Until such time we've fully disinfected your machine, I suggest you stop using Interent Explorer.
Please download & use an alternative browser like
Firefox.
It's better to print out the next instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!.
If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are carrying out the procedures below.
~~~~~~~~~~~~~~
Double click L2mfix.bat
Select
option #4 - Merge Winlogon Notify Defaults - by typing
4
Type
E to exit the program.
(You may delete the L2MFix folder after that)
~~~~~~~~~~~~~~
Please download these additional files/programs :- (Do not run them unless instructed to do so)
Unplug your computer from the Internet when you have finished downloading
CleanUp! - Install
SilentRunners.vbs - Right click & choose Save As... SilentRunners.vbs to Desktop.
rkfiles.zip - Unzip to a new folder on Desktop
remv3.zip (look for the attachment) - Unzip to a new folder on the root drive C
~~~~~~~~~~~~~~
Please disable Webroot SpySweeper & Ewido's real-time scanner, as they may hinder the removal of some entries. You can re-enable it after you're clean.
To disable Webroot SpySweeper:
- Go to the Options>Program Options
- Uncheck Load at Windows Startup
- Click Shields & uncheck all items there
- Uncheck Home page shield.
- Automaticly restore default without notifiction
To disable Ewido's real-time scanner:
- Double click on the Ewido icon in system try
- Click on the status button
- Select Remove Guard
~~~~~~~~~~~~~~
Uninstall the following programs using Add/Remove Programs panel :
* Some entries may not be present
~~~~~~~~~~~~~~
Run a HiJackThis scan. Select the following entries & click
Fix checked :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = *
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOA...tallerProj1.cab
~~~~~~~~~~~~~~
Reboot to SafeMode
- Shut Windows down, and then turn off the computer.
- Restart the computer. The computer begins processing a set of instructions known as the Basic Input/Output System (BIOS). What is displayed depends on the BIOS manufacturer. Some computers display a progress bar that refers to the word BIOS, while others may not display any indication that this process is happening.
- As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the
[Windows Advanced Options] menu appears.
- Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.
~~~~~~~~~~~~~~
Enable the viewing of Hidden files- Double-click on the My Computer icon.
- Select the View menu and then click Folder Options.
- After the new window appears select the View tab.
- Scroll down until you see the Show all files radio button and select it.
- Press the Apply button and then the OK button and close the My Computer window.
- Now your computer is configured to show all hidden files.
= = =
Locate and delete the following folder(s), if present:
~~~~~~~~~~~~~~
Run Cleanup! & configure the program up as follows:
- Click Options...
- Move the arrow down to Custom CleanUp!
- Put a check next to the following:
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
- [X]Scan local drives for temporary files (Please uncheck this option)
- Cleanup! All Users
- Click OK
- Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will delete all the files in your temp folders without making a backup
~~~~~~~~~~~~~~
From the folder where you unzipped rkfiles to, double click
rkfiles.bat
It will scan for awhile, so please be patient.
Wait until the DOS window closes.
Open the C:\log.txt it created and rename it log1.txt.
Now Open the folder were you saved remv3.zip files and double click the
rem.bat file and let it run. It will delete the files and remove the infection and then make a log of the files it finds. The log file will be C:\log.txt and bad1.txt
**Note** Each tool uses log.txt as it’s output file so make sure you save the entry’s from one tools log before running the other as it will overwrite the file if you don’t.
~~~~~~~~~~~~~~
Reboot to Normal Mode
Do an online scan at
Panda. Take note of files it fails to disinfect. (names and locations)
* Turn off the real time scanner of any existing antivirus program while performing the online scan
~~~~~~~~~~~~~~
Before proceeding, disable any anti-virus or anti-spyware programs that may block/disable scripts
Double-click
SilentRunners.vbs to run it. This will take a few minutes.
When it's done, you'll receive the prompt "All Done!". It will create a file called "Startup Programs". Post ALL its contents here in your next reply.
~~~~~~~~~~~~~~
In your next post, please include fresh copies of:
1. HiJackThis log
2. List of files that online scans failed to disinfect
3. rkfiles & remv3 logs
4. SilentRunner's log
Please provide details of any problems you encountered whilst performing the above steps.
Update us on how your computer behaves now
__________________
Question - what have you done for the community today?