Hi roman_331
Please read through the instructions before you start (you may want to print this out).
Please set your system to show all files; please see here if you're unsure how to do this.
Please download and install AD-Aware se.
Click Here on how setup and use it - please make sure you update it first. Don't run yet.
Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.
Download Ewido Trojan’s and malware remover http://www.ewido.net/en/download/
This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.
Ewido will auto-udate. Don't run yet
download CWShreader here please dont run it yet.
Reboot into Safe Mode: please see here if you are not sure how to do this.
Run Ewido full scan. Save the scan.log and post the log.
Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an check in the boxes, only next to these following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocnv.dll/warningAPI.htm#ID=MS038005;BGW;
R3 - Default URLSearchHook is missing
O1 - Hosts: 123.123.123.123 www.nittorevolution.com
O1 - Hosts: 123.123.123.123 nittorevolution.com
O4 - HKLM\..\Run: [Fast Search] C:\WINDOWS\system32\svcnv.exe home
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
Click on Fix Checked when finished and exit HijackThis.
Run Ad-aware se let it remove all it finds
Now run CWShreader
Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:
Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer (Yes.)
C:\WINDOWS\system32\svcnv.exe home
Let the system reboot as normal.
Download the Hoster from here:
http://www.funkytoad.com/download/hoster.zip
Unzip the file and press "Restore Original Hosts" and press "OK". Exit Program.
Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.stevengould.org/cleanup/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingcomputer.com/forums/tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button
When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix.
Please run the following free, online virus scans.
http://enterprises.pandasoftware.com/products/activescan/com/activescan_principal_companies.htm
Please post the log From Panda virus scan. We will need them to remove previous infections that have left files on your system.
Run HijackThis and post the new log.
Kc
Please read through the instructions before you start (you may want to print this out).
Please set your system to show all files; please see here if you're unsure how to do this.
Please download and install AD-Aware se.
Click Here on how setup and use it - please make sure you update it first. Don't run yet.
Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.
Download Ewido Trojan’s and malware remover http://www.ewido.net/en/download/
This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.
Ewido will auto-udate. Don't run yet
download CWShreader here please dont run it yet.
Reboot into Safe Mode: please see here if you are not sure how to do this.
Run Ewido full scan. Save the scan.log and post the log.
Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an check in the boxes, only next to these following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocnv.dll/warningAPI.htm#ID=MS038005;BGW;
R3 - Default URLSearchHook is missing
O1 - Hosts: 123.123.123.123 www.nittorevolution.com
O1 - Hosts: 123.123.123.123 nittorevolution.com
O4 - HKLM\..\Run: [Fast Search] C:\WINDOWS\system32\svcnv.exe home
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
Click on Fix Checked when finished and exit HijackThis.
Run Ad-aware se let it remove all it finds
Now run CWShreader
Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:
Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer (Yes.)
C:\WINDOWS\system32\svcnv.exe home
Let the system reboot as normal.
Download the Hoster from here:
http://www.funkytoad.com/download/hoster.zip
Unzip the file and press "Restore Original Hosts" and press "OK". Exit Program.
Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.stevengould.org/cleanup/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingcomputer.com/forums/tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button
When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix.
Please run the following free, online virus scans.
http://enterprises.pandasoftware.com/products/activescan/com/activescan_principal_companies.htm
Please post the log From Panda virus scan. We will need them to remove previous infections that have left files on your system.
Run HijackThis and post the new log.
Kc
