I will be helping you with your problems. Please be patient while I assist you.
Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us
- Please do NOT run, install or uninstall any programs, unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
- Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
- Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
- Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
At the top of your post, click on the Watch Topic
Button, select Immediate Notification
, and click on Proceed
. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE:
Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE:
It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad
. Please remember to copy the entire post
so you do not miss any instructions.
Please do the following:
Please download the TDSS Rootkit Removing Tool
) and save it to your Desktop. <-Important!!!
- Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
- If TDSSKiller does not run, try renaming it.
- To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
- Click on change parameters
- Under Objects to scan, check the box next to Loaded modules
- If you are asked to reboot, then click Yes.
- Check the boxes next to Loaded modules, Verify file digital signatures, Detect TDLFS file system, then click OK.
- Click the Start Scan button.
- Do not use the computer during the scan
- If the scan completes with nothing found, click Close to exit.
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
- Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
- A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.220.127.116.11_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
- Copy and paste the full contents of that file in your next reply.
Download Security Check
by screen317 from here
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the full contents of that document.
Please download Farbar Service Scanner
and run it on the computer with the issue.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
- Press Scan.
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the full contents of the log in your next reply.
Please download MiniToolBox
, save it to your desktop
and run it.
Checkmark the following checkboxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- Report FF Proxy Settings
- Reset FF Proxy Settings
- List content of Hosts
- List IP configuration
- List Winsock Entries
- List last 10 Event Viewer log
- List Installed Programs
- List Devices
- List Users, Partitions and Memory size.
- List Minidump Files
- List Restore points
When using "Reset FF Proxy Settings" option Firefox should be closed.
and post the full contents
of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.