UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

Very Important: Malware infections can possibly lead to identity theft, stolen bank
funds, misuse of credit card information etc. Therefore we strongly encourage you to
read this thread before deciding what course of action to take regarding your infection.

If after reading the above you wish to clean your system, please follow the steps below.

NOTE: This thread is a work in progress. As malware evolves, so must the programs that
find the malign entries and remove them. Grateful thanks to all the members who have
kept this "progress" going.

=========================================================

• These steps are NOT meant to be a ONE-STOP-FIX-ALL.

• They only serve to help you produce some logs, so we can see if your system
needs further attention and cleaning.
• Please make sure you complete ALL the steps in this thread, in the order that
they are listed BEFORE you post the requested log files.
• If you have any problems following any of the instructions, please ask for
assistance.

Do NOT perform a System Restore while we are cleaning. This can reinfect the system.

DO NOT make any other changes to your computer (e.g. installing programs, using
other cleaning tools, etc.), until it's officially declared clean!!! DO NOT make any
Registry Changes. And it is recommended that if you are running any Registry
editing program, that you either uninstall or disable that while we are in the
cleaning process

========================================================

Please run all scans in Normal Mode unless instructed otherwise. If you are not able
to access Normal mode, please let us know.

Step 1: Antivirus scanning

If you have a functioning, updating antivirus program, please leave it on the system
for now. If you're NOT running any antivirus, you should install one now. Please update
the antivirus program and run a full system scan.

Recommended Free Antivirus:

• Avira Free
 • Avast Home

=========================================================

Step 2: Temporary File Cleaner

Download TFC to your desktop

• Open the program and close any other windows.

• TFC will close all programs when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to
finish its job.
• TFC requires a reboot immediately after running. Be sure to save any unsaved
work before running TFC. It should reboot your machine, if not, do it yourself to
ensure a complete clean process.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE
temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users,
LocalService, NetworkService, and any other accounts in the user folder.

=========================================================

Step 3: Malwarebytes Anti-Malware

• Download Malwarebytes' Anti-Malware and save to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
[o] Update Malwarebytes' Anti-Malware
[o] Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. and you may be prompted to
Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs
tab in MBAM.

If you accidentally close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes'
Anti-Malware\Logs\mbam-log-date (time).txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented
with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection
process,if asked to restart the computer,please do so immediately.

** Please include the log with your next reply.

=========================================================

Step 4: GMER

• Please download GMER from one of the following locations and save it to your
desktop:
Main Mirror This version will download a randomly named file (Recommended)
Zipped Mirror This version will download a zip file you will need to extract first.
If you use this mirror, please extract the zip file to your desktop.
• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs
will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow
the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such
as C:\gmer and then double-click on gmer.exe.

• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan
your system...click NO.
• Warning! Please do not select the "Show all" checkbox during the scan.
• When the scan is finished, click the Save... button to save the scan results to your
Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and be sure to re-enable your anti-virus, firewall and any other
security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.

If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

=========================================================
Step 5: DDS

• Download DDS by sUBs and save to your desktop. After downloading the tool,
disable any script blocking protection.
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool. No input is needed, the
scan is running.
• Notepad will open with the results, click no to the Optional_Scan
• Follow the instructions that pop up for posting the results.
• When done, DDS will open two (2) logs:
[o]DDS.txt
[o]Attach.txt
• Close the program window, and delete the program from your desktop.
• Enable your Antivirus protection and reconnect to the internet.

** Include the contents of both logs in your new topic. The scan will instruct you to post
Attach.txt as an attachment. No need for that though, just paste it as you would any other
log.

Note: You may have to disable any script protection running if the scan fails to run.

=========================================================

Step 6: Log Handling Instructions

Include the following logs into your next reply (copy & paste them) -- further indications
below:

• Malwarebytes Anti-Malware log

• GMER log
• DDS logs: both DDS.txt and Attach.txt

Extended Guidelines
We ask you to paste logs into the reply unless instructed differently.

• Use either Ctrl+C or right click> copy on the log

• Open the Reply and use either Ctrl+V or right click> Paste to put the log in the
reply.
• You may split the log if it is too long for one post.
• Repeat if there are multiple logs.
If your helper tells you it's okay to attach a specific log, follow this

• Only include .txt or .log files as they are given by the program that was run.
Other files, such as .doc can contain active malware and will not be opened.
• To attach a log click on New Thread (or use Post Reply in your existing thread).
• Scroll down until you see a button Manage Attachments. Click on that and a
popup-window opens.
• Click on the Browse button, find the requested log file, and doubleclick on it.
• Now click on the Upload button in the popup. When done, click on the Close
this window button.
• You can attach more than one file to a post by repeating the above steps.

=========================================================

Step 6 & 7

This latest version of the malware removal guide has been condensed into six major
steps. You can now proceed to submit your information per the instructions above. Other
things you should know:

* New members coming for support should know that forum moderators have their
usernames highlighted in GREEN, while trusted malware helpers are highlighted in
PURPLE.
* Inactive topics where the user no longer comes back for feedback or confirm the issues
have been resolved will be closed after 5 days of inactivity.
* Read the complete Virus & Malware removal forum rules here.