Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.
Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.
Please download Ewido Security Suite at
http://www.ewido.net/en/download/.
1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.
Now open Ewido and do a scan on your system.
* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.
Note: There is no need to purchase Ewido. It will remain as the freeware version after the trial period, which means the guard process will no longer work, but the scanner will be just as effective.
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
O2 - BHO: (no name) - {702EA91C-1ACF-4772-8078-18F2B2EE1031} - (no file)
Reboot in normal mode now.
Download
Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
- Choose Save, NOT run, and save to your desktop
- Double-click the tmas-web-scan.exe icon
- It will say "Loading TrendMicro definitions".
- Click "Start Scan"
After it's done scanning, click "
Scan Results"
- Make sure all items found have a check next to them, then click "Clean Threats Now".
- Click Exit.
Reboot your computer. I then need you to
repeat the same procedure above again... using the TrendMicro tool.
I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.
In place of the TrendMicro icon will be a text file called "
Antispyware.log", please double-click that log and
copy the entire contents and paste them here.
Restart and run a new HijackThis scan. Save the log file and post it here, along with the scan results from Ewido, and the Antispyware.log.