Now rescan again with Malwarebytes Anti-Malware, but this time perform a Full Scan
in normal mode and check all items found for removal. Don't forgot to check for database definition updates
through the program's interface (preferable method
) before scanning and to reboot afterwards. Failure to reboot normally
(not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs
tab and copy/paste the contents of the new report in your next reply.
Please download TFC
by Old Timer and save it to your desktop.alternate download link
- Save any unsaved work. TFC will close ALL open programs including your browser!
- Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
- Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
- Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Please download Norman Malware Cleaner
and save to your desktop.alternate download link
Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
- Be sure to print out the instructions provided on the same page.
- Restart your computer in "Safe Mode".
- Double-click on Norman_Malware_Cleaner.exe to start the program.
- Read the End User License Agreement and click the Accept button to open the scanning window.
- Click Start Scan to begin.
- In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
- After the scan has finished, a log file with the date (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
Please download and scan with Dr.Web CureIt
- alternate download link
.Follow these instructions for performing a scan in "safe mode"
If you cannot boot into safe mode or complete a scan, then try doing it in normal mode. Be aware, this scan could take a long time to complete.
-- Post the log in your next reply. If you can't find the log, try to write down what was detected/removed before exiting Dr.WebCureIt so you can provide that information.IMPORTANT NOTE
: One or more of the identified infections (msupdte.exe
) was a backdoor Trojan
. Backdoor Trojan
, and IRCBots
are very dangerous
because they compromise system integrity
be making changes that allow it to be used by the attacker for malicious purposes. They can disable your anti-virus and security tools to prevent detection and removal
. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. Read Danger: Remote Access Trojans
If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately
to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised
and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router
, you need to reset it with a strong logon/password so the malware cannot gain control again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:
Although the infection was identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed
. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat
and reinstall the OS. Please read: