It takes a while to build up knowledge of what entries in logs mean. We have a Malware removal study hall at BC if you're interested in learning.
Please follow the below next.
We will be helping you with your problems. Please be patient while we assist you.
Some points for you to keep in mind while we are helping you to make things go easier and faster for both of us:
- Please do NOT run, install or uninstall any programs, unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
- Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
- Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
- Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
At the top of your post, click on the Watch Topic
Button, select Immediate Notification
, and click on Proceed
. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE:
Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
- Do NOT
backup any unknown files ending in .exe
, and .bat
since files of these types are more likely to be infected.NOTE:
It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to
For Win 8, Win 7 and Win Vista: "Windows Orb"> Programs > Accessories > Notepad
For Win XP: Start Menu > All Programs > Accessories > Notepad
Please remember to copy the entire post
so you do not miss any instructions.
Please do the following:
Please download the TDSS Rootkit Removing Tool
) and save it to your Desktop. <-Important!!!
- Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
Win Vista/Win 7 / Win 8 users right-click and select Run As Administrator.
- If TDSSKiller does not run, try renaming it.
- To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
- Click on change parameters
- Under Objects to scan, check the boxes next to Verify file digital signatures, Detect TDLFS file system, then click OK.
- Click the Start Scan button.
- Do not use the computer during the scan
- If the scan completes with nothing found, click Close to exit.
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
- Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
- A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.184.108.40.206_27.07.2014_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
- Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.
Please download AdwCleaner
by Xplode onto your Desktop
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Scan.
- Confirm each time with Ok.
- Then click on Clean.
- Confirm each time with Ok.
- You will be prompted to restart your computer. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
Please download Farbar Service Scanner
to the Desktop
of the computer with the issue, and run it.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
- Press Scan.
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the full contents of the log in your next reply.
Please download MiniToolBox
, save it to your Desktop
and run it.
Checkmark the following checkboxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- Report FF Proxy Settings
- Reset FF Proxy Settings
- List content of Hosts
- List IP configuration
- List Winsock Entries
- List last 10 Event Viewer log
- List Installed Programs
- List Devices (Only Problems)
- List Users, Partitions and Memory size.
- List Minidump Files
- List Restore points
When using "Reset FF Proxy Settings" option Firefox should be closed.
and post the full contents
of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.