Before beginning the cleanup process,
it's very important that you back up all of your important data, photos, music, etc. to other media such as CDs or an external hard drive. An infected computer can be highly unstable and even a healthy one can crash and become unbootable at any time for a number of reasons so you should regularly back up anything that you wouldn't want to lose.
Also, many infections these days allow hackers to take control of your computer and obtain passwords and other sensitive information it may contain. With any infection, you should immediately change all passwords for logins, especially if you use your computer for banking and/or other types of financial transactions, but you must do so from a clean computer and not use the infected one for any such purposes.
Now you are ready to begin the clean up process. Please follow the steps outlined below and post the requested logs in your initial post(s). You may have to make more than one post if the logs are too long. Please only upload logs as attachments when specifically requested to do so as copying and pasting them is much easier to read and follow in the thread.
1. Please download HijackThis:
Please go
here to download
HijackThis.
- To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.exe file to your desktop.
- Double-click the HijackThis.exe file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.
- Click on the Scan button. The scan will not take long and when it's finished the resulting log will open automatically in Notepad.
- Save the log file to your desktop. Copy and paste the contents of the log in your post.
Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary..
2
. Please download DDS by sUBs to your desktop from one of the following locations: http://download.bleepingcomputer.com/sUBs/dds.com http://download.bleepingcomputer.com/sUBs/dds.scr http://www.infospyware.net/sUBs/dds/
Disable any script blocker you may have as they may interfere and then double-click the DDS.scr to run the tool.
When DDS has finished scanning, it will open two logs named as follows:
DDS.txt
Attach.txt
Save them both to your desktop and then proceed on to the next step.
3. Please download GMER (only for use on 32-bit operating systems) from:
http://www.gmer.net/index.php
Click on the "Download EXE" button and save the randomly named .exe file to your desktop.
Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.
Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.
If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are
unchecked on the right-hand side:
IAT/EAT
Any drive letter other than the primary system drive (which is generally C).
Click the
Scan button and when the scan is finished, click
Save and save the log in Notepad with the name ark.txt to your desktop.
Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. If you have a 64 bit computer do not download or run Gmer as it is not designed to work on a 64 bit system (no currently available rootkit scanner is) so will not give any useful information.
Please post the requested logs/reports, as follows:
1.
Copy and paste the HijackThis log.
2.
Copy and paste the contents of the DDS.txt file.
3.
Upload as an attachment the Attach.txt file.
There is no need to zip it as suggested in the DDS instructions
4.
Copy and paste the contents of the ark.txt file.
Once you've posted the requested logs please be patient and wait for assistance. Our qualified helpers are all very busy and will try to get to you as soon as possible. If you haven't received a reply within 48 hours, you can post a reply to your thread that will simply "bump" it back up to the top where it's more likely to be noticed.
Other Important Notes: Effective October 30th, 2008 a new procedure has been implemented so that everyone can easily see if posters are receiving assistance or not, even if they've replied to their own thread. In the past, this led us to believe they were receiving assistance as helpers looked for threads with 0 replies first when looking for posters to help.
Now, when a user starts a new thread in the Malware Removal & HijackThis forum, the thread is automatically tagged
"New" which appears to the left of the thread title. The tag
"New" remains there even if the thread starter replies back to their own thread to add additional information. This also means that the thread starter can now post a reply to "bump" their thread back up to the top as is done in other forums. However, we do ask that posters be patient and wait at least 24 hours before doing so.
When a helper replies to a thread they will change the tag to read
"In Progress" so that other helpers will know that the poster is now receiving assistance.
When the thread is solved then the thread starter should click on the "Mark Solved" button that appears on the upper left side of the first post in the thread so that it can be tagged as "Solved".
Note: Duplicate threads will be merged, deleted or closed at Moderator discretion.
Threads will automatically close after 45 days of inactivity.
IMPORTANT NOTE REGARDING CORPORATE/COMPANY OWNED COMPUTERS
Please do not request assistance for corporate/company owned computers. Many changes/deletions are made during the clean up process, some of which may involve uninstalling programs, deleting folders/files, changing settings and/or removing policies etc. As we have no way of knowing for sure if these are actually needed for company operations, malware issues in these cases should be handled by your own IT Departments in order to avoid any undesirable results. 
Login 
Search 
Similar Threads 
Facebook
Twitter
TechGuy.tv
TSG Mobile