1. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    San Antonio Tx
    Rep Power

    If you have infection issues start here first..

    Welcome to Dev Shed.

    You are reading this because you are having Malware issues with your computer.

    Please take a note of a few things.

    * All advice given is taken at your own risk.
    * We will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
    * The process is not instant. Absence of symptoms does not mean that everything is clear.

    WARNING... DO NOT run any fixes you see in other threads those concerning programs such as Combofix,SDfix as these are special tools that can cause damage if not done correctly.

    Do NOT disable your system restore till your are instructed to do so. It is better to have a dirty restore point than none at all.

    If you HAVE NOT posted for help on any other forum please follow the instructions below. This is important!!!

    Having threads open at multiple forums will NOT get your problems resolved any faster and can cause problems with the removal of your infection and is a waste both of your time and ours.
    Researching a log takes a long time and by posting at multiple forums only wastes the time of different helpers who may be researching the same log. It also delays others who have waited to be helped to have their issues dealt with.

    Different helpers may use different methods to combat your infection. Whilst each in isolation is safe, that may not be so if you follow the advice of both together. Some of the tools we use are very powerful and have to be used in a specific way and in some cases do not combine well with others. By using advice from two different sources it is possible that tools may be used that do not combine well and you may severely damage your computer, even rendering it inoperable in some circumstances.


    VISTA users must Right click on the Icons and choose Run as Administrator to run all the below programs.

    Step 1

    Download CCleaner from HERE

    Run CCleaner
    CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!

    * Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
    * Then select the items you wish to clean up.
    o In the Windows Tab:
    + Clean all entries in the Internet Explorer section except Cookies
    + Clean all the entries in the Windows Explorer section
    + Clean all entries in the System section
    + Clean all entries in the Advanced section
    + Clean any others that you choose

    o In the Applications Tab:
    + Clean all except cookies in the Firefox/Mozilla section if you use it
    + Clean all in the Opera section if you use it
    + Clean Sun Java in the Internet Section
    + Clean any others that you choose

    * Click the Run Cleaner button.
    * A pop up box will appear advising this process will permanently delete files from your system.
    * Click OK and it will scan and clean your system.
    * Click exit when done.
    * If it asks you to reboot at the end, click NO

    Step 1-a

    Please download ATF Cleaner HERE by Atribune. It does not require any installation and uses minimal system resources. It is set up to clean IE, FireFox and Opera, and detects the browsers you have and grays out the other(s).

    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.

    If you use Firefox browser
    * Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
    * Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
    * Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
    * Click the Empty Selected button.
    * NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.

    Click Exit on the Main menu to close the program.

    Step 2

    Please download Malwarebytes' Anti-Malware from HERE or HERE

    Double Click mbam-setup.exe to install the application.

    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * Copy&Paste the entire report in your reply with other reports That you get during this process.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    Step 3

    Please download and install SUPERAntiSpyware from HERE
    • Load SUPERAntiSpyware and click the Check for Updates button.
    • Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!

    IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
    • Open SUPERAntiSpyware and click the Scan your Computer button.
    • Check Perform Complete Scan and then click Next.
    • SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
    • Make sure that they all have a check next to them, and then click Next.
    • Click Finish and you will be taken back to the main interface.
    • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
    • I'll need a log afterwards of what has been found.
    • To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
    • Copy&Paste the entire report in your reply with other reports That you get during this process.

    Step 4

    Go HERE and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

    When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).

    Copy&Paste the entire report in your reply with other reports That you get during this process.

    Step 5

    Now that you have all of the Above... And even if you THINK every thing might be fixed please

    Download HijackThis

    Click "Scan", after click "Save Log".
    Save the log, and copy/paste this and all the above logs we have saved to a NEW THREAD by clicking the button.

    Due to fourm restrictions you will have to edit out the URL's before posting logs.

    On the 6th post you will not have to edit your logs.


    Generate an Uninstall List

    * Open HijackThis
    * Click on Open Misc Tools Section
    * Click on Open Uninstall Manager
    * Click on Save list
    * Save it to your Desktop
    * Post it on your next reply.

    Comments on this post

    • benno32 agrees : Excellent thread--great resource--nice one!
    • FPKelly agrees : Excellent, thorough and easy to follow.
    • Trident18 agrees : Saving me again.
    • Greenlamp agrees : Very handy Porthos, Shame I didn't read first this first when I had a problem.
    Last edited by hiker; November 18th, 2010 at 06:24 PM. Reason: Changed ATF Cleaner link

IMN logo majestic logo threadwatch logo seochat tools logo