1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.


Discussion in 'Virus & Other Malware Removal' started by lees58, Aug 8, 2006.

Thread Status:
Not open for further replies.
  1. lees58

    lees58 Thread Starter

    Aug 8, 2006
    downloaded bruteforce installer but when i right click it dosent give me an option for extract all..just extract here....or extract to......doing it this way i cant create a new folder..can i just create the folder first then extract it too there later
  2. cfa-ddg2


    Oct 30, 2005
    hey lees58...

    What you propose for BFU should be fine as long as you extract ALL the content of the BFU to the folder you create and put the Alcan script in the same folder...

    Now that I have that information about Power Manager from the HJT startup list and you have not yet done my previous set of instructions, I'm going to modify them a bit...please do the following instead of what I instructed earlier:

    1. Please download Brute Force Uninstaller to your desktop.
    • Right click the BFU folder on your desktop, and choose Extract All
    • Click "Next"
    • In the box to choose where to extract the files to,
    • Click "Browse"
    • Click on the + sign next to "My Computer"
    • Click on "Local Disk (C: ) or whatever your primary drive is
    • Click "Make New Folder"
    • Type in BFU
    • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

    2. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
    Save it in the same folder you made earlier (c:\BFU).

    Do not do anything with these yet!

    3. Please do this:
    • Copy the contents of the Quote Box below to Notepad.
    • Name the file as fix.reg
    • Change the Save as Type to All Files
    • and Save it on the desktop

    Make sure there are NO blank lines before REGEDIT4
    Make sure there IS one blank line at the end of the file.

    Then double-click on the fix.reg file, and when it prompts to merge say yes, and this will clear the registry entries left behind by the malware.

    4. Killing a RunningProcess
    • Open HiJackThis
    • Click on the "Config..." button on the bottom right
    • Click on the tab "Misc Tools"
    • Click on "Open Process Manager"
    • Find and Click on c:\windows\svchost.exe
    • Click on "Kill Process" button
    • Click Yes
    • Close HJT

    5. Go to Start | Run and type this in the box: services.msc
    • Locate these services, 'Power Manager, then right click it and select properties.
    • Under Service Status: select Stop
    • In the drop down box labeled, Startup Type: select Disabled

    6. Delete an NT Service

    • Open HiJackThis
    • Click on the "Config..." button on the bottom right
    • Click on the tab "Misc Tools"
    • click on "delete an NT service"
    • Copy and paste this in: Power Manager<==use the exact name for the service listed above that you 'disabled'
    • Click "ok" (if HJT asks to reboot, click NO...we will reboot after the file deletion below).
    • close HJT

    7. Delete an Files on Reboot

    • Open HiJackThis
    • Click on the "Config..." button on the bottom right
    • Click on the tab "Misc Tools"
    • Click on "Delete File on Reboot"
    • Navigate to this file - C:\WINDOWS\v1201.exe
    • Double click on that file.
    • HJT asks you if you want to reboot, now. Click "no".
    • Do that for the following files also. When you get to the last one, click "yes" when HJT asks you to reboot.
    C:\Program Files\Hvdoe\Dwon.exe

    8. When the computer reboots, reboot to safe mode and search for these files and delete them when and if found:
    • right click start>>explore and then type/paste the filenames below one at a time into the search box, make sure to search all files and folders and select your hard drive:


    9. Now, please go to Start > My Computer and navigate to the C:\BFU folder.
    • Start the Brute Force Uninstaller by doubleclicking BFU.exe
    • Behind the scriptline to execute field click the folder icon [​IMG] and select alcanshorty.bfu
    • Press Execute and let the program do it's job. (You ought to see a progress bar if you did this correctly.)
    • Wait for the complete script execution box to pop up and press OK.
    • Press exit to terminate the BFU program.

    10. Reboot to Windows in normal mode and repeat the Panda Active scan that we did previously:

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

    11. Post the contents of the ActiveScan report and a new HJT log for me to review, and let me know how your system is running!
  3. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/490647

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice