Hi and Welcome to TSF
Please do
NOT bump your thread unless no one has replyed in 24 hrs. We will overlook it every time!
Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.
Also make sure you are using the the latest version (1.99.1) of
HijackThis and it's installed in it's own folder on the root drive.
(C:\HJT)
Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible.
Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it’s
NOT checked. We want system restore
ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point.
Download
Hoster http://www.greyknight17.com/spy/Hoster.exe
Download and install
CleanUp! but
do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
Download
smitRem.exe and save the file to your desktop.
Double click on the file and it will extract it’s files into it's own
folder on the desktop.
Place a shortcut to
Panda ActiveScan on your desktop.
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Please read
Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do
NOT run a scan yet.
If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!
Open
Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "
Options..."
*Move the arrow down to "
Custom CleanUp!"
*Put a check next to the following:
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
[X]Scan local drives for temporary files (Please uncheck this option)
- Cleanup! All Users
Click
OK
Press the
CleanUp! button to start the program. Reboot/logoff when prompted
Next, please reboot your computer in
SafeMode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items:
O1 - Hosts: 1159680172 auto.search.msn.com
O4 - HKLM\..\Run: [intell32.exe] C:\WINNT\system32\intell32.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
Then click fix.
Run the Hoster program and select
"Restore Orginal Hosts File"
Open the
smitRem folder, then double click the
RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named
smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply
Open Ad-aware and do a full scan. Remove all it finds.
Run Ewido:
- Click [Scanner]
- Click [Complete System Scan] to begin scanning.
- Click [OK] when prompted to clean files
- With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
- Once finished, click the [Save report] button
- Save the report to your desktop
Close Ewido
Next go to
Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "
Security Info" if present.
Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Save the scan log and post it along with a new
HijackThis Log the
Ewido Log and the
smitfiles.txt log.
So I Need...
Ewido log
Panda log
Hijackthis log
smitfiles.txt log