Do you have any *.dat
files on the desktop?
If so, this infection creates them to hold and transmit stolen account data, autocomplete login names and passwords. If you have multiple accounts, there will be an x.dat and z.dat under every user account (user profile) so check each one -> C:\Documents and Settings\username\*.dat
If that is the case, rename these *.dat to .txt
files and open them up in notepad to see what passwords are listed. Then change them immediately from a different computer. Let me know what you find but regardless of whether you find them or not, please do this:
Please download SDFix
by AndyManchesta and save it to your desktop.alternate downloadWhen using this tool, you must use the Administrator's account or an account with "Administrative rights"
- Double click SDFix.exe and it will extract the files to %systemdrive%
- (this is the drive that contains the Windows Directory, typically C:\SDFix).
- DO NOT use it just yet.
Reboot your computer in "Safe Mode
" using the F8
method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Open the SDFix folder and double click RunThis.bat
to start the script.
-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
- Type Y to begin the cleanup process.
- It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load, the SDFix report will open on screen and also save a copy into the SDFix folder as Report.txt.
- Copy and paste the contents of Report.txt in your next reply.
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.
-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
Reboot and then run SDFix again.
-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.