Bobbye
Posts: 16,313 +36
Holiday Notice! I will not be working on the threads Sat. Dec. 24 or Sunday Dec. 25. I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that. Please do not send a PM during those days.
------------------------------
There was evidence of the System Restore malware earlier. Sine you are still being redirected, I'd like you to do the following: Note: It is important that you follow the order of these programs. Best to print the instructions if possible:
it is important that you do not delete any files from your Temp folder or use any temp file cleaners.
1. Download Unhide.exe and save to the desktop.
================================
2. Boot into Safe Mode
3. To end the processes that belong to the rogue program:
Please click on RKill
=======================================
Do not reboot your computer after running RKilll as the malware programs will start again.
================================
4. This malware frequently comes with the TDSSrootkit, so do the following:
If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
====================================
5. Update and rescan with Malwarebytes:
6. Correct Display Changes if needed:
If the desktop background is black or if the theme has been removed:
For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
=====================================
You can now reboot back into Normal Mode
====================================
Please let me know if the redirect has been resolved.
Leave the logs in your next reply.
------------------------------
There was evidence of the System Restore malware earlier. Sine you are still being redirected, I'd like you to do the following: Note: It is important that you follow the order of these programs. Best to print the instructions if possible:
it is important that you do not delete any files from your Temp folder or use any temp file cleaners.
1. Download Unhide.exe and save to the desktop.
- Double-click on Unhide.exe icon to run the program.
- This program will remove the +H, or hidden, attribute from all the files on your hard drives.
================================
2. Boot into Safe Mode
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode with Networking option when the Windows Advanced Options
menu appears, using your up/down arrows to reach it and then press ENTER.
3. To end the processes that belong to the rogue program:
Please click on RKill
- At the download page, click on Download now button for iExplore.exe download link and save to the desktop
- Double click on the iExplore.exe icon
- Please be patient- it may take a bit.
- The black Window will close when through and you can continue.
=======================================
Do not reboot your computer after running RKilll as the malware programs will start again.
================================
4. This malware frequently comes with the TDSSrootkit, so do the following:
- Download the file TDSSKiller.zip and save to the desktop.
(If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.) - Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
- Double click on TDSSKiller.exe. to run the scan
- When the scan is over, the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). - Select the action Quarantine to quarantine detected objects.
The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43 - After clicking Next, the utility applies selected actions and outputs the result.
- A reboot is required after disinfection.
If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
====================================
5. Update and rescan with Malwarebytes:
- Select Perform Full Scan on the Scanner tab
- Click on the Scan button.
- When scan has finished, you will see this image:
- Click on OK to close box and continue.
- Click on the Show Results button.
- Click on the Remove Selected button to remove all the listed malware.
- At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format>Uncheck Word Wrap before copying the log to paste in your next reply.
6. Correct Display Changes if needed:
If the desktop background is black or if the theme has been removed:
For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
=====================================
You can now reboot back into Normal Mode
====================================
Please let me know if the redirect has been resolved.
Leave the logs in your next reply.