Hello If SAS finds more than cookies post that log.
Download the FixTDSS.exe
Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe
file to start the removal tool.
to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said
If you are running Windows XP, re-enable System Restore.
This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes. From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.FixNCR.reg
insert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer.
>>>> Run RKill
....Download and Run RKill
Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.Rerun MBAM (MalwareBytes) like this:
- Please download RKill by Grinler from one of the 4 links below and save it to your desktop.
- Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
- Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
- A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
- If nothing happens or if the tool does not run, please let me know in your next reply
Open MBAM in normal/regular mode and click Update
tab, select Check for Updates
scan and scan (normal mode).
After scan click Remove Selected
, Post new scan log
into normal mode.