Okay. . . I'm shifting this topic to the specialized Malware Removal forum, where we'll get you up and running again.
In the upper right hand corner of the topic you will see a button called Options
. If you click on this in the drop-down menu you can choose Track this topic
. By doing this and then choosing Immediate E-Mail notification
and then clicking on Proceed
you will be advised when we respond to your topic and facilitate the cleaning of your machine.
Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
- I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
- Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
- Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
- I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
- Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
- After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand.
Since you are unable to use the internet on the infected computer, download requested files using a clean computer and transfer them to the infected machine using a CD or Flash drive. Also, you can use the same method to move requested logs from the infected computer to your clean computer so that you can post them here. If you choose to use a flash drive, please run the following program on your clean computer
before proceeding. Note that, unless otherwise specified, all other tools I ask you to run should be run on the infected computer
Please download Flash_Disinfector.exe
by sUBs and save it to your desktop.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.
- Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
- The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well. <-- THIS IS IMPORTANT!!!
- Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
- Wait until it has finished scanning and then exit the program.
- Reboot your computer when done.
- Please download OTL from one of the following mirrors:
- Save it to your desktop.
- Double click on the icon on your desktop.
- Click the "Scan All Users" checkbox.
- Check the boxes beside LOP Check and Purity Check.
- Under the "Custom Scans/Fixes" section paste in the below in bold
%systemroot%\*. /mp /s
- Push the button.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into the body of your next reply.
Please download GMER
from one of the following locations and save it to your desktop:
- Main Mirror
This version will download a randomly named file (Recommended)
- Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
-- If you encounter any problems, try unchecking the Devices box in addition to the others previously requested.**Caution**
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
- Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
- Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
- GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.log" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop, and copy/paste its contents in your next reply.
- Exit GMER and re-enable all active protection when done.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
~BladeIn your next reply, please include the following:OTL.txt
Edited by Blade Zephon, 02 July 2010 - 10:54 PM.