Quote:
|
When deleting the individual files listed, I also found a file C:/defender23a.exe. Should I have deleted that file as well?
|
No need. Ewido took care of it
C:\defender23a.exe -> Downloader.VB.adw : Cleaned with backup
Download
Brute Force Uninstaller to your desktop.
- Right click the BFU folder on your desktop, and choose Extract All
- Click "Next"
- In the box to choose where to extract the files to,
- Click "Browse"
- Click on the + sign next to "My Computer"
- Click on "Local Disk (C:\) or whatever your primary drive is
- Click "Make New Folder"
- Type in BFU
- Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download
Alcra PLUS Remover.
Save it in the same folder we just made. (C:\BFU).
Please reboot your computer to Safe Mode.
Run HJT and fix the following items:
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\ir22l5fo1.dll (file missing)
Close HJT.
Go to Start > Run and type:
regsvr32 /u occache.dll and click 'OK'.
Delete the following files:
- c:\windows\system32\f3PSSavr.scr
c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
c:\windows\keyboard1.dat
C:\Program Files\Snowball Wars\uninstaller.exe
C:\WINDOWS\system32\removefunc.ram
Go to Start > Run and type:
regsvr32 occache.dll and click 'OK'.
Please delete the following folders:
c:\Program Files\Norton Internet Security\
c:\Program Files\Common Files\Symantec Shared\
C:\Program Files\Snowball Wars\
Next please go to Start > My Computer and navigate to the
C:\BFU folder.
- Start the Brute Force Uninstaller by doubleclicking BFU.exe
- Behind the scriptline to execute field click the folder icon
and select alcanshorty.bfu
- Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
- Wait for the complete script execution box to pop up and press OK.
- Press exit to terminate the BFU program.
Reboot back to Normal Mode.
I now require you to Download and run
Look2meDestroyer. It was not a mistake the first time round. I want you to run it last intentionally.
Please run it now.
Here are the instructions if you need them again:
Please download Attribunes
Look2Me-Destroyer.exe to your desktop.
- Close all windows before continuing.
- Double-click Look2Me-Destroyer.exe to run it.
- Put a check next to Run this program as a task.
- You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
- When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
- Once it's done scanning, click the Remove L2M button.
- You will receive a Done Scanning message, click OK.
- When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
- Your computer will then shutdown.
- Turn your computer back on.
- Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.
If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new...b/MSWINSCK.OCX
In your next post, please provide:
1. A New HJT Log
2. The Look2Me Destroyer Log
3. A New Panda Log
4. A description of how your system is now.