Please download Malwarebytes Anti-Malware
(v1.34) and save it to your desktop. Print out and follow the instructions here
for performaning a Quick Scan
in normal mode and check all items found for removal. When done, click the Logs
tab and copy/paste the contents of the new report in your next reply.Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with disinfection. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Temporarily disable such programs or permit them to allow the changes. Click this link to see a list of programs that should be disabled.
If you cannot use the Internet or download any programs to the infected machine, you are going to need access to another computer (family member, friend, etc) with an Internet connection. Save mbam-setup.exe
to a flash (usb, pen, thumb, jump) drive or CD, transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe
so it will install on the hard drive.
You will also need to manually download the updates
from another computer, save and transfer them to the infected machine. After installing MBAM, just double-click on mbam-rules.exe
to install the update.Mbam-rules.exe is not updated daily. Another way to get the most current definitions is to update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.