Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.
* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *
Download & install -
CleanUp.exe (not recommended for WinXP64)
Download & extract it to it's own folder -
smitRem.exe
Right click on this & choose "Save As..." FixSF.reg -
FixSF.reg
Double click on FixSF.reg & allow it to merge into the Registry
Download and install
Ewido Security Suite- When installing, under "Additional Options",
- uncheck - Install background guard
- Have Ewido update itself & then exit the program.
If you are having problems with the updater, you can use this
link to manually update Ewido
'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downlaoding.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *
Do a HijackThis scan & place a check next to these items and select "Fix checked":
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
* * * * * * USING HIJACKTHIS' DELETE ON REBOOT * * * * * *
Start HiJackThis & go to Config>Misc.Tools>
Delete a file on reboot... - In the popup box that appears, copy/paste in:
- C :\Windows\System32\dxmpp.dll
- Click the Open button.
- Click YES when prompted to restart your computer.
* * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * *
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the option to run Windows in Safe Mode.
* * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * *
Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs:
Please note any other programs that you dont recognize in that list in your next response
* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *
If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools -> Folder Options -> View tab.
- Tick - 'Show hidden files and folder'
- Untick - 'Hide file extensions for known types'
- Untick - 'Hide protected operating system files'
- Click Yes to confirm & then click OK
Locate and delete the following files/folders: (let me know if you fail to find/delete any)
- C:\Program Files\SpyFalcon\
* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *
Run
Cleanup! using the following configuration:
1. Click Options...
2. Set the slider initially to
Standard CleanUp!
3.
Uncheck the following:
- Delete Newsgroup cache
- Delete Newsgroup Subscriptions
- Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program.
6. Do NOT reboot/logoff if prompted.
* CleanUp! will not create any backups!!
* * * * * * RUNNING ADDITIONAL SCANNERS * * * * * * * * * * *
Open the
smitRem folder, then double click the
RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
* * * *
Next go to
Control Panel click Display>Desktop>Customize Desktop>Web> Now,
Uncheck Everything and delete if present:
- "Security Info"
- "Warning Message"
- "Security Desktop"
- "Warning Homepage"
- "Desktop Uninstall"
Also make sure the
'Lock desktop items' box is
unticked. Click
OK, and then Click
Apply, then
OK.
* * * * *
Run
Ewido with it's updated definitions:(...it's important that all windows must be closed)
- Click Scanner
- Click Complete System Scan to begin scanning.
- Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
- "Perform action on all infections"
- .Choose clean and click OK.
Once finished, click the
Save report button & save the report to your desktop
** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.
* * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * *
Perform an online scan with Internet Explorer with
Panda ActiveScan - Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
- Click Scan Now
- Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting
My Computer- If it finds any malware, it will offer you a report.
- Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
- Click on see report. Then click Save report
Post the contents of the report in your next reply
*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan
* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * *
In your next post, please include fresh copies of:
- HiJackThis log
- Online scan
- Smitfiles.txt
- Ewido's log
Let us know if any problems persist.