Hello and welcome.
We need to run a few tools.
Please download MiniToolBox
, save it to your desktop and run it.
Checkmark the following checkboxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- Report FF Proxy Settings
- Reset FF Proxy Settings
- List content of Hosts
- List IP configuration
- List Winsock Entries
- List last 10 Event Viewer log
- List Installed Programs
- List Users, Partitions and Memory size.
and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Please download Rkill
by Grinler and save it to your desktop.
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista, right-click on it and Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- If the tool does not run from any of the links provided, please let me know.
- Do not reboot the computer, you will need to run the application again.
Please download Malwarebytes Anti-Malware and save it to your desktop.
- Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
- Double-click on the renamed file to install, then follow these instructions
- for doing a Quick Scan in normal mode.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
- Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
- If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
- After completing the scan, a log report will open in Notepad.
- The log is automatically saved and can be viewed by clicking the Logs tab .
- Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
- Exit Malwarebytes when done.
-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
- If TDSSKiller does not run, try renaming it.
- To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
- Click the Start Scan button.
- Do not use the computer during the scan
- If the scan completes with nothing found, click Close to exit.
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
- Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
- A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.188.8.131.52_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
- Copy and paste the contents of that file in your next reply.