I would start out by doing a scan with Malwarebytes and then SuperAntiSpyware. Since you cannot access the internet with that computer, you will have to download the programs to another computer and save them to disk or usb and then transfer them to the infected one. I do not know how to have you update them before installing them though, but maybe running them unupdated and allowing them to fix whatever they find will be enough to get you back on the internet to where you can update them and then run them again.
Malwarebytes can be downloaded from any of these places...http://www.malwarebytes.org/mbam.php
alternate download link 1http://malwarebytes.gt500.org/mbam-setup.exe
alternate download link 2http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
Double-click on mbam-setup.exe to install the application. (If it will not download, install, or open after installation, change the name of it to whatever you want and change the .exe extension to .bat or .com or .pif or scr and then double click on it to run.)
When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware (guess you will have to skip this one for now)
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process.
After running that scan, post the complete log of the results here and then install SuperAntiSpyware, update (if possible) and run a quick scan with it and post the complete log of the results here. This scan may take some time to complete so please be patient.
That can be downloaded from SuperAntiSpyware.com
If it will not download, install, or open after installation, change the name of it to whatever you want and change the .exe extension to .bat or .com or .pif or scr and then double click on it to run.
If possible, both programs should be run in regular Windows, not safe mode. Allow both programs to remove whatever they find and if they tell you that you need to reboot your computer to complete the removal process, reboot into normal Windows.
Make sure you turn the firewall back on as soon as you are able to connect to the internet.I found a way to update Malwarebytes without having an internet connection on the infected computer. You can get the most current database definitions by installing Malwarebytes on a clean computer, launch the program, update through the Malwarebytes program, copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine.
Copy rules.ref file to the location indicated for your operating system.
XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware
Edited by Stang777, 18 July 2009 - 02:46 AM.