If you cannot use the Internet or download any required programs
to the infected machine, you are going to need access to another computer (family member, friend, library etc) with an Internet connection.
Please download Malwarebytes Anti-Malware
, save it to a flash (usb, pen, thumb, jump) drive or CD, transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe
so it will install on the hard drive. If you cannot copy files to your usb drive, make sure it is not "Write Protected
". Some flash drives have a switch on the side which could have accidentally been moved to write protect.
You will also need to, manually download the database updates
, save and transfer them as well. After installing MBAM, just double-click on mbam-rules.exe
to install and update.
Mbam-rules.exe is not
updated daily. Another way to get the most current database definitions if you're having problems updating, is to install MBAM on a clean computer, launch the program, update through MBAM's interface, copy the definitions (rules.ref
) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system.
- XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
- Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware
If you cannot see the folder, then you may have to Reconfigure Windows
to show it.
After transferring MBAM to the infected computer, follow these instructions:MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
- Double-click on mbam-setup.exe to install the application.
- When the installation begins, follow the prompts and do not make any changes to default settings.
- Double-click the MBAM icon on your desktop and on the Scanner tab.
- Make sure the "Perform Quick Scan" option is selected.
- Then click on the Scan button.
- If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
- When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
- Click on the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked, and click Remove Selected.
- When removal is completed, a log report will open in Notepad.
- The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the contents of that report in your next reply and exit MBAM.
Reset your network settings and Configure TCP/IP to use DNS
- Go to Start > Control Panel, and choose Network Connections.
- Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
- Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
- Under the General tab, write down any settings in case you should need to change them back.
- Select the button that says "Obtain an IP address automatically" or make sure the DNS server IP address is the same as provided by your ISP.
- Select the button that says "Obtain DNS servers automatically".
- If unknown Preferred or Alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
- Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
: It's possible that your ISP (Internet Service Provider) requires specific DNS server settings. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address, then you may proceed.
Check your Proxy settings to make sure malware did not alter them:
- Open Internet Explorer > click Tools > Internet Options > Connections tab.
- Click the LAN Settings... button and uncheck Use a proxy server for your LAN or
change the settings to the proxy you normally use if you previously reconfigured it.
- Click Ok and then click Ok again.
- Close Internet Explorer and restart the computer.
- Open Firefox, click Tools > Options > Advanced and click the Network Tab.
- Under the Connection section click on the Settings... button.
- Under Configure Proxies to Access the Internet, Check No proxy. This is the default option if you don't use a proxy.
- Click Ok and then click OK again.