This are typical instructions:
Please reboot in "safe mode with networking
", then download Malwarebytes' Anti-Malware
(v1.50.1) and RKill
by Grinler, saving them to your desktop.RKill.exe Download LinkRKill.com Download LinkRKill.scr Download Linkalternate link with all versions
Renamed versions if the above do not work:iExplore.exe Download LinkeXplorer.exe Download Link <- this renamed copy is usually effective but may trigger an alert from MBAM...just ignore it.WiNlOgOn.exe Download LinkuSeRiNiT.exe Download Linkalternate link with all versionsRKill is available in several versions to include renamed versions in case one does not work, you can try another. As such, you may want to download and save more than one before proceeding.
After installing Malwarebytes', reboot normally, then proceed as follows:
-- If you get an alert that RKill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run RKill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that RKill can perform its routine.-- Some security tools may flag RKill as malware, especially when renamed to iexplore.exe, explorer.exe, winlogon.exe, etc because they have definitions in place that flag certain file names used outside their normal path. If you encounter such an alert when running Rkill, you can safely ignore it and continue to allow the program to run.Important: Do not reboot your computer
- Double-click on the Rkill desktop icon to run the tool.
Vista/Windows 7 users right-click and select Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, and try another version.
- If it still does not work, repeat the process and attempt to use one of the remaining version until the tool runs.
- Note: You may have to make repeated attempts to use RKill several times before it will run as some malware variants try to block it.
- A log file will be created and saved to the root directory, C:\RKill.log
- Copy and paste the contents of RKill.log in your next reply.
performing a scan with Malwarebyes'. A scan must be completed immediately after running RKill.
Perform a Quick Scan
in normal mode with Malwarebytes' Anti-Malware and follow these instructions
. Check all items found for removal. Don't forgot to check for database definition updates
through the program's interface (preferable method
) before scanning and to reboot afterwards. Failure to reboot normally
will prevent Malwarebytes' from removing all the malware. When done, click the Logs
tab and copy/paste the contents of the new report in your next reply.