My name is M-K-D-B
and I'll help you with the cleanup of your computer.Please be aware of the following:
- Please complete all steps in the specified order.
- Even if tools don't find malware, I want you to post the logfiles anyway.
- Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
- Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
- Don't install or uninstall software during the cleanup unless you are told to do so.
- If you can't answer for the next few days, please let me know. If you haven't answered within 3 days, I am assuming that you don't need help anymore and your topic will be closed.
- I can not guarantee that we will find and be able to remove all malware. Formatting is usually faster and always the safest way.
- If you decide to clean your PC, work with us until a team member tells you that you are clean.
- As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
When I run Hijackthis, I get a message saying that it cannot access my "Hosts" file and gives instructions but I do not understand them. I am also concerned about the system.ini item. What should I delete?
Before starting a fix, we need to get a little impression what's going on your computer. I would like you to follow the steps below. Thank you! Step 1
We need to see some information about what is happening in your machine. Please perform the following scan:
- Download DDS by sUBs from one of the following links. Save it to your desktop.
- Double click on the DDS icon, allow it to run.
- A small box will open, with an explaination about the tool. No input is needed, the scan is running.
- Notepad will open with the results.
- Follow the instructions that pop up for posting the results.
- Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HEREStep 2
Please download DeFogger
to your desktop
Double click DeFogger
to run the tool.
- The application window will appear
- Click the Disable button to disable your CD Emulation drivers
- Click Yes to continue
- A 'Finished!' message will appear
- Click OK
- DeFogger will now ask to reboot the machine - click OK
If you receive an error message while running DeFogger, please post the log defogger_disable
which will appear on your desktop.Do not
re-enable these drivers until otherwise instructed.Step 3
Please download aswMBR
to your desktop.
- Double click the aswMBR.exe icon to run it
- Click the Scan button to start the scan
- On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Please download the TDSS Rootkit Removing Tool
) and save it to your Desktop. <-Important!!!
What you should post with your next answer:
- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
- If TDSSKiller does not run, try renaming it.
- To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
- Click the Start Scan button.
- Do not use the computer during the scan
- If the scan completes with nothing found, click Close to exit.
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
- Ensure Skip is selected, then click Continue > Close to close the tool.
Note: We don't want to fix anything here, but just get an overview of your computer!
- A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.220.127.116.11_27.07.2010_09.07.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
- Copy and paste the contents of that file in your next reply.
- both logfiles from DDS,
- the logfile from aswMBR,
- the logfile from TDSS Killer,
- any further information that seems to be important in your eyes.