Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.If you can please print this topic
it will make it easier for you to follow the instructions and complete all of the necessary steps.
This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes.
Once that file is downloaded and saved on a removable devices, insert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg
file to fix the Registry on your infected computer. You should now be able to run your normal executable programs and can proceed to the next step.
If you do not have any removable media or another clean computer that you can download the FixNCR.reg file onto, you can try and download it to your infected computer using another method. On the infected computer, right click on the Internet Explorer's icon, or any other browser's icon, and select Run As
or Run as Administrator
. If you are using Windows XP, you will be prompted to select a user and enter its password. It is suggested that you attempt to login as the Administrator user. For Windows 7 or Windows Vista, you will be prompted to enter your Administrator account password.
Once you enter the password, your browser will start and you can download the above FixNCR.reg file. When saving it, make sure you save it to a folder that can be accessed by your normal account. Remember, that you will be launching the browser as another user, so if you save it to a My Documents folder, it will not be your normal My Documents folder that it is downloaded into. Instead it will be the My Documents folder that belongs to the user you ran the browser as. Once the download has finished, close your browser and find the FixNCR.reg file that you downloaded. Now double-click on it and allow the data to be merged. You should now be able to run your normal executable programs and can proceed to the next step.
Double-click on TDSSKiller.exe
to run the application.
- Click on the Start Scan button and wait for the scan and disinfection process to be over.
- If an infected file is detected, the default action will be Cure, click on Continue
- If a suspicious file is detected, the default action will be Skip, click on Continue
- If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
- If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
(aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it
- Click the "Scan" button to start scan.
- Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
- Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.
- Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
- Double click on the DDS icon, allow it to run.
- A small box will open, with an explanation about the tool. No input is needed, the scan is running.
- Notepad will open with the results.
- Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.
Please just paste
the contents of the DDS.txt
log in your next post. DO NOT attach the log.
The scan will also create this Attach.txt
log I would also like to see the content.
Please post it in a other post for my review, do not attach the file.
Please post the logs and let me know what problem persists.