You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Please download
Ewido Anti-Malware it is a free version of the program.
- Install Ewido Anti-Malware
- When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
- Launch Ewido, there should be an icon on your desktop, double-click it.
- The program will now open to the main screen.
- You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
- The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
Close Ewido for now.
==============
Please download
ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
Close the program for now.
==================
Next, please reboot your computer in
Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
1) Double-click
ATF-Cleaner.exe to run the program.
Under
Main choose:
Select All
Click the
Empty Selected button.
If you use Firefox browser : Click
Firefox at the top and choose:
Select All
Click the
Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.
If you use Opera browser: Click
Opera at the top and choose:
Select All
Click the
Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.
Click
Exit on the Main menu to close the program.
For
Technical Support, double-click the e-mail address located at the bottom of each menu.
2) Open the
SmitfraudFix folder again and double-click
smitfraudfix.cmd
Select option #2 -
Clean by typing
2 and press "
Enter" to delete infected files.
You will be prompted : "
Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing
Y and press "
Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if
wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing
Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it does force a restart, please reboot into Safe Mode again, in order to complete the following step. If it does not reboot, please remain in Safe Mode until further notice.
3) Launch
Ewido from your Desktop :
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- You will be prompted to clean the first infection.
- Select "Perform action on all infections", then proceed.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido Anti-Malware.
4) Reboot your computer normally.
If SmitfraudFix did not force a reboot, then you should now see a text file appear onscreen with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at
C:\rapport.txt
Note : running option #2 on a non infected computer will remove your Desktop background.
5) Post the content of
rapport.txt, the
Ewido report and a new
HijackThis! log in your next reply.
Unsolved 
Offline 
