OK- the next steps:
You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.
* Please download Ewido Anti-Malware it is a free version of the program.Install Ewido Anti-Malware
When installing, under "Additional Options" uncheck..Install background guard
Install scan via context menu
Launch Ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
Don't actually run a scan with ewido yet, just close it for now.
* Please download ATF Cleaner by Atribune. Save the file to your desktop or any other convenient locaiton. Again- don't run hte program yet.
* Run another HijackThis scan, put a check in the boxes to the left of the following entries, and then click the "Fix Checked" button. Close HijackThis once the fixes complete:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O4 - HKLM\..\Run: [5717e27.exe] C:\WINDOWS\system32\5717e27.exe
O4 - HKCU\..\Run: [5717e27.exe] C:\Documents and Settings\Ajinkya\Local Settings\Application Data\5717e27.exe
* Next, please reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
* Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser : Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
* Launch Ewido from your Desktop :Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido Anti-Malware.
* Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
Search for the following files and delete them if they still exist:
C:\WINDOWS\system32\5717e27.exe
C:\Documents and Settings\Ajinkya\Local Settings\Application Data\5717e27.exe
* Empty your Recycle Bin and reboot normally.
* Run another HijackThis scan ad post the log. Also post the log that ewido generated.
