Now you are giving me something to work with!
For the missing icons, programs, files, etc:
Download
Unhide.exe and save to the desktop.
- Double-click on Unhide.exe icon to run the program.
- This program will remove the +H, or hidden, attribute from all the files on your hard drives.
Note: this does not remove the malware itself and may not restore everything yet.
========================================
Please do the following to help you run other programs:
Boot into Safe Mode
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, using your up/down arrows to reach it and then press ENTER.
This infection may change your Windows settings to use a
proxy server that will not allow you to browse any pages on the Internet with Internet Explorer or update security software, we will first need need to fix this: Launch Internet Explorer
- Access Internet Options through Tools> Connections tab
- Click on the Lan Settings at the bottom
- Proxy Server section> uncheck the box labeled 'Use a proxy server for your LAN.
- Then click on OK> and OK again to close Internet Options.
===============================
This malware frequently comes with the TDSS rootkit, so do the following:
- Download the file TDSSKiller.zip and save to the desktop.
(If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
- Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
- Double click on TDSSKiller.exe. to run the scan
- When the scan is over, the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
- Select the action Quarantine to quarantine detected objects.
The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43, Save and post the log.
- After clicking Next, the utility applies selected actions and outputs the result.
- A reboot is required after disinfection.
====================================
If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
====================================
To end processes that belong to the malware,
Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 3 different versions. If one of them won't run then download and try to run the other one. (Vista and Win7 users need to right click Rkill and choose
Run as Administrator)
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
- Rkill.com
- Rkill.scr
- Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- If the tool does not run from any of the links provided, please let me know.
Do not reboot until instructed. as it will start the malware again
==================================
You will run another scan with Mbam, after it updates, but this time, on the Scanner tab, make sure the the
Perform Full Scan option is selected and then click on the Scan button.
When scan has finished, you will see this image:
- Click on OK to close box and continue.
- Click on the Show Results button.
- Click on the Remove Selected button to remove all the listed malware.
- At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
========================================
TDSSKiller
RKill
New Malwarebytes
======================================
Next time you ask for help for malware, give the information you gave in answer to my questions. As far as running Mbam but having the malware 'come back' after you rebooted> it didn't> it was still on the system.
The scans above should help. They may not remove all the malware, but cleaning is an orderly process and must be done correctly. If you have a problem with an of the scans, please let me know what it is.
You do not need to quote my instructions.