my name is Marius and I will assist you with your malware related problems.
Before we move on, please read the following points carefully.
- First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
- Perform everything in the correct order. Sometimes one step requires the previous one.
- If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
- Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
- Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
- If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
- Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
- Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware. Scan with FRST in normal mode
Please download Farbar's Recovery Scan Tool
to your desktop
: FRST 32bit or FRST 64bit
(If not sure: Start --> Computer (right click) --> properties)
Scan with Gmer rootkit scanner
- Run FRST.
- Don´t change one of the checkboxes and hit Scan.
- Logfiles are created on your desktop.
- Poste the FRST.txt and (after the first scan only!) the Addition.txt.
Please download Gmer from here
by clicking on the "Download EXE" Button.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Scan with TDSS-Killer
- Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Show All ( should be unchecked by default )
- Leave everything else as it is.
- Close all other running programs as well as your Browser.
- Click the Scan button & wait for it to finish.
- Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop.
- Please post the content of the ark.txt here.
Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.
and extract to your desktop
- Execute TDSSKiller.exe by doubleclicking on it.
- Press Start Scan
- If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
- Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please attach this file to your next reply.