Welcome to Tech Support Forum
Virus/Trojan/Spyware Removal Help
(formerly Hijackthis Log Help)
* DO NOT FIX ANY ENTRIES OR DELETE ANY FILES YOURSELF. Do not run any specialized tools that you see being used in other threads without direct supervision from one of our trained analysts. Be advised that running any specialized tools not listed in this topic, on your own, is done solely at your own risk
* It is also this forum's policy that we only address users with a legal copy of Windows. If during the course of a fix it is determined that the copy is not legal, we must stop the cleansing process.
How Soon Can I Expect Help?
Please be considerate of the fact that the people helping you are all volunteers, and in many cases usually have a job, and a limited amount of time to help, and therefore can only do so much. Also please note that there are many more people in need of assistance than there are trained staff members who may assist. Patience for this free assistance is required. If there is an immediate need, please take the machine to a local technician.
If no one has replied to your thread within 72hrs
after you posted, please reply in your thread with the words "BUMP, please"
to move it forward. Do NOT bump the thread unless 72 hours has passed. We try to work from oldest to newest posts so your wait will be longer if you bump it forward before the 72 hours is up. When looking threads to respond to, we look for threads with 0 reply, or 1 reply. If you bump, or add a post prior to the 72 hrs, your thread is highly likely to be overlooked by our queuing methods.
Additionally, do not bump more than once. If you do, it may appear as though the thread is being handled, and it may be overlooked. Early bump posts will be deleted.
We are aware that users sometimes seek help from several Forums at the same time. Unfortunately, this can cause confusion and actually wastes time and resources - yours, ours and other Volunteers across the community. If you have already posted at another Forum, please advise us, or them, and choose just one.
Also be advised:
It is not our intent to repeatedly remove malware from the same member's machines. The intent of this free service performed by volunteers is to help remove malware from your machine, educate you on how it may have happened, and how to prevent that from happening again. To this end, we provide links to articles and tools which should make your visit to the Virus/Trojan/Spyware Help section of TSF a one time event. Please do enjoy the rest of Tech Support Forum as many times as you like!
Change Your Login and Passwords to Financial Sites
Many infections that the commercial scanners are failing to remove are the type of infections that allow hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer
and change all login and passwords where applicable. It would be wise to contact those same financial institutions to apprise them of your situation.
Do not change passwords or do any transactions from the infected computer until it has been cleaned.
Preparing for the Malware Removal Process
While we try our hardest to avoid them, accidents do happen. With today's malware being as it is, neither Tech Support Forum nor the Analyst providing the advice may be held responsible for any loss of your data. You're following the instructions given at your own risk. We recommend that you back up any data thatís important to you beforehand, just in case the worst happens.
As a general rule, to offset any unexpected mishaps, your personal data should be backed up
regularly. If you do not already have a process in place that backs up your data, it is highly recommended you do this now.
. If you suspect the machine to have cracked (illegal) software installed, click here
. Uninstall the following via Add or Remove Programs in Control Panel:
- If you have more than one antivirus software installed, leave only ONE and uninstall the others.
- File Sharing programs, otherwise known as P2P programs (Peer to Peer) such as uTorrent, Bittorrent, LimeWire, Morpheus, Azureus, Kazaa., as they are a major conduit for malware and a likely source of your current issues. See this link
Downloads and Reports Required:
Before scanning, ensure all other running programs are closed. Do not use your computer for anything else during the scan.
Also, ensure there aren't any scheduled antivirus scans running while the FRST scan is being performed.
- Some antivirus programs falsely
as a threat.
and save it to your desktop from here
Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system; that will be the right version.
then click the 'Scan' button to run the tool.
When done, FRST
will save 2 logs to your desktop.
How the logs should be furnished:
Copy/Paste the contents of 'FRST.txt' to be posted as text to your post.
** the 'Addition.txt' log to your reply.
When posting your reply, the Addition.txt file may be attached by clicking the [Manage Attachments]
It's located under [Additional Options]
on the composition page.
Browse to where you saved the file, and click Upload
When posting the logs, please observe the following
- Describe your issue/problem in DETAIL!. We cannot second guess as to what your issue(s) may be. Please provide as much detail as possible, including virus/trojan/worm names and locations if available. The more information you can give us the better we can help
- Only Attach the logs that we've specifically requested for you to. (Otherwise post it as text in the Reply box).
- DO NOT Wrap the log using Quote or Code tags. (DO make sure notepad word-wrap is OFF)
- DO NOT Post another Programís log (Unless we specifically ask for it)
- DO NOT Cut off the header of any log (It contains important information for the Analyst)
- DO NOT Private Message the Analyst unless asked to do so.
- DO NOT post live suspicious links. We do appreciate that you want to give as much information as possible, but the links need to be munged. Alter the links to use hxxp:// instead of https://
to post the following logs in the Virus/Trojan/Spyware Help Forum
- FRST.txt - copy/pasted directly into Reply box
- Addition.txt - attached to post
- Rootkits and other infections that alter critical/legit Windows files have become commonplace. To facilitate a more rapid cleaning of your system, also tell us whether or not you have/have access to a Windows Install disc, or a Boot CD
Once you have posted, subcribe to your thread by going to Thread Tools
located at the top of the thread.
. Make sure it is set to Instant Notification
This concludes the basic steps required before posting your logs. Thank you for taking the time to read this.