Originally Posted by
maki 
I downloaded a KEYGEN file for a norton program(for a friend) from this site GRR damn it..
Yeah, well... that's what you get for trying to steal software, now isn't it? :mrgreen:
The "Smitfraud" malware variants are the nastiest, and are responsible for the bogus "security alert" warnings. They require the use of a specific removal utility and procedure, which can be found
here. Please perform the removal procedure carefully and fully.
For the rest of the malware, please perform the following steps:
You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.
1. Download
ATF-Cleaner and save it to convenient location.
2. Download the
free version of AVG Anti-Spyware (formerly ewido). Save the installer file to your desktop or any convenient folder.
* Run the installer, accepting the default options. Run the program once installed, click on the
Update icon at the top of the main AVG window, and allow the program to download the most current components.
* Close AVG once the updates have been downloaded.
3. Reboot into
Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).
* Double-click
ATF-Cleaner.exe to run the program.
- Click the
Main menu option.
- Check the
Select All box. (Uncheck cookies if you do not want them removed).
- Click the
Empty Selected button.
If you use Firefox browser:
- Click the
Firefox menu option.
- Check the
Select All box. (Uncheck cookies if you do not want them removed).
- Click the
Empty Selected button.
NOTE: If you would like to keep your saved passwords, click No at the prompt.
- Click
Exit on the Main menu to close the program.
* Run
AVG Anti-Spyware.
- Click on the "
Scanner" icon just to the right of the Update icon. In the Scanner window, click on the "
Settings" tab.
- Under "
How to act?", click on "
Recommended actions" and choose "
Delete" from the resulting menu.
- All boxes under "
How to scan" and "
Possibly unwanted..." should be checked.
- Under "
Reports", check "
Automatically generate report after every scan".
- Under "
What to scan", select "
Scan every file".
- Click on the "
Scan" tab, and then click on "
Complete System Scan" to start scanning. It usually takes at least 40 minutes to complete a full scan.
Once the scan is complete, a window listing all infected objects (if any are found) will be displayed. Below the list of infected objects, make sure the
Set all elements to: option is set to
Delete and then click the
Apply all actions button.
After the malicious items are deleted, you will be given the option to save the scan report; do that. The report is saved as a text file in the
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports folder. (The actual filename is a combination of the date and time of the scan.)
* Reboot the computer normally, run a new HijackThis scan, and post the log. Also open the AVG Anti-Spyware report in Windows Notepad and Cut-N-Paste the entire contents of that report as well.