to the Malware Removal forum! My online alias is Blade Zephon
, or Blade
for short, and I will be assisting you with your malware issues!If you have since resolved the original problem you were having, we would appreciate you letting us know.
In the upper right hand corner of the topic you will see a button called Watch Topic
. By clicking this and then choosing Immediate E-Mail notification
and then clicking on Proceed
you will be advised when we respond to your topic and facilitate the cleaning of your machine.
Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
- I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
- Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
- Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
- I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
- Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
- After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand.
Please download GMER
from one of the following locations and save it to your desktop:
- Main Mirror
This version will download a randomly named file (Recommended)
- Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
-- If you encounter any problems, try unchecking the Devices box in addition to the others previously requested. Also, try running GMER in Safe Mode
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
- Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
- Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
- GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.log" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop, and copy/paste its contents in your next reply.
- Exit GMER and re-enable all active protection when done.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Ran through combofix and everything seems to be running fine but when i was scanning through the log I noticed one line which i am a bit concerned with and was wondering whether this is a generic message or whether it could have affected more than just the machine I ran combofix on.
Please note: ComboFix (CF for short) is intended by its creator
to be "used under the guidance and supervision of an expert
", NOT for private use
. Please read Combofix's Disclaimer
. When CF is run without trained assistance, it can no longer be considered a "safe" tool. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
You may find this topic informative - ComboFix usage, Questions, Help? - Look here
Since you already ran the tool, I need to see the log it created to be sure that everything was removed. Please locate this file C:\Combofix.txt
and include its contents in your next reply.
~BladeIn your next reply, please include the following:OTL.txt