Hello and welcome to the WhatTheTech Forum's .

Use at your own risk: WhatTheTech forum's, does not take responsibility for any outcome of following these directions. Every computer is different, so we cannot guarante the outcome. If you are apprehensive, please post a log from HijackThis in the designated forum and let us take a look and guide you to a clean system.

This is a "self help" to remove the infections on Windows 2000 and all XP versions ONLY.If you don't have W2K or XP, please Register and post a HijackThis log for manual removal. Instructions are below.

Keep in mind this infection can be accompanied by other infections as well. We strongly suggest you Register after running this fix and posting a HijackThis log for one of the pro's to check over.


You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.

Next:

Please download FixWareout from this site:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.

Once the desktop loads a text that will open (report.txt) Please save this file, you'll need to post it with a new HijackThis log.


Next:

Now lets check some settings on your system.
Enter your Control Panel and double-click on Network Connections

Then right click on your Default Connection
Usually Local Area Connection for Cable and DSL
Left click on Properties
Double-Click on the Internet Protocol (TCP/IP) item
Select the radio dial that says Obtain DNS Servers Automatically
Press OK twice to get out of the properties screen and reboot if it asks

Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two

you need to download HijackThis from here and post your HijackThis log here:

Please create a new Topic and post the requested items.
After reboot "copy/paste" the text file (report.txt) and a new Hijackthis log

Also please describe how your computer behaves at the moment.

This infection can also include the Smitfraud infection.

Please follow ALL the instructions