Very Important: Malware infections can possibly lead to identity theft, stolen bank funds, misuse of credit card information etc. Therefore we strongly encourage you to read this thread before deciding what course of action to take regarding your infection.

If after reading the above you wish to clean your system, please follow the steps below.

NOTE: This thread is a work in progress. As malware evolves, so must the programs that find the malign entries and remove them. Grateful thanks to all the members who have kept this "progress" going.

=========================================================

• These steps are NOT meant to be a ONE-STOP-FIX-ALL.
• They only serve to help you produce some logs, so we can see if your system needs further attention and cleaning.
• Please make sure you complete ALL the steps in this thread, in the order that they are listed BEFORE you post the requested log files.
• Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies. Attached logs won't be reviewed.
• If you have any problems following any of the instructions, please ask for assistance.

Do NOT perform a System Restore while we are cleaning. This can reinfect the system.

DO NOT make any other changes to your computer (e.g. installing programs, using other cleaning tools, etc.), until it's officially declared clean!!! DO NOT make any Registry Changes. And it is recommended that if you are running any Registry editing program, that you either uninstall or disable that while we are in the cleaning process

========================================================

Please run all scans in Normal Mode unless instructed otherwise. If you are not able to access Normal mode, please let us know.

Step 1: Antivirus scanning

If you have a functioning, updating antivirus program, please leave it on the system for now. Do NOT add any of the free AV programs below.

If you're NOT running any antivirus, you should install one now. If you install a new antivirus, be sure to update it. - Neither a scan nor log are requested at this time.

Reboot the computer when finished.

Recommended Free Antivirus:

• Avast Home
  
  
• Microsoft Security Essentials
  
  
• Comodo Antivirus

=========================================================

Step 2: Malwarebytes Anti-Malware

• Download Malwarebytes' Anti-Malware and save to your desktop.
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  [o] Update Malwarebytes' Anti-Malware
  [o] Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

If you accidentally close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

** Please include the log with your next reply.

=========================================================

Step 3: GMER

• Please download GMER from one of the following locations and save it to your desktop:
  Main Mirror This version will download a randomly named file (Recommended)
  Zipped Mirror This version will download a zip file. If you use this mirror, please extract the zip file to your desktop. It'll produce gmer.exe file.
• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
• If you downloaded the zipped version, double-click on gmer.exe.
  
  
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
• Warning! Please do not select the "Show all" checkbox during the scan.
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and be sure to re-enable your anti-virus, firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

NOTE: If GMER doesn't find any modifications it will NOT produce any log.

=========================================================

Step 4: DDS

• Download DDS by sUBs and save to your desktop. After downloading the tool, disable any script blocking protection.
  
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
• Notepad will open with the results, click no to the Optional_Scan
• Follow the instructions that pop up for posting the results.
• When done, DDS will open two (2) logs:
  [o]DDS.txt
  [o]Attach.txt
• Close the program window.
• Enable your Antivirus protection and reconnect to the internet.

** Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though, just paste it as you would any other log.

Note: You may have to disable any script protection running if the scan fails to run.

=========================================================

Step 5: Log Handling Instructions

Include the following logs into your next reply (copy & paste them). Do not put logs in a quote box or code box.

• Malwarebytes Anti-Malware log
• GMER log
• DDS logs: both DDS.txt and Attach.txt

Extended Guidelines

All required logs have to be PASTED. Attached logs will NOT be reviewed.

If a log or logs exceed the limit for one reply, you may use more than one reply. The above rule will be strictly enforced.

Pasted logs can be handled easier and faster by malware helper.

=========================================================

Note

This latest version of the malware removal guide has been condensed into five major steps. You can now proceed to submit your information per the instructions above. Other things you should know:

* New members coming for support should know that forum moderators have their usernames highlighted in GREEN, while trusted malware helpers are highlighted in PURPLE.
* Inactive topics where the user no longer comes back for feedback or confirm the issues have been resolved will be closed after 5 days of inactivity.
* Read the complete Virus & Malware removal forum rules here.

=========================================================

If any further steps need to be taken, you will be so instructed.

Instructions have been shortened and updated for future convenience towards users as well as helpers.
Credits to originator, Blind Dragon, and a few others, namely - kimsland, xxdanielxx, CCT, and Bobbye for their input.

Changelog:

July 2010
* New changes, mostly on the order and clearness of the guide's wording.

April 2010
* New rules/steps - brought completely up to date.
* Special thanks to Bobbye and Broni for the continued support on the forums and for the instructions.

* Many, many changes before writing this.
* Step 6, contributed by Blind Dragon. Updated AVG AS for SuperAntiSpyware OR Malwarebytes' Anti-Malware.
* Most installers available straight from TechSpot Downloads section.
* Added disclaimer/special rules for the malware board.

October 2010
* Step 4, deleted statement that GMER does not run on W7, 64 bit (per Broni's request).

November 2010
* Step 5. Replaced "** Please include both logs in your next reply." with "Include the contents of both logs in your new topic. The scan will instruct you to post Attach.txt as an attachment. No need for that though ..... just post its contents as you would any other log." (Broni's request)
* Step 4. Completely revised Step 4 (per Broni) but added "Show all" warning (per Bobbye).
* Step 1. Added line ref running scans in normal mode before Step 1 (per Bobbye).

February 2011
* Step 5. Removed portion in red. • Close the program window, and delete the program from your desktop. (per Broni's request)

March 2011
* Replaced Extended Guidelines section with edited material from Broni's post. (per Bobbye's request)

May 2011
* Deleted Step 2. (per Broni's request) Renumbered steps and changed thread title from 8-Step to 7-Step to reflect changes.

June 2011
*Revised Step 1. (per Bobbye's request)
*Added an instruction near top. (per Broni's request)

July 2011
*Added an instruction in Step 5, "Do not put logs in a quote box or code box." (per Bobbye's request)

August 2011
*Deleted last section about updating. (per Broni's request) Changed thread title from 7-Step to 6-Step.

September 2011
Replaced certain text with: "Neither a scan nor log are requested at this time." Revised some related wording. (per Bobbye's request)

October 2011
Changed Step 6 to "Note." (per Broni's request)

November 2011
Updated links in Step 3. (per Broni's request)
Revised Gmer instructions. (issue raised by Bobbye and per Broni's request)

January 2012
Revised recommended free anti-virus programs in step 1. (per Broni's request)
Added note to end of Step 3. (per Broni's request)
Changed url in Malwarebytes link. (per Bobbye's request)

Great! Thank you. Glad to have the update section moved. That one causes a lot of back and forth Q&A.

Bumped to change topics order....