SPYWARE / MALWARE / VIRUS REMOVAL
INSTRUCTIONS - Please read this BEFORE posting for malware removal assistance.
Disclaimer: WhatTheTech, does not take responsibility for any outcome from following these directions. Every computer is different, so we cannot guarantee the results.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ONLY REGISTERED MEMBERS MAY RECEIVE ASSISTANCE
PLEASE TAKE A MOMENT TO REGISTER HERE FIRST
REGISTERING IS EASY AND FREE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CAUTION - Please DO NOT USE any SPECIALIZED MALWARE REMOVAL TOOLS, without supervision.
Be advised that running specialized tools on your own, is done solely at your own risk. Doing so could make your pc inoperable and could require a full reinstall of your OS, losing all your programs and data.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PREPARING TO POST
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Step 1. Please tell us what issues you're having with your computer.
Step 2. Download one of the three tools listed below and post the scan results using Copy / Paste.
Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")
Tool #1:
~~~~
DDS
~~~~
Please download DDS from LINK 1 or LINK 2
and save it to your desktop.
- Double click dds.scr to run the tool.
- When done, two DDS.txt's will open.
- Save both reports to your desktop.
DDS.txt
Tool #2:
~~~~
HijackThis
~~~~
Download HijackThis .
- Save HijackThis.exe to your desktop.
- Doubleclick on the HijackThis.exe icon on your desktop.
- By default it will install to C:\Program Files\Trend Micro\HijackThis .
- Click on Install.
- It will create a HijackThis icon on the desktop.
- Once installed, it will launch Hijackthis.
- Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
- DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
- DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Tool #3:
~~~~
OTL
~~~~
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Under Custom Scan paste this in
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
- You may need two posts to fit them both in.
The next step is to start your topic.
Click the Start Button below and post the information from Steps 1 and 2
Start a in Spyware / Malware / Virus Removal Forum
How to create a new topic
Do not reply to your own topic - Helpers look for topics with 0 replies.
If you do not receive a reply to your initial post after three days please post a reminder for us HERE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malware and Spyware Removal Forum Rules:
- Combofix should NEVER be run unless requested. While it's a powerful tool useful for removing a number of infections, things can, and do go wrong. Sometimes systems even refuse to boot. There are safeguards built into Combofix, but only someone trained in its use will be able to help you recover. The logs generated can also be very difficult to interpret properly.
- Please stay with your original topic when posting follow ups.Use the ADD REPLY button, do not "QUOTE" the previous post.
- The "Topic Title" should contain the name of the infection that you are having a problem with e.g. WinTools, http://...sp.html etc. Use the "Topic Description" to include more details. This will help you get faster responses as some people are more familiar with certain infections.
- Tell us if you're having any problems, and please be specific. Let us know what you've already done to fix it (if anything).
- If you do not understand a step, do not panic, simply ask for direction and information. We will offer any advice necessary to help you.
- Please only post your topic once. Duplicate posts will be closed, it just creates additional work for the staff members trying to help you.
- Do not create posts at multiple forums. Logs take time to diagnose, and doing this will waste multiple helpers time which is already over-stretched. If you do this your topic will be closed.
- Do not attach logs unless directed to do so, as it is harder to read that way. Post them instead
- If you are being helped and you haven't replied within 3 days your topic will be closed as inactive.
If that is the case, please start a new topic when you have the time needed to finish all the instructions.
If you would like to know who is helping you here at WhatTheTech Forums please read The Different Groups Here At WhattheTech.
If you would like to learn more about how free, community based tech support works CLICK HERE.