Hi and Welcome to TSF
Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.
Also make sure you are using the the latest version (1.99.1) of
HijackThis and it's installed in it's own folder on the root drive.
(C:\HJT)
Please go to at least two of these sites and run an online Virus Scan.
Be sure to have the AutoFix box(s) checked if the site has that option.
http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/actives..._principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/virusinfo/virusscan.aspx
Download and install
CleanUp! but
do not run it yet.
*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
Download, install, and update
Ewido Security Suite- Install ewido security suite
- Launch ewido, there should be a big E icon on your desktop, double-click it.
- The program will prompt you to update click the OK button
- The program will now go to the main screen
You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update
- Click on Start
The update will start and a progress bar will show the updates being installed.
After the updates are installed, exit Ewido
Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible.
Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it’s
NOT checked. We want system restore
ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point.
Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one
IF they are still listed (they shouldn't be but make sure)
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\
mssearchnet.exe<--delete that file
Run Ewido:
- Click [Scanner]
- Click [Complete System Scan] to begin scanning.
- Click [OK] when prompted to clean files
- With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
- Once finished, click the [Save report] button
- Save the report to your desktop
Close Ewido
Open
Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "
Options..."
*Move the arrow down to "
Custom CleanUp!"
*Put a check next to the following:
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
[X]Scan local drives for temporary files (Please uncheck this option)
- Cleanup! All Users
Click
OK
Press the
CleanUp! button to start the program. Reboot/logoff when prompted.
Once back to normal windows....
Perform an online scan with Internet Explorer with
Panda ActiveScan
**
click on "Free use ActiveScan" located on the top right hand corner - Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
- Click Scan Now
- Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting
My Computer- If it finds any malware, it will offer you a report.
- Click on see report. Then click Save report
Please post that log in your next reply along with the Ewido log.