Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
We may not be able to solve all these issues. This machine is heavily infected.
Quite often when a system exhibits such behavior, it's best to reinstall the operating system. We can try to clean the infection, and see if it gets better.
One or more of the identified infections is a backdoor trojan.
This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
You can read this:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
---------------------------------------------------------------------------------------------
Please do not wrap logs in size 1 tags; it makes them more difficult to review.
Thanks.
---------------------------------------------------------------------------------------------
Quote:
|
"desktop.ini", "hpothb07.dat", "hpothb07.tif", and "Thumbs.db"
|
These are legit files which are typically hidden. Part of what DSS does is, unhide hidden/system files. We restore that to normal when we're done.
---------------------------------------------------------------------------------------------
Run DSS again, using these instructions:
Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"C:\Documents and Settings\Alyssa\Desktop\Installations\SpyWare Helpers\dss.exe" /daft
Click on
Scan.
Tick the boxes which should appear for these entries:
.bat - batfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-153
.com - comfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,2
.exe - exefile - shell\open\command - C:\WINDOWS\system32\drivers\spools.exe "%1" %*
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,23
.ini - inifile - DefaultIcon - shell32.dll,-151
.js - JSFile - shell\open\command - unable to read value
.txt - txtfile - shell\open\command - notepad.exe %1
.vbs - VBSFile - shell\open\command - unable to read value
then Click on
Fix
Click Scan again, you should get a message "All Associations OK!" Next, click Save Log, and post this log in your next reply.
---------------------------------------------------------------------------------------------
Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/comb...o-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return.
Once the Recovery Console is installed using ComboFix, you should see a message that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click
Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
If you have any questions along the way, STOP and ask them before proceeding.
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
You are using an outdated version of HijackThis. Please uninstall from Add or Remove Programs, and then delete your current version.
Next, download
HijackThis to your desktop
Alternate link
This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis
Upon install, HijackThis should open for you.
Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe
1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Please post a new log with the updated version.. Do not fix anything in HijackThis since they may be harmless.
---------------------------------------------------------------------------------------------