Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.If you can please print this topic
it will make it easier for you to follow the instructions and complete all of the necessary steps.
You may have to download these tools using a good computer.
Save the files to a CD and copy them to the desktop of the infected computer.
Run them from there.
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.
- Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
- Double click on the DDS icon, allow it to run.
- A small box will open, with an explanation about the tool. No input is needed, the scan is running.
- Notepad will open with the results.
- Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.
Please just paste
the contents of the DDS.txt
log in your next post. DO NOT attach the log.
If unable to run .exe file download and run this tool.
Once that file is downloaded and saved on a removable devices, insert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg
file to fix the Registry on your infected computer. You should now be able to run your normal executable programs and can proceed to the next step.
If you do not have any removable media or another clean computer that you can download the FixNCR.reg file onto, you can try and download it to your infected computer using another method. On the infected computer, right click on the Internet Explorer's icon, or any other browser's icon, and select Run As
or Run as Administrator
. If you are using Windows XP, you will be prompted to select a user and enter its password. It is suggested that you attempt to login as the Administrator user. For Windows 7 or Windows Vista, you will be prompted to enter your Administrator account password.
Once you enter the password, your browser will start and you can download the above FixNCR.reg file. When saving it, make sure you save it to a folder that can be accessed by your normal account. Remember, that you will be launching the browser as another user, so if you save it to a My Documents folder, it will not be your normal My Documents folder that it is downloaded into. Instead it will be the My Documents folder that belongs to the user you ran the browser as. Once the download has finished, close your browser and find the FixNCR.reg file that you downloaded. Now double-click on it and allow the data to be merged. You should now be able to run your normal executable programs and can proceed to the next step.
This will help me to restore of you Internet Connection if it's not too badly damaged.
Please download Farbar Service Scanner
and run it on the computer with the issue.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.