Mandatory Steps Before Requesting Assistance Security Cleanup FAQ

You must follow these steps for posting to the Clean-up forum! No shortcuts!
Threads will be removed/closed unless you follow these instructions first.
Scroll down and view all

We want to help, really!
**Do not make any changes to your system, or add/remove programs unless directed by your helper**

These instructions will tell you what we need run to pre-clean your computer, and what required logs to attach to your post.

This forum is for cleanup of symptomatic infections. It is not to diagnose operating system applications, debate security issues or analyze for the sake of analyzing. Please DO NOT post logs to the main Security Forum, as they will not be reviewed there.

Follow the below outlined requirements so we may better assist you.

DO NOT RUN COMBOFIX OR OTHER 'TOOLS' UNLESS ASKED

Those not following this carefully before posting, will find their topic closed, moved or removed.

Some malware will try to block programs. If you are unable to get an application to run, try renaming the executable file to a random file name (such as somefile.exe, somefile.scr, etc) then try to see if it will run.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

First make a copy (or print out) these instructions so you have them handy. Alternate: »Site FAQ »How can I print a FAQ?

Pre-Cleaning Steps:

• If you are using Firefox, and have the add-on Linkification installed, please open the extension "General" options, and make sure to uncheck "Enable Auto-Linkification" (figure left).

• You can also set for the DSLReports and/or BroadbandReports domain only in preferences, if you choose to (figure right). See Screenshots below:

(a) If you have Spybot S&D or AdAware installed do the following:

If Spybot is installed

See »forums.spybot.info/showthread.ph···Teatimer

If Ad-Aware is installed and Ad-Watch is enabled: Before proceeding, disable Ad-Watch and leave it disabled until we're done here.
See »www.lavasoftsupport.com/index.ph···d-watch/

NB: If you don't fully understand what Tea Timer and/or Ad-Watch does and how it does it, best to leave it permanently disabled.

Special Note for Vista and Windows 7: In all that follows, and subsequent sessions, you need to run these utilties "As Administrator" in most cases. Right click the program executable and choose "Run as Administrator". If you do not do this, some of these utilities will fail to work, or fail to work properly. If you have any problems with any of the utilities you are asked to run, check that you ran the application as an Administrator. Some of these utilties will not give you a UAC prompt, they will simply exit without doing anything at all or showing an error message.

(b) Enable Show Hidden Files and Folders

Windows XP:

www.bleepingcomputer.com/tutoria···windows/

Windows Vista:

www.bleepingcomputer.com/tutoria···s-vista/

Windows 7:

www.bleepingcomputer.com/tutoria···ndows-7/

Windows 8:

www.bleepingcomputer.com/tutoria···ndows-8/

Open Notepad;
Click on Format;
Uncheck Word wrap, if checked.

(d) Disable Windows Defender

Open Windows Defender by clicking the 'Start' button
Click 'All Programs', then click 'Windows Defender'
Click Tools', then click 'Options'
Under 'Administrator options', select or clear the 'Use Windows Defender' check box
click 'Save'

If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

(e) Please disable the real-time protection on your AntiVirus program: »Security Cleanup FAQ »AntiVirus Programs - How to disable

(f) If you have CCleaner 2.3.6 or later installed:

Please make sure not to run CCleaner until we're done here, unless the following is unchecked
See screenshot:

Cleaning Steps:

1. Download TFC - Temp File Cleaner, saving it to your desktop:

If you're experiencing symptoms like missing files, folders, a blank Desktop, or an empty Start Menu, please skip this step and go on to Step 2.

»oldtimer.geekstogo.com/TFC.exe
»www.itxassociates.com/OT-Tools/TFC.exe

Save it to your Desktop.

Close any open windows, save your work,

Double click the TFC icon to run the program,

TFC will close all open programs itself in order to run,

Click the Start button to begin the process,

Allow TFC to run uninterrupted,

The program should not take long to finish it's job,

Once it's finished, click OK to reboot.

2. Download Malwarebytes Anti-Malware, saving it to your desktop.

»www.malwarebytes.org/mbam-download.php

Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application. (If using Windows Vista, be sure to "Run As Administrator")
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

»data.mbamupdates.com/tools/mbam-rules.exe
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.

The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.

The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

Make sure that everything is checked, and click Remove Selected.

When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

Copy and paste the contents of that report in your next reply and exit MBAM.

Note 1:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Note 2:
Some malware will try to block Malwarebytes' Anti-Malware. If you are unable to get Malwarebytes' Anti-Malware to run, rename the executable file (normally C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe) to a random file name (such as somefile.exe, somefile.scr, etc) and double-click the file to see if it will run.

3. Download AdwCleaner by Xplode, saving it to your desktop:

»general-changelog-team.fr/fr/dow···wcleaner

Operating Systems: Windows XP/Vista/Windows 7/Windows 8 - 32bit & 64bit

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select 'Run As Administrator'
Click on the Clean button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.

A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Note: If you use Antivir antivirus please see the information on the following webpage: »www.bleepingcomputer.com/downloa···cleaner/

4. Download OTL, saving it to your desktop:

»oldtimer.geekstogo.com/OTL.exe
»www.itxassociates.com/OT-Tools/OTL.exe

Close all open windows on the Task Bar. Click the OTL icon (for Vista, right click the icon and Run as Administrator) to start the program.

In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".

Now click Run Scan at Top left and let the program run uninterrupted. The scan may take 5-10 minutes.

Do not TOUCH your keyboard until the scan completes!

It will produce two (2) logs on your desktop, one will pop up called OTL.txt; the other will be named Extras.txt.

Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!

Exit OTL by clicking the X at top right.

5. Download Security Check, saving it to your Desktop:

»screen317.spywareinfoforum.org/S···heck.exe
»screen317.changelog.fr/SecurityCheck.exe

Double-click on SecurityCheck.exe and follow the on-screen instructions inside the black box.

A Notepad document named checkup.txt should then open automatically; close Notepad, saving the file to your desktop. We will need this log, too.

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

6. Online AV Scan

This is an important step to do even if you ran your resident AV program, as some malware can disable the program currently installed on your PC. The online AV scanners can sometimes reveal infections your present AV can not. An online scanner can't be "fooled" or damaged by malware. The online scan will not interfere with your currently installed AV program. The logs in your post are a required step.

Only do one of following scans. Try ESET first, and if you have any problems, then try the bitDefender scan. If neither scan works, skip this step but be sure to let us know both failed.

ESET Online Scan:

ESET Online Scanner works with x32 and x64 (AMD64 and EMT64) versions of Microsoft Windows - it does not work with Itanium (IA64) versions of Microsoft Windows.
The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.

Go here: »www.eset.com/onlinescan to run an online scannner from ESET.

Note: If IE doesn't work, try an alternate browser. Firefox & Opera are now supported w/ a downloadable tool.

You will find the Firefox/Opera tool here:

»/r0/download/1···.exe.zip

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
---or for 64bit Windows: C:\Program Files\ESET Online Scanner\log.txt
Copy and paste that log as a reply to your topic, along with a description of any remaining problems

bitDefender Online Scan:

Go here: »quickscan.bitdefender.com/ to run an online scannner from bitDefender.

Start the BitDefender online scan by pressing the 'Start Scan' button.

You will need to allow an ActiveX control or plugin to install for the scan to run.

Leave the scanning options at default and press "click here to scan"

When finished scanning, click on "click here to export the scan report"

Save it to your desktop, at "file name" type in "bdscan" then click save.

Please post the contents of the log in your next reply.

6. Post the generated logs into a new thread in the Clean-Up Forum:

Copy/paste the following into your post (in order):

the contents of the MBAM log (Step 2)
the contents of the AdwCleaner log (Step 3)
the contents of OTL.txt (Step 4)
the contents of Extras.txt (Step 4)
the contents of checkup.txt (Step 5)
the contents of the Online AntiVirus Scan log(Step 6)

If you follow the above steps, it will accomplish three things:

Providing us the information we need in order to help you efficiently and effectively will avoid delaying the cleaning process.

got feedback?

by lilhurricane edited by LoPhatPhuud
last modified: 2013-08-22 11:48:59

All FAQs → Security Cleanup FAQ → 2.0 Help - I'm Infected!

Mandatory Steps Before Requesting Assistance