It's not long until Christmas now!
I need to advise you that I am a Standard Member, like you. I am NOT a Trained Malware Removal Expert. If anything I suggest concerns you, please contact me or a Moderator before actioning it. I have been working on and with computers since the 1970s.
If you're happy to continue:
We'll take a quick look at your P.C.
Do Not Enclose Reports In Quotes or Delete or Insert Any Characters - No Redaction!
Please Post All Reports in Plain Text. Ensure You Include All Report Headers.
Please Press the Return Key 3 Times Between Reports.
Don't Attach them either.....Pleeeez!
Please make sure you have Backed Up your Files and Save any Work you have Open before proceeding!
You can find Free Back Up Software available on the Web.
(It's unlikely that anything I ask you to do will wipe your data, but better to be safe than sorry.)
Some Tools May Close Down Any Open Windows or Programs, Please Be Aware of This!
Remember that there is no such thing as a "Stupid Question." If you encounter ANY problems or difficulties along the way, STOP and Message Me!!
**Read All Notes Under Individual Instructions BEFORE Running the Tools.**
You might find it useful to print these instructions for reference.
Let's start relatively simply.....
Download a copy of a program called RKill (Courtesy of Grinler at Bleeping Computer) which is available at the links below:
(This program attempts to stop any running malware processes so other tools may function efficiently, plus a few other things.)
Save it to your Desktop so you can easily locate it.
(If one won't run, download the other. Malware sometimes recognises RKill.exe and tries to interfere with it.)
RKill.exe <<== Try this first.
RKill as iExplore.exe <<== Try this one if option one doesn't work.
- Right Click RKill and Select "Run As Administrator."
- Soon after a Black Box will appear while RKill Runs. (This is normal. RKill may appear to hang. It's just working.)
- When RKill has finished it will Open a Report in Notepad.
- RKill will also save a copy of its log to your Desktop called "RKill.log"
- After RKill has run successfully Don't Restart your computer until the other tool(s) have run.
- Please Copy and Paste the contents of the Report into your Next Reply.
- If the RKill will not run in Normal Windows Mode, Restart in Safe Mode and Repeat the above Steps.
Please Ignore any warnings from about RKill containing Viruses or Trojans etc. If necessary, shut down or temporarily disable your Antivirus while RKill runs. Don't forget to Re-enable your Anti-Virus once RKill completes, unless I ask otherwise.
If RKill still won't run, please Post back here and advise me.(After trying both versions and Safe Mode.) Please note any Error messages or other useful information and Include it in your Reply.
Please download Security Check (by screen317) from HERE & save it to your Desktop.
- Right Click SecurityCheck and Select "Run As Administrator."
- Follow the Prompts in the Black Box which opens on your screen.
- When the program is complete a Notepad Document called Checkup.txt should open Automatically in Notepad.
- Please Copy & Paste the Contents of Checkup.txt into your Next Reply.
Please Note the Following:
If you receive an "UNSUPPORTED OPERATING SYSTEM! ABORTED!," please Restart Windows and Security Check should Run Fine.
Should a problem persist, please Post Back Here and include any Error Messages & Other Useful Information.
Security Check may require you to permit "Dig.exe" to access the internet. Please allow access through your Firewall if necessary.
It is not uncommon for Security Check to generate "false positives" from some Anti-Virus/Anti-Malware Programs. Please Ignore These if They Occur.
Download and run the ESET Free Online Virus Scanner from: HERE
(If you had to restart for any reason between running RKill and this step,
Please re-run Rkill.1)
- Turn off your antivirus program. See here how to do this.
- Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
- Enable detection of potentially unsafe applications
- Enable detection of suspicious applications
- Scan archives
- Enable Anti-Stealth Technology
- Click on the Change button and select only Operating Memory, Autostart Locations and drive(s) C:\ D:\ etc., to be scanned
- Click Start to begin the Scan.
- The ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
- When the scan completes a list of found threats will open automatically (if any malicious files are found).
- Push the SAVE to TEXT FILE button and save the file to your desktop using a unique name, such as ESETScan+Date.txt. Include the contents of this report in your next reply.
- CLEAN any THREATS found.
- Click Back, then Finish to exit ESET Online Scanner.
- Do NOT delete the ESET scanner at this stage please.
Please re-enable your antivirus when the scan is complete.
Let me know if you encounter any problems.
After you've finished the ESET Online scan:
- Please ensure you've saved the Log File to your desktop.
- Post the Log File contents in your Reply, assuming there was one.
- Close down any other open programs.
Download AdwCleaner(from Xplode.)
(If you had to Reboot after Running ESET
re-run RKill - That was Step 1)
From here: AdwCleaner.exe
Save to your Desktop so you can easily locate it.
- Before Starting Ensure You've Saved Anything You Have Open that you Wish to Keep!!
- Right Click AdwCleaner.exe & Select "Run As Administrator"
- Please Click on the Tools Menu. There should be 2 Tabs: Options & Advanced.
- In Options under Delete, Select Tracing Keys(Usually pre-selected,) and, under RESET select all Options on the Right Hand Side.
- Do Not select any other Options with Square Boxes.
- There should be Options for Mode and Debug. You can leave these at their Defaults. Press OK.
- Next, you should see Two main Buttons, Scan and Logfiles. Please Press Scan.
- AdwCleaner will Start to Update the Database if required. This may take a little while.
- The Progress Bar will gradually move to the right as the scan progresses. It can take a while.
- Next you should receive a Popup Notification advising of the Scan Result.
- Select any Items AdwCleaner may have found for Deletion, or, Deselect anything you may wish to keep.
- Under the Popup there will be a Log. Please Copy and Paste the Contents into your next Reply.
- Next, Click Clean. Even if nothing was detected. This will require you to reboot the machine. Please do so.
- Once the computer has rebooted, a second Log should appear. Please Paste into your Reply as well.
- If you need to access Logs again, Open the Tool and Click the LogFiles Button. They are stored there.
The Logs can be a tad confusing at first. They all contain a number such as [S0] which is Log One. They are also accompanied by a date to the left side column. The lower the number in the square brackets, the earlier the Log. For example, I may have Logs; AdwCleaner[S0].txt (Earliest) to AdwCleaner[S27].txt (Most Recent.) Double Click a Log to Open it.
I'll look over your log file(s.)
Log back in to your thread for further instructions please.
We're in different time zones, so there may be a delay.
If I don't respond in 48 hours Please Personally Message Me.
If you don't hear back after 3 days, please post: HERE
I am a Volunteer and do my best to be here. This is sometimes interrupted by sleep, eating, outages.......
I'd like to wish all Bleeping Computer Members a Very Merry Christmas and a Happy New Year!
Edited by Unworn_Kilt, 22 December 2017 - 08:43 PM.