Hi and welcome to the Bleeping Computer malware removal forum. If you are reading this article, then you are most likely looking for a solution to a possible malware infection on your computer. Please follow these steps in order to provide information that we can use to analyze your computer's configuration. Please note that these steps may appear to be long and daunting. In reality, though, they are very simple and are only so many steps as we wanted to be as detailed as possible in the instructions.
Before you perform these steps, it is suggested that you first check to see if there is a self-help guide for infection here:
Virus, Spyware, and Malware Removal Self-Help Guides
If there is one, then you can attempt to use the self-help guide first and then continue with these steps if you feel that you are still infected.
- Backup your data!
Regardless of whether or not you have a malware infection, routinely backing up your data should be an important part of every computer users life. Whether it be a hard drive that has failed or malware that has caused your computer to become inoperable, not having your files, pictures, email, and music can be a disaster. We therefore suggest that before we move forward with this cleaning process, you first backup your data to a secure location. That secure location could be a burnable DVD, an external backup drive, or another computer. I have listed free backup software that you can use below:
- Not all slow computers are caused by Malware.
A very common reason members post malware removal topics is because they find their computer has become slow. We suggest that before you follow any of the steps below, you first read the following topic that provides a wealth of information on how to increase the performance of your computer.
Slow Computer/browser? Check Here First; It May Not Be Malware
If after following the suggestions in the above topic, you still have a problem, then please proceed with the rest of the steps.
- Create a free account
In order to submit a Malware Removal log you will need to be a logged into the forums with a registered account. Registering is free and allows us to distinguish one user from another. To register an account simply click on the following link:
After you click on this link you will be brought to a page asking you to fill in some information in order to create your free account. Please enter a login name, a display name that will be your public nickname on the site, a password, and a valid email account that you check regularly. It is important that you enter a valid email address as notifications will be sent to this address when someone replies to a topic you have created. You can then optionally enter the other information that is requested. Finally, when all required fields are filled in, enter the security code found in the image and press the Submit my registration button.
After you press the Submit button, the site will generate an email and send it to the email address that you registered with. In this email is a validation link that you must click on in order to finish the registration of your new account. Once this process has been completed, you will now be able to post in all the forums at Bleeping Computer.
- Enable topic reply notification by default.
In order to be notified via email when your topic has a reply you need to enable topic notifications. To enable topic notifications you should do the following:
- Click on this My Settings Link.
- Click on Notification Options.
- Put a checkmark in the checkbox labeled Watch every topic I reply to.
- Set the If enabled, choose default notification type menu option to Immediate Notification to have an email sent immediately when someone replies.
- Then scroll down a little bit and under Topics & Posts make sure that the Email checkbox is checked for the Notification method to use for topic replies and reply digests option.
- Click on the Save Changes button.
- Enable a firewall
Before you continue it is important that you enable a firewall. Doing so, will help to stop your computer from being further infected with malware as we are cleaning your computer as well as provide an easier disinfecting process for our helpers. When the cleaning process is done, we will recommend other firewalls that you can use instead of the built-in Windows firewall if you wish.
For instructions on how to enable the Windows XP Firewall, you can read this tutorial. To enable the firewall in later versions of Windows, you should enter the Control Panel and then click on the Windows Firewall menu icon. Once the Windows Firewall settings open, you can enable or disable the firewall.
- Download and Run Farbar Recovery Scan Tool (FRST) which will create a log of various information from your computer.
Download Farbar Recovery Scan Tool, or FRST, from the following location: FRST Download Link
When you click on the above link you will be brought to a download page. Please click on the Download Now 32-bit version or Download Now 64-bit version button depending on the bit type of your Windows version. If you are unsure what bit-type your installed Windows is, please consult this tutorial:
How to tell if you are running a 32-bit or 64-bit version of Windows
Once you click on the appropriate download button, you will be brough to a downloading screen, where if you wait, the download will automatically start. If you see a prompt asking if you wish to Run or Save the file, please click on the Save button and save it to your desktop.
Figure 1: FRST Save File dialog box
Your browser will now download FRST and save it on your Desktop. When it is done downloading you will find an icon on your desktop that looks like Figure 2 below.
Figure 2: FRST Icon
Now double-click on the FRST.exe or the FRST64.exe icon depending on which version you downloaded to start the program. Once you double-click the icon a User Account Control warning may also appear asking if you are sure you would like to run the program. This warning is shown in Figure 3 below.
Figure 3: User Account Control warning
Click on the Yes button to allow FRST to start. If no warning appeared, as shown above, then you should just continue reading.
FRST will now display a Disclaimer of Warranty window. Please read through this agreement, and if you agree to it, please click on the Yes button to continue. If you clicked on Yes, FRST will now open and you will be presented with the main window as shown below.
Figure 4. Farber Recovery Scan Tool Main Screen
At this point, please do not change any options and just click on the Scan button to begin the scanning and report creation as shown below.
Figure 5: FRST scanning and generating the report
The scanning process can take a while, so please be patient while FRST scans your computer and creates and report that can be used by our helpers. When FRST is done generating the reports it will create them as FRST.txt and Addition.txt in the same location as you downloaded and ran FRST from. If you ran it from the Windows desktop, then the reports will be made there. The program will then display a prompt stating that it has finished as shown below.
Figure 6: FRST - Scan done prompt
Please click on the OK button and FRST will display the FRST.txt log in a Notepad window as shown below.
Figure 7: FRST.txt Notepad window
FRST will then display another prompt that states the second log, Addition.txt, is about to be shown as well. Press the OK button and a Notepad window will open that displays the Addition.txt log as shown below.
Figure 8: Addition.txt Notepad window
Feel free to review these logs and when done, close both Notepad windows as well as the FRST program. Do not, though, delete the FRST.txt and Addition.txt files as they are needed in the next section.
If you have any problems running FRST or generating a log, please proceed to the next step and state what problems you had with FRST when creating your malware help topic.
- Create a new malware removal topic and post the FRST logs
Now click on the following link to open a new browser windows where you will create a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum:
Post a new malware removal request
In the new browser window you will see a screen that asks you to fill in various information. For the Topic Title please enter a description of your problem containing the infection name or something specific to the infection you are having. For example if you have a particular worm, type the name of the worm in the title. If you are infected with Virtumonde or Winfixer, type that into the title. We have found that those people who enter in specific and detailed info about their infection tend to get cleaned up quicker as the helper is prepared.
Example 1 - Topic Title
Example 2 - Topic Title
The next part that you must fill out is the actual message of thepost. An example of the message area appears below:
Figure 9: Example message area
In the white message area, as shown above, write a detailed description of your problem and then press the enter key. Now copy and paste the contents of the FRST.txt log that should be located on your desktop. You can do this by going to your Windows desktop and double-clicking on the file named FRST.txt to open it. After the Notepad window is opened, right-click in the notepad and select Select All. Then right click again and select Copy. Now go back to the Post and right click in the post area and select Paste to paste the contents of the FRST.txt report into the post. Do this as well with the Addition.txt file.
When done, you should now have a post consisting of the detailed description of your problem and the contents of the FRST.txt and Addition.txt log files.
The more you can tell us about a problem, the better and easier it will be to help you. In other words, "Help, I get a blue screen when I start my computer" will only result in the helper asking you what the specific message is. Instead in your first post, actually tell us the exact message, word-for-word, that you are receiving.
Once you have finished entering your message into the message body of the post, scroll down and click on the Post New Topic button to actually post your new topic to the forums. If you receive a message stating that the post is too large, remove the Addition.txt log from the post and try posting again. If that works, then you can reply to the new topic you just made and post the Addition.txt as its own post.
- What to expect now that you have created your topic.
Now that your topic is posted, you should be patient and wait for someone to look at your log in order to advise as to what you should do. Everyone who works on this site is a volunteer, and there are a lot more people requesting help than there are helpers able to provide it. The current avg response time is about 5 days, but hopefully sooner, before someone can get back to you regarding your problem. While you are waiting we request that you do not do the following as it may affect the help you receive:
- Do not attempt to fix any of the entries that you find within these logs as it may cause damage to your computer's configuration. Any helper who answers topics in this forum is trained on how to interpret these logs. As there is a lot of wrong information on the Web, those who are not trained may remove entries that appear suspicious according to information you find, but are in fact legitimate programs.
- Do not post at another site asking for the same help for the same computer unless you previously have asked us to close your topic. If we find that you have posted for help at another site regarding the same problem, we will be forced to close your topic here. This is because two different sites can give conflicting advice, which makes it harder for our helpers to provide quality help.
- Last, but not least, be patient. I know it is very stressful to have a computer with a potential malware infection, but unfortunately it will take some time to get to your topic. We will, though, get to you and attempt to resolve your issues to the utmost of our ability.
Thank you and have a nice day!
The Bleeping Computer Staff