Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.
Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
---------------------------------------------------------------------------------------------
Download these programs. Do not run them except as directed.
smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.
*Note* Alternate download sites for smitrem... http://www.downloads.subratam.org/smitRem.exe
http://www.bleepingcomputer.com/file...ar/smitRem.exe
DelDomains.inf
Right-click and select
Save Target As - save it to your desktop.
To use: Right-click and select....... Install (no need to restart)
**Note** This will remove all entries in the
"Trusted Zone"
---------------------------------------------------------------------------------------------
Download and install
CleanUp!
NOTE: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!. Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it! If you don't already know, you're probably not using XP64, but you can download & run this tool to find out for sure.....http://www.kellys-korner-xp.com/regs...p_whichcpu.exe
Download
Ewido Anti-Malware- Install Ewido Anti-Malware
- When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
- Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to
manually update Ewido
When you have finished updating,
EXIT Ewido.
---------------------------------------------------------------------------------------------
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.
---------------------------------------------------------------------------------------------
Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:
QuickBar
NewDotNet
---------------------------------------------------------------------------------------------
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist
(make sure you do not miss any) and click
Fix Checked
O2 - BHO: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\PROGRA~1\quickbar\quickbar.dll
O3 - Toolbar: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\PROGRA~1\quickbar\quickbar.dll
---------------------------------------------------------------------------------------------
Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.
Delete the following if they exist:
C:\Program Files\quickbar
C:\Program Files\NewDotNet
---------------------------------------------------------------------------------------------
Open the
smitRem folder, then double click the
RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
---------------------------------------------------------------------------------------------
Run
Cleanup! using the following configuration:
Open
Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "
Options..."
Move the arrow down to "
Custom CleanUp!"
Put a check next to the following (
Make sure nothing else is checked!):
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files (if present)
- Cleanup! All Users
- Click on the Temporary Files tab and uncheck the box for Scan drives for files matching if it’s checked.
Click
OK
Press the
CleanUp! button to start the program.. Do NOT Reboot/logoff when prompted.
* CleanUp! will not create any backups!!
---------------------------------------------------------------------------------------------
Run
Ewido with it's updated definitions:(...it's important that all windows must be closed)
- Click Scanner
- Click Complete System Scan to begin scanning.
- Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
- "Perform action on all infections"
- .Choose clean and click OK.
Once finished, click the
Save report button & save the report to your desktop
** Ewido scan would require at least an hour.
---------------------------------------------------------------------------------------------
Next go to
Control Panel click Display>Desktop>Customize Desktop>Web> Now,
Uncheck Everything and delete if present:
- "Security Info"
- "Warning Message"
- "Security Desktop"
- "Warning Homepage"
- "Desktop Uninstall" or something similar
Also make sure the
'Lock desktop items' box is
unticked. Click
OK, and then Click
Apply, then
OK.
---------------------------------------------------------------------------------------------
Restart in Normal Mode
---------------------------------------------------------------------------------------------
Perform an online scan with Internet Explorer with
Panda ActiveScan
**
click on "Free use ActiveScan" located on the top right hand corner - Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
- Click Scan Now
- Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting
My Computer- If it finds any malware, it will offer you a report.
- Click on see report. Then click Save report
Post the contents of the report in your next reply
*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan
---------------------------------------------------------------------------------------------
Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.
---------------------------------------------------------------------------------------------
In your next post, please provide results from:
Smitfiles.txt
Ewido's log
Online scan
HiJackThis log