Professional Documents
Culture Documents
Very Important: Malware infections can possibly lead to identity theft, stolen bank
funds, misuse of credit card information etc. Therefore we strongly encourage you to
read this thread before deciding what course of action to take regarding your infection.
If after reading the above you wish to clean your system, please follow the steps below.
NOTE: This thread is a work in progress. As malware evolves, so must the programs that
find the malign entries and remove them. Grateful thanks to all the members who have
kept this "progress" going.
=========================================================
Do NOT perform a System Restore while we are cleaning. This can reinfect the system.
DO NOT make any other changes to your computer (e.g. installing programs, using
other cleaning tools, etc.), until it's officially declared clean!!! DO NOT make any
Registry Changes. And it is recommended that if you are running any Registry
editing program, that you either uninstall or disable that while we are in the
cleaning process
========================================================
Please run all scans in Normal Mode unless instructed otherwise. If you are not able
to access Normal mode, please let us know.
If you have a functioning, updating antivirus program, please leave it on the system
for now. If you're NOT running any antivirus, you should install one now. Please update
the antivirus program and run a full system scan.
• Avira Free
• Avast Home
=========================================================
TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE
temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users,
LocalService, NetworkService, and any other accounts in the user folder.
=========================================================
If you accidentally close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes'
Anti-Malware\Logs\mbam-log-date (time).txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented
with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection
process,if asked to restart the computer,please do so immediately.
=========================================================
Step 4: GMER
• Please download GMER from one of the following locations and save it to your
desktop:
Main Mirror This version will download a randomly named file (Recommended)
Zipped Mirror This version will download a zip file you will need to extract first.
If you use this mirror, please extract the zip file to your desktop.
• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security programs
will not conflict with gmer's driver.
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow
the gmer.sys driver to load if asked.
• Note: If you downloaded the zipped version, extract the file to its own folder such
as C:\gmer and then double-click on gmer.exe.
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
when first run. (do not use the computer while the scan is in progress)
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan
your system...click NO.
• Warning! Please do not select the "Show all" checkbox during the scan.
• When the scan is finished, click the Save... button to save the scan results to your
Desktop. Save the file as gmer.log.
• Click the Copy button and paste the results into your next reply.
• Exit GMER and be sure to re-enable your anti-virus, firewall and any other
security programs you had disabled.
=========================================================
Step 5: DDS
• Download DDS by sUBs and save to your desktop. After downloading the tool,
disable any script blocking protection.
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool. No input is needed, the
scan is running.
• Notepad will open with the results, click no to the Optional_Scan
• Follow the instructions that pop up for posting the results.
• When done, DDS will open two (2) logs:
[o]DDS.txt
[o]Attach.txt
• Close the program window, and delete the program from your desktop.
• Enable your Antivirus protection and reconnect to the internet.
** Include the contents of both logs in your new topic. The scan will instruct you to post
Attach.txt as an attachment. No need for that though, just paste it as you would any other
log.
Note: You may have to disable any script protection running if the scan fails to run.
=========================================================
Include the following logs into your next reply (copy & paste them) -- further indications
below:
Extended Guidelines
We ask you to paste logs into the reply unless instructed differently.
• Only include .txt or .log files as they are given by the program that was run.
Other files, such as .doc can contain active malware and will not be opened.
• To attach a log click on New Thread (or use Post Reply in your existing thread).
• Scroll down until you see a button Manage Attachments. Click on that and a
popup-window opens.
• Click on the Browse button, find the requested log file, and doubleclick on it.
• Now click on the Upload button in the popup. When done, click on the Close
this window button.
• You can attach more than one file to a post by repeating the above steps.
=========================================================
Step 6 & 7
This latest version of the malware removal guide has been condensed into six major
steps. You can now proceed to submit your information per the instructions above. Other
things you should know:
* New members coming for support should know that forum moderators have their
usernames highlighted in GREEN, while trusted malware helpers are highlighted in
PURPLE.
* Inactive topics where the user no longer comes back for feedback or confirm the issues
have been resolved will be closed after 5 days of inactivity.
* Read the complete Virus & Malware removal forum rules here.