Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this
webpage would not be available when you're carrying out the fix.
IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.
----------------------------------------
Please submit the following file to
Jotti File Scan
C:\Documents and Settings\Puraj\IOGuyou.exe
At the top of the window you should see
"File to Upload & Scan" and a blank box. Copy and paste the
red text from above into the box.
Then click
"submit".
When it is finished, please copy and paste the information listed under
"Service" and
"Scanner Results" back in this thread.
----------------------------------------
DISABLE ANTI-SPYWARE APPLICATIONS
Please disable these Anti-Spyware programs as they may interfere with this fix. You may re-enable them after we clean your system.
Microsoft AntiSpyware
- Right click the Microsoft AntiSpyware icon located in the system tray
- Click on Security Agents Status (Enabled)
- Click on Disable Real-time Protection
----------------------------------------
SAFE MODE RE-BOOT
Restart your computer and boot into
Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list).
In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.
----------------------------------------
FIXES AND DELETIONS
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries
(If they still exist, make sure you do not miss any)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O21 - SSODL: System - {45673737-D1D1-4ECA-8760-AD3EFE7B0541} - dgflib.dll (file missing)
Please remember to close all other windows, including browsers then click Fix checked.
----------------------------------------
UNHIDE HIDDEN FILES
Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.
----------------------------------------
Delete the following Files indicated in
RED and Folders indicated in
BLUE if they still exist.
C:\system.exe
C:\WINDOWS\SYSTEM32\dgflib.dll
C:\WINDOWS\rundll.exe
C:\WINDOWS\bookmarks.exe
C:\WINDOWS\remtm3.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
----------------------------------------
SYSTEM RE-BOOT
Reboot into
Normal Mode.
----------------------------------------
Clear Temp Files and Cache
Clean IE Cookies
- Close all instances of Outlook Express and Internet Explorer.
- Go to Control Panel » Internet Options » General tab.
- Click the Delete Cookies.
- Next to it, Click the Delete Files button.
- When prompted, place a check in: Delete all offline content, click OK.
Clean Temporary Files
- Go to Start » Run » type: cleanmgr » OK.
- Choose (C:) and then click OK.
- Make sure these are the only ones that are checked :
- Temporary Internet Files
- Temporary Files
- Recycle Bin
- Click OK to remove them.
- Click Yes to confirm the deletion.
CLEAR JAVA CACHE
- Go to Control Panel and click on Java (Coffee cup) to open the Java Control Panel
- In the Java Control Panel click on the General
- Under the Temporary Internet Files box, click on the Delete Files button
- Click OK
CLEAR Norton Quarantine
Please see Norton's
Instructions to clear the Quarantined files.
----------------------------------------
ON-LINE SCANS
Click
here to use the
F-Secure Online Scanner
It's explained there with images how to allow the ActiveX to start the scan, so read that first.
- Then click the F-Secure Online Scanner Next Generation Beta link.
- Click Yes to install the ActiveX control. ActiveX must be installed for the scanner to work
- Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
- Click the Full System Scan button.
- It will start to download scanner components and databases. This can take a while.
- The main scan will start.
- Once the scan finished scanning, click the Automatic cleaning (recommended) button
- It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
- The cleaning can take a while, so please be patient.
- Then click the Show report button and copy and paste what's present under results in your next reply
----------------------------------------
FOLLOW-UP
Please return and post these items:
Jotti report
F-Secure scan
A new HJT log run in Normal Mode
Please note: In order to properly see what is on your system, all HJT logs must be run in the normal mode