Hi malagamad, Welcome to TSF !!
I recommend you Subscribe to this thread (if you have not already done so) so you are notified of any replies via email
To do this :
Click Thread Tools, then click Subscribe to this Thread
Make sure it is set to Instant Notification by email, then click Subscribe
You may wish to print out a copy of these instructions to follow while you complete this procedure
You are currently using HijackThis from a temporary directory, this can cause problems.
HijackThis creates backups, these are needed in case of any recovery issues.
Open My Computer
Click on your Root drive (usually Local Disk (C
)
Right Click on an empty space and move your mouse over New then select Folder
Rename it (example:HJT), and move HijackThis.exe to that folder.
While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
This is a two step process :
First :
Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
Choose Exit Spybot S&D Resident
Second :
Open Spybot S&D
Click Mode, check Advanced Mode
In the Left Panel, Click Tools, then also in left panel, click Resident
If your firewall raises a question, say OK
UNcheck the box labeled Resident Tea-Timer and OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
If you don't do it this way, the registry settings remain when you exit.
In addition TeaTimer may put itself back
I need you to download some programs to aide in our fix :Do Not Run Them Yet
Download SmitfraudFix© by S!Ri to your Desktop.
Download ATF (Atribune Temp File) Cleaner© by Atribune
Download and Install AVG Anti-Spyware© by Grisoft
Launch AVG Anti-Spyware, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update AVG Anti-Spyware to the latest definition files.
On the main screen select the icon Update then select the Update now link
Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Close AVG Anti-Spyware
Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter
Double-click smitfraudfix.exe
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you
You will be prompted : Registry cleaning - Do you want to clean the registry ? answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll
Answer Yes to the question Replace infected file ? by typing Y and hit Enter.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed
A reboot may be needed to finish the cleaning process, if your computer does not restart automatically please do it yourself manually
Reboot back into Safe mode
Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose: Select All
Click the Empty Selected button.
Firefox :
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
Run AVG Anti-Spyware
Click on Scanner at top
Click on Settings
Once in the Settings screen click on Recommended actions and then select Quarantine
Under Reports, Select Automatically generate report after every scan
Un-Select Only if threats were found
Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time
Once the scan is complete do the following :
If you have any infections you will prompted, then select Apply all actions
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Now close AVG Anti-Spyware
Reboot into Normal Mode
Please run Panda's ActiveScan and perform a full system scan.
Once you are on the Panda site click the Scan your PC button (be sure to disable your popup blocker first )
A new window will open...click the big Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
Click on Local Disks to start the scan
Click on see report Then click Save report
Post a fresh HijackThis log, the contents of the rapport.txt file, the AVG Anti-Spyware log, and the Panda ActiveScan log here
(You may need to use several replies as the logs may be cut off)
Thank you !
I recommend you Subscribe to this thread (if you have not already done so) so you are notified of any replies via email
To do this :
Click Thread Tools, then click Subscribe to this Thread
Make sure it is set to Instant Notification by email, then click Subscribe
You may wish to print out a copy of these instructions to follow while you complete this procedure
You are currently using HijackThis from a temporary directory, this can cause problems.
HijackThis creates backups, these are needed in case of any recovery issues.
Open My Computer
Click on your Root drive (usually Local Disk (C
)Right Click on an empty space and move your mouse over New then select Folder
Rename it (example:HJT), and move HijackThis.exe to that folder.
While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
This is a two step process :
First :
Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
Choose Exit Spybot S&D Resident
Second :
Open Spybot S&D
Click Mode, check Advanced Mode
In the Left Panel, Click Tools, then also in left panel, click Resident
If your firewall raises a question, say OK
UNcheck the box labeled Resident Tea-Timer and OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
If you don't do it this way, the registry settings remain when you exit.
In addition TeaTimer may put itself back
I need you to download some programs to aide in our fix :Do Not Run Them Yet
Download SmitfraudFix© by S!Ri to your Desktop.
Download ATF (Atribune Temp File) Cleaner© by Atribune
Download and Install AVG Anti-Spyware© by Grisoft
Launch AVG Anti-Spyware, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update AVG Anti-Spyware to the latest definition files.
On the main screen select the icon Update then select the Update now link
Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Close AVG Anti-Spyware
Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter
Double-click smitfraudfix.exe
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you
You will be prompted : Registry cleaning - Do you want to clean the registry ? answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll
Answer Yes to the question Replace infected file ? by typing Y and hit Enter.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed
A reboot may be needed to finish the cleaning process, if your computer does not restart automatically please do it yourself manually
Reboot back into Safe mode
Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose: Select All
Click the Empty Selected button.
Firefox :
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
Run AVG Anti-Spyware
Click on Scanner at top
Click on Settings
Once in the Settings screen click on Recommended actions and then select Quarantine
Under Reports, Select Automatically generate report after every scan
Un-Select Only if threats were found
Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time
Once the scan is complete do the following :
If you have any infections you will prompted, then select Apply all actions
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Now close AVG Anti-Spyware
Reboot into Normal Mode
Please run Panda's ActiveScan and perform a full system scan.
Once you are on the Panda site click the Scan your PC button (be sure to disable your popup blocker first )
A new window will open...click the big Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
Click on Local Disks to start the scan
Click on see report Then click Save report
Post a fresh HijackThis log, the contents of the rapport.txt file, the AVG Anti-Spyware log, and the Panda ActiveScan log here
(You may need to use several replies as the logs may be cut off)
Thank you !
