Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I got a vxmclient adware and i cant get rid of it


  • This topic is locked This topic is locked
16 replies to this topic

#1 Arjin

Arjin

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 24 February 2015 - 08:21 PM

 I have gotten fake ads about things and vxmclient appeared please help for it


Edited by hamluis, 24 February 2015 - 08:44 PM.
Moved from Vista to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:36 PM

Posted 24 February 2015 - 09:04 PM

Use ALL of the programs below. There is more than just one piece of adware and malware on your computer.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

  • download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Hold down Control and click on this link to open ESET OnlineScan in a new window. (Eset can take more than an hour to run so plan accordingly)

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Arjin

Arjin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 25 February 2015 - 06:14 PM

As You Said I Have My Adwcleaner Log

 

# AdwCleaner v4.111 - Logfile created 25/02/2015 at 17:06:58
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : kittycat - KITTYCAT-PC
# Running from : c:\Users\kittycat\Documents\Downloads\adwcleaner_4.111.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16609
 
 
-\\ Google Chrome v40.0.2214.111
 
 
*************************
 
AdwCleaner[R0].txt - [1069 bytes] - [17/02/2015 20:03:46]
AdwCleaner[R1].txt - [1871 bytes] - [24/02/2015 20:05:34]
AdwCleaner[R2].txt - [1062 bytes] - [25/02/2015 17:01:43]
AdwCleaner[R3].txt - [1122 bytes] - [25/02/2015 17:05:24]
AdwCleaner[S0].txt - [1103 bytes] - [17/02/2015 20:06:44]
AdwCleaner[S1].txt - [1964 bytes] - [24/02/2015 20:08:00]
AdwCleaner[S2].txt - [1003 bytes] - [25/02/2015 17:06:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1062  bytes] ##########

Edited by Arjin, 25 February 2015 - 06:29 PM.


#4 Arjin

Arjin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 25 February 2015 - 06:24 PM

I have the JRT.txt file with nothing inside.

 

Also the eset search will take very long you can except it tommorow


Edited by Arjin, 25 February 2015 - 08:42 PM.


#5 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:36 PM

Posted 25 February 2015 - 07:31 PM

Okay....will wait to see MBAM and Eset scan results.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 Arjin

Arjin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 26 February 2015 - 10:12 PM

As Requested,
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeNetFilter.sys.vir a variant of Win64/Komodia.A potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\iSafeNetFilter.sys.vir a variant of Win64/Komodia.A potentially unsafe application deleted - quarantined
C:\Users\kittycat\Documents\Downloads\ccsetup503.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined


#7 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:36 PM

Posted 26 February 2015 - 10:28 PM

Okay....when you finish the MBAM scan and post it I will have further comment.

 

The Eset scan found an AdwCleaner quarantined file containing Komodia.A. The AdwCleaner scan results you posted

does not show any adware found. So, was Komodia.A removed by AdwCleaner recently?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 Arjin

Arjin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 28 February 2015 - 11:07 AM

Komodia might have been found in adwcleaner not sure though, by the way i saw another vxmclient ad when i started my computer.

 

Here is the mbam scan 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2015/2/28
Scan Time: 9:41:51
Logfile: Malwaresss.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.28.03
Rootkit Database: v2015.02.25.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: kittycat
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 343092
Time Elapsed: 22 min, 18 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by Arjin, 28 February 2015 - 11:07 AM.


#9 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:36 PM

Posted 28 February 2015 - 11:41 AM

Open CCleaner and click on Tools. Choose Startups. There you will see a list of Windows Startups and at the top of the page you will see

tabs for each browser and Scheduled Tasks. Please Copy and Paste the list of Windows Startups and Scheduled Tasks into your next post.

You can do that by clicking on the button in the bottom right of each page and copy and paste the lists.

 

Reset Google Chrome:

Google Chrome gives you the option to reset your browser settings in one easy click. In some cases, programs that you install can change your Chrome settings without your knowledge. You may see additional extensions and toolbars or a different search engine. Resetting your browser settings will reset the unwanted changes caused by installing other programs. However, your saved bookmarks and passwords will not be cleared or changed.

 

Reset your browser settings

  1. In the top-right corner of the browser window, click the Chrome menu
  2. Select Settings.
  3. At the bottom, click Show advanced settings.
  4. Under the section "Reset settings,” click Reset settings.
  5. In the dialog that appears, click Reset.

After resetting Chrome...block third party cookies from installing in both IE and Chrome. Then run CCleaner and allow it to remove ALL cookies.

Disable third-party cookies in IE, Firefox, and Google Chrome | How To - CNET


Edited by buddy215, 28 February 2015 - 11:43 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 Arjin

Arjin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 28 February 2015 - 11:54 AM

Here is the Windows startup

 

Yes HKCU:Run 360sd 360.cn kittycat "C:\Program Files (x86)\360\360sd\360sdrun.exe"
Yes HKCU:Run BBQLeadsApplication kittycat C:\Program Files (x86)\bbqleads\BBQLeadsApplication.exe
Yes HKCU:Run CCleaner Monitoring Piriform Ltd kittycat "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Itibiti.exe kittycat C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
Yes HKCU:Run Steam Valve Corporation kittycat "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes HKLM:Run 360Safetray 360.cn All users "C:\Program Files (x86)\360\360Safe\safemon\360Tray.exe" /start
Yes HKLM:Run APSDaemon Apple Inc. All users "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run BlueStacks Agent BlueStack Systems, Inc. All users C:\Program Files (x86)\BlueStacks\HD-Agent.exe
Yes HKLM:Run egui ESET All users "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
Yes HKLM:Run HotKeysCmds Intel Corporation All users C:\Windows\system32\hkcmd.exe
Yes HKLM:Run IAAnotif Intel Corporation All users "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
Yes HKLM:Run IgfxTray Intel Corporation All users C:\Windows\system32\igfxtray.exe
Yes HKLM:Run iTunesHelper Apple Inc. All users "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes HKLM:Run MSC Microsoft Corporation All users "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Yes HKLM:Run Persistence Intel Corporation All users C:\Windows\system32\igfxpers.exe
Yes HKLM:Run RtHDVCpl Realtek Semiconductor All users C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Yes HKLM:Run Skytel Realtek Semiconductor Corp. All users C:\Program Files\Realtek\Audio\HDA\Skytel.exe
Yes HKLM:Run Windows Defender All users %ProgramFiles(x86)%\Windows Defender\MSASCui.exe -hide
Yes Startup User Dropbox.lnk Dropbox, Inc. kittycat C:\Users\kittycat\AppData\Roaming\Dropbox\bin\Dropbox.exe
Yes Startup User OneNote 2007 Screen Clipper and Launcher.lnk Microsoft Corporation kittycat C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
 
 
Here is the Scheduled Tasks
Yes Task 360开机加速延迟启动任务计划 kittycat C:\Program Files (x86)\360\360Safe\360speedld.exe -delayrun
No Task Adobe Flash Player Updater Adobe Systems Incorporated All users C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
No Task AliUpdater{DD783C95-F082-4064-A95E-8B207AC5EBE7} TaoBao(china) Software Co., Ltd kittycat C:\Program Files (x86)\AliWangWang\AliTask.exe /update
Yes Task BBQLeads kittycat C:\Program Files (x86)\bbqleads\ScheduledTask.exe
Yes Task CCleanerSkipUAC Piriform Ltd kittycat "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
No Task GoogleUpdateTaskMachineCore Google Inc. All users C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
No Task GoogleUpdateTaskMachineUA Google Inc. All users C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
No Task GoogleUpdateTaskUserS-1-5-21-3290595269-2303839855-82256591-1000Core kittycat C:\Users\kittycat\AppData\Local\Google\Update\GoogleUpdate.exe /c
No Task GoogleUpdateTaskUserS-1-5-21-3290595269-2303839855-82256591-1000Core1cfee3d3911d740 kittycat C:\Users\kittycat\AppData\Local\Google\Update\GoogleUpdate.exe /c
No Task GoogleUpdateTaskUserS-1-5-21-3290595269-2303839855-82256591-1000UA kittycat C:\Users\kittycat\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
No Task GoogleUpdateTaskUserS-1-5-21-3290595269-2303839855-82256591-1000UA1cfee3d394d59a0 kittycat C:\Users\kittycat\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task RPC kittycat C:\Program Files (x86)\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe
Yes Task {8CC7A1EA-292A-4944-8496-CC88E5DA6B73} Microsoft Corporation kittycat C:\Windows\system32\pcalua.exe -a C:\Users\kittycat\Documents\lide90vst641300ej.exe -d C:\Users\kittycat\Documents
Yes Task {C9AEE347-6663-4976-977E-1BDED040860D} Microsoft Corporation kittycat C:\Windows\system32\pcalua.exe -a "C:\Users\kittycat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFLMICY5\TaobaoPictureActiveX-1.0.9.exe" -d C:\Users\kittycat\Desktop
 


#11 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:36 PM

Posted 28 February 2015 - 01:03 PM

How long have you had 360 installed?

 

Uninstall these programs using CCleaner. Open CCleaner and choose Uninstall. Click on each item listed below to highlight and then choose Uninstall on the right .

Yes HKCU:Run BBQLeadsApplication kittycat C:\Program Files (x86)\bbqleads\BBQLeadsApplication.exe

Yes HKCU:Run Itibiti.exe kittycat C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe

Reg Pro Cleaner

 

Disable these Windows Startups even the ones listed above that I asked to be uninstalled.

Yes HKCU:Run BBQLeadsApplication kittycat C:\Program Files (x86)\bbqleads\BBQLeadsApplication.exe
Yes HKCU:Run CCleaner Monitoring Piriform Ltd kittycat "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Itibiti.exe kittycat C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
Yes HKCU:Run Steam Valve Corporation kittycat "C:\Program Files (x86)\Steam\steam.exe" -silent
Yes HKLM:Run APSDaemon Apple Inc. All users "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run BlueStacks Agent BlueStack Systems, Inc. All users C:\Program Files (x86)\BlueStacks\HD-Agent.exe
Yes HKLM:Run egui ESET All users "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
Yes HKLM:Run IgfxTray Intel Corporation All users C:\Windows\system32\igfxtray.exe
Yes HKLM:Run iTunesHelper Apple Inc. All users "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes Startup User Dropbox.lnk Dropbox, Inc. kittycat C:\Users\kittycat\AppData\Roaming\Dropbox\bin\Dropbox.exe
Yes Startup User OneNote 2007 Screen Clipper and Launcher.lnk Microsoft Corporation kittycat C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
 
Disable these Scheduled Tasks:
Yes Task BBQLeads kittycat C:\Program Files (x86)\bbqleads\ScheduledTask.exe
Yes Task CCleanerSkipUAC Piriform Ltd kittycat "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task RPC kittycat C:\Program Files (x86)\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe
Yes Task {8CC7A1EA-292A-4944-8496-CC88E5DA6B73} Microsoft Corporation kittycat C:\Windows\system32\pcalua.exe -a C:\Users\kittycat\Documents\lide90vst641300ej.exe -d C:\Users\kittycat\Documents
Yes Task {C9AEE347-6663-4976-977E-1BDED040860D} Microsoft Corporation kittycat C:\Windows\system32\pcalua.exe -a "C:\Users\kittycat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFLMICY5\TaobaoPictureActiveX-1.0.9.exe" -d C:\Users\kittycat\Desktop
 
 
 

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 Arjin

Arjin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 28 February 2015 - 01:14 PM

I've had 360 for about when i got this computer so about 2-1 years\

 

unable to disable: Yes HKLM:Run egui ESET All users "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice


Edited by Arjin, 28 February 2015 - 01:20 PM.


#13 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:36 PM

Posted 28 February 2015 - 01:27 PM

If you downloaded it to run the Online scanner then uninstall it using CCleaner. You could check first to make sure that it is not running.

Check in the Task Manager.

 

Did you have any problem with uninstalling the other programs?


Edited by buddy215, 28 February 2015 - 01:28 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 Arjin

Arjin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 28 February 2015 - 02:33 PM

I did not have problems unstalling the other ones

 

I have uninstalled eset 


Edited by Arjin, 28 February 2015 - 03:15 PM.


#15 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:36 PM

Posted 28 February 2015 - 03:39 PM

Okay...If you are still seeing ads after doing all that I suggested then you need to start a new topic in the Malware Removal Forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users