Use at your own risk: WhatTheTech forum's, does not take responsibility for any outcome of following these directions. Every computer is different, so we cannot guarante the outcome. If you are apprehensive, please post a log from HijackThis in the designated forum and let us take a look and guide you to a clean system.

This is a "self help" to remove the Netproject infection.

Keep in mind this infection can be accompanied by other infections as well. We strongly suggest you Register after running this fix and posting a HijackThis log for one of the pro's to check over.


Please do not delete anything unless instructed to.


If you are running Vista:
1. These tools MUST be run from the executable. (.exe)
2. With Admin Rights (Right click, choose "Run as Administrator")

We strongly suggest you do this first.

ERUNT - Download - Homepage
This ensures we have a valid registry backup. ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore if needed. Removing modern malware infections often requires making changes to the registry, and a corrupt registry can prevent a system from booting. Compatible with Windows NT, 2000, 2003, XP, Vista, 32 & 64-bit versions.

1. Download ERUNT
2. Double-click erunt_setup.exe to run.
3. Follow the prompts and install using the default configuration (setup language, install location, shortcuts...).
4. Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.
   
5. Start ERUNT
6. Choose a location for the backup
   The default location C:\WINDOWS\ERDNT\[today's date] is preferred
   
7. The first two check boxes are ticked by default (System registry and Current user registry).
8. Press OK
9. When prompted, click YES to create a new folder.
10. Progress bars will show backup status.
11. A confirmation window will popup when complete. Click OK to close.

Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.


Next:

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  
  Next:
  
  Please download Malwarebytes' Anti-Malware to your desktop.
  
  
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
  • Finally paste the contents of the Report.txt, results from Malwarebytes scan back on the forum with a new HijackThis log
  
  Also please describe how your computer behaves at the moment.
  
  
  To prepare your computer for the help we offer, you can safely do the following before obtaining help:
  1. You can get a complete installer that installs HijackThis to C:\Program Files\HijackThis, making an entry in the start menu and also providing a desktop shortcut from http://www.whatthetech.com/hjt202/HJTInstall.exe.
  2. Click on the link and select Save, save it to your desktop.
  3. Go to the HijackThis Logs and Spyware/Malware Removal
  4. Click the
  5. Double click the HJTsetup.exe file on your desktop to install it.
  6. Open HijackThis and select: Do a system scan and save a log file.
  7. When the scan is finished, Click Edit> Select All> Edit> Copy> and paste its contents here please use the button below.
  8. Give the thread a title that describes your problem and in the post please explain what is happening to your PC and what you have tried to do so far to fix it.
     Do NOT fix anything that you see in the log (scanning will not make any changes to your computer).

Posting Guidelines:
[list=1]

Please copy and paste your log. DO NOT add it as an attachment

Post in one thread only. Use Add Reply (another button at the top of the list of posts in the forum, with the New Topic button) to answer or post new logs when they are requested, instead of starting another New Topic.

If you have run and fixed anything with any programs please reboot before scanning with HJT

Please DO NOT bump your log. Posting in multiple threads may also slow a reply to your post.

You can also go to the #whatthetech chatroom to ask for help with your problem, but you will still need to post your HJT log in the forum. You will require an IRC chat program or you can use the Java applet?

We will get to you as soon as we can, often within a few hours. At times the forums are very busy and there are not many trained volunteers available, so please be patient.

If you are running Vista:
1. These tools MUST be run from the executable. (.exe)
2. With Admin Rights (Right click, choose "Run as Administrator")