For a complete pictorial guide to the use of AVG Antispyware look HERE. Thanks to rik for the guide.
-----------------------------------------------------------------------------------------------------------------------------------
[center]
STEP7:
[/center]
Download and install the latest version of
SS&D from
HERE. Make sure you have the latest definition files(updates). Click the immunize button in the lefthand pane, then click the green immunize cross in the righthand pane. Close SS&D.
Make sure that during installation the Teatimer protection is disabled.
-----------------------------------------------------------------------------------------------------------------------------------
[center]
STEP8:
[/center]
Download and install the latest version of
Ad-Aware SE Personal from
HERE. Make sure you have the latest definition files. Close Ad-aware se.
-----------------------------------------------------------------------------------------------------------------------------------
[center]
STEP9:
[/center]
Download the
Ccleaner programme from HERE.
Close all browsers. Run the programme and make sure all the boxes are ticked under the Windows(except for the Old prefetch Data option, this should be unticked) and Applications tabs and click the run cleaner button. Do this several times.
-----------------------------------------------------------------------------------------------------------------------------------
[center]
STEP10:
[/center]
Download and run these three tools. Follow the instructions for using each tool on the download site for each tool.
Tool1 Tool2 Tool3
-----------------------------------------------------------------------------------------------------------------------------------
[center]
STEP11:
[/center]
Download the
Panda Antirootkit programme.
Unzip it and run the PAVARK.exe file.
Tick the box that says In depth scan and follow the on screen instructions.
DO NOT remove any UNKNOWN ROOTKITS at this stage. Instead, let me know the results.
Let me know the results in your reply.
PLease Note: Panda Antirootkit is not compatible with Windows Vista.
If you are running Vista, please download the
AVG Antirootkit programme.
Disconnect from the net and install the programme.
Run the programme and tick Indepth scan.
Do not have AVG Antirootkit fix anything, instead let me know the results.
Once the scan is finished, reconnect to the net.
-----------------------------------------------------------------------------------------------------------------------------------
[center]
Please continue with instructions in the post below.[/center]