Tech Support Forum - View Single Post

MoralTerror · 02-11-2007, 09:30 AM

Hi scunnered

Please print out or copy this page to Notepad in order to assist you while carrying out the following instructions. This page will not be available to you at some points during the fix. Please read the instructions carefully before you begin and if you have any questions then post them here before continuing.

This process is not instant and may take several posts. Please ensure you continue with the instructions until you are told you are clear. Lack of symptons does not mean lack of malware.

Please make sure you close all other windows including browsers when carrying out the fix. It is important you carry out the instructions in the exact order stated.

--------------------------------------------------------------
Downloads

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.
--------------------------------------------------------------
Show Hidden Files/Folders

Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.
--------------------------------------------------------------
Safe Mode

Boot to Safe Mode (by repeatedly tapping F8 until the menu appears)
--------------------------------------------------------------
Fixes and Deletions

Scan with HijackThis and check the following entries (If they still exist) (make sure not to miss any)

O4 - HKLM\..\Run: [nvchost] C:\WINDOWS\winlogon.exe

Remember to close all other windows and click Fix Checked

Delete the following File (if it still exists)

C:\WINDOWS\winlogon.exe <<<< only delete from this location c:\windows\system32\winlogon.exe is a legit file

--------------------------------------------------------------
Tools and Scanners

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

--------------------------------------------------------------
Normal Mode

Reboot to normal mode
--------------------------------------------------------------
Online Scanners

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------
Required Logs

AVG AntiSpyware report
Panda report
new HijackThis log

02-11-2007, 09:30 AM	#3 (permalink)
MoralTerror Analyst, Security Team Join Date: Nov 2005 Location: UK Posts: 1,968 OS: xp	Hi scunnered Please print out or copy this page to Notepad in order to assist you while carrying out the following instructions. This page will not be available to you at some points during the fix. Please read the instructions carefully before you begin and if you have any questions then post them here before continuing. This process is not instant and may take several posts. Please ensure you continue with the instructions until you are told you are clear. Lack of symptons does not mean lack of malware. Please make sure you close all other windows including browsers when carrying out the fix. It is important you carry out the instructions in the exact order stated. -------------------------------------------------------------- Downloads Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Download AVG Anti Spyware Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows" Install AVG Anti Spyware Double-click the icon on Desktop to launch AVG On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly. -------------------------------------------------------------- Show Hidden Files/Folders Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK. -------------------------------------------------------------- Safe Mode Boot to Safe Mode (by repeatedly tapping F8 until the menu appears) -------------------------------------------------------------- Fixes and Deletions Scan with HijackThis and check the following entries (If they still exist) (make sure not to miss any) O4 - HKLM\..\Run: [nvchost] C:\WINDOWS\winlogon.exe Remember to close all other windows and click Fix Checked Delete the following File (if it still exists) C:\WINDOWS\winlogon.exe <<<< only delete from this location c:\windows\system32\winlogon.exe is a legit file -------------------------------------------------------------- Tools and Scanners Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important). -------------------------------------------------------------- Normal Mode Reboot to normal mode -------------------------------------------------------------- Online Scanners Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place * Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan -------------------------------------------------------------- Required Logs AVG AntiSpyware report Panda report new HijackThis log