Tech Support Forum - View Single Post

forhockey · 02-18-2007, 10:52 AM

Please save these instructions to Notepad as the internet will not be available to you at certain points of the removal process.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below.
Make sure to work through all the Steps in the exact order in which they are listed below.
If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

---------------------------------------------------------------------------------------------

The cleaning process is not instant. Please follow through to the end until I tell you your machine is clear.
The absence of symptoms does not mean that everything is clean.

Please make every effort to reply to my posts in a timely manner. Malware spreads quickly, and the longer an infection remains on a system, increases the llikelihood of any additional infections coming into your computer.

---------------------------------------------------------------------------------------------

Open My Computer. Select the View menu and click Folder Options. Select the View Tab then select Show all files in the Hidden files section. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.

---------------------------------------------------------------------------------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

DO NOT run SDFix yet. We will shortly

---------------------------------------------------------------------------------------------

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

---------------------------------------------------------------------------------------------

Download and install CCleaner..http://www.ccleaner.com/ccdownload.asp

*Note* On the install please uncheck the option "Add CCleaner Yahoo toolbar and use CCleaner from within IE"

1. Open the program and the "Cleaner" button should be active.
2. Click on "Run Cleaner"
3. Once thats done it will clean out the TEMP folder.
4. Now click on "Issues" and then "Scan for Issues"
5. Once it's done checkmark ALL it finds and click "Fix Selected Issues"
6. It will ask you if you want to back up the registry entrys it's removing so please do so. If it removes anything important..just locate the .reg file you saved...double click on it to add the entrys back.

Close the program.

---------------------------------------------------------------------------------------------

P2P Software

P2P - I see you have P2P software BitComet & BitTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

---------------------------------------------------------------------------------------------

Enter Safe Mode

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8
Instead of Windows loading as normal, a menu should appear
Use the up arrow key to highlight Safe Mode and press Enter.
Login with your usual account

Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

---------------------------------------------------------------------------------------------

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

K-Lite Mega Codec Pack 1.35 - Is a component of Kazaa, which is known for its adware
thriXXX 3DSexVilla-030.001 <<<These types of programs usually contain adware, so I suggest you uninstall the program

---------------------------------------------------------------------------------------------

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\FOUND.003
C:\FOUND.004
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\smdat32a.sys
C:\Program Files\Common Files\{262916F0-0512-1033-0804-03121620002c}
C:\Program Files\F?nts<<<The question mark can be any random character
C:\Program Files\Altnet
C:\Program Files\thriXXX

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

---------------------------------------------------------------------------------------------

Run SDFix

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
Paste the contents of the Report.txt back on the forum

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Paste the Panda Scan report here together with a new HiJack This log.

---------------------------------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware Report
Report.txt Log
Panda results
New HijackThis Log

02-18-2007, 10:52 AM	#3 (permalink)
forhockey Analyst, Security Team Join Date: Sep 2006 Location: Ontario, Canada Posts: 2,930 OS: Windows 7 Ultimate	Please save these instructions to Notepad as the internet will not be available to you at certain points of the removal process. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes. --------------------------------------------------------------------------------------------- The cleaning process is not instant. Please follow through to the end until I tell you your machine is clear. The absence of symptoms does not mean that everything is clean. Please make every effort to reply to my posts in a timely manner. Malware spreads quickly, and the longer an infection remains on a system, increases the llikelihood of any additional infections coming into your computer. --------------------------------------------------------------------------------------------- Open My Computer. Select the View menu and click Folder Options. Select the View Tab then select Show all files in the Hidden files section. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK. --------------------------------------------------------------------------------------------- Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) DO NOT run SDFix yet. We will shortly --------------------------------------------------------------------------------------------- Download AVG Anti Spyware Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows" Install AVG Anti Spyware Double-click the icon on Desktop to launch AVG On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly. --------------------------------------------------------------------------------------------- Download and install CCleaner..http://www.ccleaner.com/ccdownload.asp *Note* On the install please uncheck the option "Add CCleaner Yahoo toolbar and use CCleaner from within IE" 1. Open the program and the "Cleaner" button should be active. 2. Click on "Run Cleaner" 3. Once thats done it will clean out the TEMP folder. 4. Now click on "Issues" and then "Scan for Issues" 5. Once it's done checkmark ALL it finds and click "Fix Selected Issues" 6. It will ask you if you want to back up the registry entrys it's removing so please do so. If it removes anything important..just locate the .reg file you saved...double click on it to add the entrys back. Close the program. --------------------------------------------------------------------------------------------- P2P Software P2P - I see you have P2P software BitComet & BitTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. --------------------------------------------------------------------------------------------- Enter Safe Mode Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8 Instead of Windows loading as normal, a menu should appear Use the up arrow key to highlight Safe Mode and press Enter. Login with your usual account Note: Some systems, this may be the F5 key, so try that if F8 doesn't work. --------------------------------------------------------------------------------------------- Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): K-Lite Mega Codec Pack 1.35 - Is a component of Kazaa, which is known for its adware thriXXX 3DSexVilla-030.001 <<<These types of programs usually contain adware, so I suggest you uninstall the program --------------------------------------------------------------------------------------------- Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\FOUND.003 C:\FOUND.004 C:\WINDOWS\smdat32m.sys C:\WINDOWS\smdat32a.sys C:\Program Files\Common Files\{262916F0-0512-1033-0804-03121620002c} C:\Program Files\F?nts<<<The question mark can be any random character C:\Program Files\Altnet C:\Program Files\thriXXX --------------------------------------------------------------------------------------------- Run AVG Anti-Spyware Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important). --------------------------------------------------------------------------------------------- Run SDFix Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt Paste the contents of the Report.txt back on the forum --------------------------------------------------------------------------------------------- Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place * Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan Paste the Panda Scan report here together with a new HiJack This log. --------------------------------------------------------------------------------------------- Please include the following in your next reply: AVG Anti-Spyware Report Report.txt Log Panda results New HijackThis Log __________________ Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum