Welcome to BC
HijackThis logs are not permitted
in this forum. Further, HijackThis only scans certain areas of a computer's system/registry
to help diagnose the presence of undetected malware in known hiding places. Therefore, it is limited in its ability to detect infection and generate a report outside these known hiding places and its log may not always reveal all the malware on a computer. As such, HijackThis has been replaced by other preferred tools
that provide comprehensive logs with specific details about more areas of a computer's system, files, folders and registry keys which may have been modified by malware infection.
The Malware Response Team members are all volunteers who contribute to helping members as time permits but currently there is a backup and you may have to wait for assistance. Referrals are made to the Virus, Trojan, Spyware, and Malware Removal Logs forum
if we cannot assist you here and we need to use more powerful tools or you don't mind waiting.
If you do not mind waiting and want someone to check your system thoroughly, then please follow the directions in the the Malware Removal and Log Section Preparation Guide
starting at Step 6.
- If you cannot complete a step, then skip it and continue with the next.
- In Step 7 there are instructions for downloading and running DDS which will create two logs.
When you have done that, post your logs
in the Virus, Trojan, Spyware, and Malware Removal Logs forum
, NOT here
, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.Team Experts.
If you want to try disinfection in this forum first, continue as follows:
Before doing anything further, if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. If that occurs there may be no option but to reformat and reinstall the OS or perform a full system recovery. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.
Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".
- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
- If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
- When the program opens, click the Change parameters.
- Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
- Click the Start Scan button.
- Do not use the computer during the scan
- If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
- If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.
- Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.
- Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed.
- A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
- Copy and paste the contents of that file in your next reply.
-- For any files detected as 'Suspicious
' (except those identified as Forged or infected to be cured after reboot) get a second opinion by submitting to Jotti's virusscan
. In the "File to Scan
" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed
", click Reanalyze
or Scan again
instructs you to scan your computer using Malwarebytes Anti-Malware
- Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
- Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs
or permit them to allow
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
- After completing the scan, a log report will open in Notepad.
- The log is automatically saved and can be viewed by clicking the Logs tab .
- Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
- Exit Malwarebytes when done.