You must follow all these steps for posting to the forum! No shortcuts!
Scroll down and view all, please!
We want to help, really!
These instructions will tell you what we need you to run to pre-clean your computer, and what required logs to attach to your post.
This forum is for cleanup of symptomatic infections.
It is not to diagnose operating system applications, debate security issues or analyze just for the sake of analyzing. So please follow the instructions below so we may better assist you.
Those not following this carefully before posting, will find their topic closed, moved or removed.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
First make a copy (or print out) these instructions so you have them handy as some of the infection cleaning steps will need to be done offline and in Safe Mode.
1. Download, install, update all of these free antispyware programs.
This will remove the most commonly known types of spyware, hijackers and other common malware and will make our job easier.
After installing and updating each one, Do the Scan to clean in SAFE MODE, offline with IE closed
How to start the computer in Safe mode
»www.microsoft.com/resources/docu···mfr=true
Copy the instructions in the link above for easy use in safemode since you will not be able to access online information. (Note: Safe Mode with Networking is not recommended) Copy any other instructions you need to operate the programs you are using so you have them handy.
Download, Install, Scan instructions
1.a Spybot Search & Destroy 1.5 (free/donationware):
If you already have Spybot, make sure it is the latest version 1.5
Download it here:
»www.safer-networking.org/en/down···dex.html
(a) Download and install Spybot S&D.
(b) Click on "Update" in the left column.
(c) Click on "Search for Updates".
(d) Select a download location (usually one close to you).
(e) Click "Download Updates" and wait of the updating process to finish.
(f) Close all programs and reboot into safe mode. Do not open IE.
(g) Click "Search and Destroy" in the left column.
(h) Click "Check for Problems".
(i) Have Spybot remove/fix all the problems it identifies in RED. The items not listed in red should not be touched at this time.
(j) Reboot to normal mode and scan again. Repeat until no more bad (red highlighted) items are found.
1.b Ad-aware 2007 Free (freeware version for personal use):
»www.lavasoft.com/products/ad_aware_free.php
Note: Windows 2000, XP, and Vista only!
(a) Download and install Ad-Aware 2007 Free. If you an had an older Ad-aware installed, grant the installer permission to uninstall it when it asks.
(b) As the installation ends, leave these boxes checked: (i) Perform a full scan now, (ii) Update definition file now, (iii) Open the help file now. Click "finish".
(c) Reboot to SAFE MODE. Scan again with Adaware (full system scan)
(d) Wait for the scanning process to complete.
(e) Click "Next".
(f) Click "Critical Objects" and select all the items found for removal. ("Removal" actually puts things in quarantine, so you can generally recover them if you need to.)
(g) Reboot your computer back into normal mode.
(h) Repeat steps (c) through (h) until no more Critical Objects are found
If you are running Windows 2000, WinXP, or Vista download and run thes additional freeware scanners to clean for trojans and spyware (Note: These additional tools will not run on Win98/ME).
1.c Windows Defender (Microsoft) 1 (freeware)
»www.microsoft.com/athome/securit···ult.mspx
(a) Download and install Microsoft Windows Defender
(user the recommended settings on installation)
(b) Reboot to SAFE MODE
(c) Choose *Run Quick Scan Now*. Let it scan your system and choose to fix the infections found at the end.
(d) Reboot to normal mode and scan again. Repeat until no further bad items are found.
Complete instructions on using Windows Defender can be found here:
Using Windows Defender
»www.microsoft.com/athome/securit···ult.mspx
Q. Does the version of Windows Defender that is included in Windows Vista provide additional protection?
A. Yes. Windows Defender in Windows Vista offers additional performance and security enhancements including the ability to scan only files that have changed, to run under a security-enhanced account, and to scan files when you run them. Windows Defender will also allow you to scan files as you download them if you use Internet Explorer 7.
1.d Malicious Software Removal Tool
»https://www.microsoft.com/security/malwa···ult.mspx
(Just download and run it - it will remove any malicious malware found)
ONLINE SCANS
2. Get a free online Antivirus scan at one or more of the following. This is an important step to do even if you ran your resident AV program, as some malware can disable the program currently installed on your PC. The online AV scanners can sometimes reveal infections your present AV can not. Use both scanners. Do a full system scan, delete any infected files found, and choose to save the log at the end (we may need to see a copy)
Go here: »www.eset.eu/online-scanner to run an online scannner from ESET.
[*]Note: You will need to use Internet explorer for this scan
[*]Tick the box next to YES, I accept the Terms of Use.
[*]Click Start
[*]When asked, allow the activex control to install
[*]Click Start
[*]Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
[*]Click Scan
[*]Wait for the scan to finish
[*]Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
[*]Copy and paste that log as a reply to this topic, along with a new HijackThis log & a description of any remaining problems
eTrust Antivirus Web Scanner
»www3.ca.com/securityadvisor/viru···can.aspx
(if prompted, please *allow* Active X and the install of software - this is needed to scan your system)
It will take a while to download the updates needed, and then you'll be presented with a screen to scan your system.
Trend Micro (PC-cillin) - Free on-line Scan
»housecall.trendmicro.com/
3. If the above steps have solved the problem, please skip the following step. You can refer to this FAQ for additional cleaning, fine-tuning recommendations:
»Security »I think my computer is infected or hijacked. What should I do?
If you are still having a problem: Create a Diagnostic log using HijackThis
(a) Instructions for HijackThis:
* Download Trend Micro Hijack This™
»download.bleepingcomputer.com/hi···tall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply.
Most of what it lists will be harmless or even essential, don't fix anything yet. Someone will be along to tell you what steps to take after you post the contents of the scan results.
4. Do this only if you are still having a problem and need your HijackThis log analyzed.
Post a new Topic in the Security Cleanup Forum
Go to this link:
»Security Cleanup
Start your own thread by pressing the *New Topic* button. Do not interrupt other similar threads with your problem.
(a) Start the title of your post with "HJT Log" followed by a short remark regarding your problem.
(b) The first paragraph of your post should explain exactly what the problem is. For example, is it a system slow down? Is it Pop ups or ads? Is your computer trying to call out or send emails? etc...
(c) The second paragraph should tell us in detail, which one of the above steps you followed and what the results were. Which steps you had to skip and why, etc... Please note the phrase "in detail". "I've followed all the steps.", may not be enough information for those who are here to help.
(d) The third paragraph should contain the HijackThis log you copied in step 3.
Also copy and paste in the logs from the online AV scan; and Ewido (WinXP/2k only)
..........................................................................
5. Special Problems? If you encounter any of the following problems, here is some help so you can continue the steps
(A) If you are having trouble connecting to the Internet try running this WinSockFix utility to repair your connection:
WinSockFix 1.1.0.13 (free)
»www.softpedia.com/get/Tweak/Netw···ix.shtml
(B) If you can connect to the internet but are having a problem accessing certain security sites,such as those listed in this topic for downloading software and help, etc., you may have a Hijacker that has manipulated your HOSTS file.
To correct this situation, download this free tool called HostsXpert:
»www.funkytoad.com/content/view/13/
Unzip the HostsXpert file and doubleclick on HostsXpert.exe
(1). Press 'Restore Original Hosts' and press 'OK'
(2). Exit Program.
Note: if you were using a custom Hosts file you will need to replace any of those entries yourself
If you do not know what a HOSTS file is, you are most likely not using a custom one. If you are on a company computer, check with your system administrator first. For more information on HOSTS file hijacking, see here:
»Security »How do I recover from Hosts file hijacking?
Edit 24 April 2008 by CalamityJane:
1. Removed AVG antispyware, no longer available as a standalone spyware scanner.
2. Added Microsoft Malicious Software Removal Tool
3. Added Vista where it was missing in some places
Edit 03 Apr 2008 by CalamityJane: Updated for Ad-Aware 2007 and Hijackthis (installer version)
Edit 19 Nov 2007 by lilhurricane: References to MS Anti-Spyware removed (Defender)
Edit 16 Sep 2007 by CalamityJane: Updated Spybot v.1.5; and HostXpert (formerly "Hoster"); Added Ad-Aware
2007 Free for Vista
Edit 01 Sep 2007 by CalamityJane: Updated HijackThis instructions for Trend-Micro version.
Edit 08-20-07 by lilhurricane: Windows Defender info now includes Vista as a supported operating system
Edit 08 April 2007: Changed link for Safe Mode instruction to point to MS article. Using msconfig in WinXP is not recommended due to the fact that today's new malware sometimes deletes the safeboot key.
Edit 24 Oct 2006 by CalamityJane: Added eTrust online scanner; removed CWShredder and AboutBuster; Windows Defender is for XP only
Edit 07 Apr 2006 by CalamityJane: Microsoft Antispyware is now Windows Defender.
 show feedback form
 close
by CalamityJane 
last modified: 2008-04-24 21:18:34 |
