What type of anti-virus are you using and when was the last time you ran a scan? Have you performed any anti-spyware scans? Have you tried doing your scans in "SAFE MODE
If so, and that has not helped then your going to need access to another computer (family, friend) with Internet access. Then download the following
programs and save to a USB stick or CD:
• Sysclean Package
• Virus Pattern Files (lptXXX.zip)
• If your running Win XP/2000, download and scan with AVG Anti-Spyware 7.5
in "SAFE MODE
(This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware). Be sure to print out the AVG Anti-Spyware Install-Scan Instructions.
• HijackThis 1.99.1
. This is a self-extracting version (hijackthis_sfx.exe) which will automatically install HJT in the proper location if we need to use it.
Transfer all these programs to the infected computer. Install AVG Anti-Spyware following the instructions you printed out but do not perform a scan yet
For the Sysclean Package do this:
1. Create a new folder on drive "C:\" ("C:\New Folder") and rename it Sysclean
2. Place the sysclean.com inside that folder.
3. Extract the lptXXX.zip
pattern file into the same folder you created for sysclean.com.
4. Close all open applications and DISABLE
your current anti-virus software. Some anti-virus programs such as Avast will alert you to a virus attack when running sysclean so it's best to disable them first.Note: When using Sysclean its best to use the Administrator's account or an account with Administrative rights otherwise you will not have the rights to scan some locations resulting in Access is denied log entries.Reboot your computer in SAFE MODE
" using the F8
method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with AVG Anti-Spyware
, following the instructions you printed out for scanning in safe mode.
Then open the Sysclean folder and double-click on sysclean.com
to run. It will take some time to complete. Be patient and let it clean whatever it finds.Scan with DrWeb-CureIt as follows:
1. Double-click on drweb-cureit.exe
to start the program.
2. An "Express Scan of your PC
" notice will appear. Under "Start the Express Scan Now
", Click "OK
" to start.
3. Click "Select drives
" and then click the "Start/Stop Scanning
" button (green arrow
on the right) to start.
4. When done a message will be displayed at the bottom advising if any viruses were found.
5. A log file will be created in C:\Documents and Settings\username\DoctorWeb\CureIt.log
6. Any quarantined files will be sent to C:\Documents and Settings\username\DoctorWeb\Quarantine.
7. Exit the program and reboot normally.
Finally, make sure you re-enable your anti-virus program.