Thanks, Geekgirl.
Hi Morty 269 -
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
---------------------------------------------------------------------------------------------
Please download
SmitfraudFix (by
S!Ri) to your Desktop.
---------------------------------------------------------------------------------------------
Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.
---------------------------------------------------------------------------------------------
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist
(make sure you do not miss any) and click
Fix Checked
O4 - HKLM\..\Run: [adiras] adiras.exe
Close HijackThis now.
---------------------------------------------------------------------------------------------
Double-click on
SmitfraudFix.exe to start the tool.
Select option
#2 - Clean by typing
2 and press
Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "
Registry cleaning - Do you want to clean the registry?" answer
Yes by typing
Y and hit
Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer
Yes to the question "
Replace infected file?" by typing
Y and hit
Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
Reboot into Normal Windows.
The tool will create a log named
rapport.txt in the root of your drive, eg: Local Disk C:
(C:\rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
---------------------------------------------------------------------------------------------
Next go to
Control Panel click Display>Desktop>Customize Desktop>Web> Now,
Uncheck Everything and delete if present:
- "Security Info"
- "Warning Message"
- "Security Desktop"
- "Warning Homepage"
- "Desktop Uninstall"
- "privacy danger" or something similar
Also make sure the
'Lock desktop items' box is
unticked. Click
OK, and then Click
Apply, then
OK.
---------------------------------------------------------------------------------------------
Double-click on
SmitfraudFix.exe to start the tool.
Select option
#3 - Delete Trusted zone by typing
3 and press
Enter
Answer
Yes to the question "Restore Trusted Zone ?" by typing
Y and hit
Enter.
Note, if you use
SpywareBlaster and/or
IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
---------------------------------------------------------------------------------------------
Run a new HijackThis scan (not DSS). Save the log file and post it here.
---------------------------------------------------------------------------------------------
Then post the following logs in your next reply...
C:\rapport.txt (log from the tool)
Hijackthis log