Please print out or copy this page to
Notepad in order to assist you when carrying out the following instructions.
Viewing Hidden Files
Go to
My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the
Hide protected operating system files option.
Downloads(make sure to save these in a permanent location)
KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)
HijackThis!
Open Hijack This and click on Scan. Check the following entries
(make sure you do not miss any)
O4 - HKCU\..\Run: [MSAgentXP] C:\WINDOWS\system32\MSAgentXP.exe
O4 - HKCU\..\Run: [PhoneProc] C:\DOCUME~1\HIKARI~1\APPLIC~1\SETUPR~1\balm load.exe
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
Please remember to close all other windows, including browsers then click Fix checked.
Please open this folder and delete all files inside:
C:\Program Files\AVPersonal\INFECTED
Tools
Launch
KillBox.exe & select the following
options:
Select all the filenames below & then right-click & select Copy
- C:\WINDOWS\system32\MSAgentXP.exe
C:\WINDOWS\system32\XPAgent.exe
F:\Program Files\filesubmit\Battle Athletes - Victory\NNEZSTB3.exe
F:\WINDOWS\system32\uninst.exe
F:\WINDOWS\system32\w?auboot.exe
* Go to the File menu, and choose
Paste from Clipboard
* Click the
RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click No at the 'Pending Operations prompt'.
Open
Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:
Click
Options
Move the slider button down to
Custom CleanUp!
Check the following:
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
- Cleanup! All Users
Uncheck the following :
- Scan local drives for temporary files
Click
OK, Press the
CleanUp! button to start the program and reboot(Normal Mode) when prompted.
Online Scans
Please submit the following file to
Jotti File Scan
C:\WINDOWS\system32\tsappcmp.exe<<<If this file is not present please let me know.
This will produce a report after the scan is complete, please copy and paste those results in your next post
Please open IE and go to
Kaspersky WebScanner
Next Click on
Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click
Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Scan Archives
Scan Mail Bases
- Click OK
- Now under select a target to scan:
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
* Turn off the real time scanner of any existing antivirus program while performing the online scan
In your next post please include:
- Jotti Results
- Kaspersky Log
- A new Hijackthis! Log