Hello and welcome to TSF
Please
subscribe to this thread to get
immediate notification of replies as soon as they are posted. To do this click
Thread Tools, then click
Subscribe to this Thread. Make sure it is set to
Instant Notification, then click
Subscribe.
========
Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.
Please Do Not Attach logs to your posts unless you are advised to do so.
========
Please print out or copy this page to
Notepad in order to assist you when carrying out the following instructions.
========
P2P
P2P - I see you have P2P software LimeWire 4.18.2 installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.
References for the risk of these programs are
Here,
Here and
Here.
If removing Limewire, also remove this folder C:\Program Files\
Limewire
========
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Leave Java(TM) 6 Update 7 installed
========
Please download
SmitfraudFix (by
S!Ri) to your Desktop.
Do not run just yet, we will shortly
==========
Reboot your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
______________________________
Double-click on
SmitfraudFix.exe to start the tool.
Select option
#2 - Clean by typing
2 and press
Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "
Registry cleaning - Do you want to clean the registry?" answer
Yes by typing
Y and hit
Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer
Yes to the question "
Replace infected file?" by typing
Y and hit
Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
Reboot back into Safe Mode.
The tool will create a log named
rapport.txt in the root of your drive, eg: Local Disk C:
(C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
• "Security Info"
• "Warning Message"
• "Security Desktop"
• "Warning Homepage"
• "Desktop Uninstall"
Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.
=========
Reboot back into normal mode
=========
Double-click on
SmitfraudFix.exe to start the tool.
Select option
#3 - Delete Trusted zone by typing
3 and press
Enter
Answer
Yes to the question "Restore Trusted Zone ?" by typing
Y and hit
Enter.
Note, if you use
SpywareBlaster and/or
IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
========
Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/comb...o-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once the Recovery Console is installed using ComboFix, you should see a message that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click
Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
==========
Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.
==========
Logs Required
C:\rapport.txt
C:\Combofix.txt
Hijackthis Log