Hello and welcome to TSF
Please
subscribe to this thread to get
immediate notification of replies as soon as they are posted. To do this click
Thread Tools, then click
Subscribe to this Thread. Make sure it is set to
Instant Notification, then click
Subscribe.
========
Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.
Please Do Not Attach logs to your posts unless you are advised to do so.
=========
Please print out or copy this page to
Notepad in order to assist you when carrying out the following instructions.
==========
P2P
P2P - I see you have P2P software µTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.
References for the risk of these programs are
Here,
Here and
Here.
===========
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Leave Java(TM) 6 Update 5 installed
============
Download
SDFix and save it to your Desktop.
Double click
SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:SDFix)
Please then reboot your computer in
Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
- Finally paste the contents of the Report.txt back on the forum with all the required logs
==========
Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/comb...o-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once the Recovery Console is installed using ComboFix, you should see a message that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click
Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
========
Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.
=======
Logs Required
Report.txt
C:\Combofix.txt
Hijackthis Log