Hello and Welcome to Daniweb's Viruses, Spyware and Other Nasties Forum!
In order for the few volunteers who offer a bit of their free time and expertise in this forum to assist you in a timely manner, please adhere to our rules and complete the following steps before posting a request for help:***
A - DO NOT Run combofix unless specifically directed to do so by a knowledgeable volunteer. Otherwise, you may be left with an undesirable result and nobody to assist you in repairing the damage.
B - Please Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum. Rather than write a long piece on the dangers of P2P, I'm just going to say this: P2P software circumvents common-sense security measures and opens a user's computer to a world of hurt. Our regular volunteers' time is valuable and most are not willing to waste it on a machine that is almost certain to be reinfected in short order. So, please remove or disable all P2P software for the duration of the cleaning process. Failure to do so may result in your thread being ignored.
C - Please endeavor to reply to your thread promptly and to follow all cleaning steps in a timely manner. The reason for this request is twofold: o Our volunteers can only address a limited number of threads at a time. If you wait too long to reply, they may move on to helping others and no longer have the free time to devote to your issues. o Malware tends to reconstitute itself if not addressed quickly and completely.
o You can put ATF-Cleaner on your Desktop for easy access. Leave it for now.
Download DDS by sUBs and save it to your Desktop. Just leave it there for now.
Download GMER Rootkit Scanner and save it to your Desktop. (this download will be randomly named in order to avoid detection by malware) Just leave it on the Desktop for now.
Now, please begin the Initial Cleaning Process:
Please note that, if you have a 64-Bit Operating System, some of these steps may not be available to you. If a step gives you trouble, please make a note of it for us and continue on as best you can with the remaining steps.
If your OS is Windows 2000/2003, XP , Vista or Windows 7, please run the Microsoft® Windows® Malicious Software Removal Tool **Due to the increasing prevalence of Rootkits, this step is especially important if you do not run this tool regularly when visiting Windows Updates.
If you are able, RUN ATF-Cleaner.exe. o Click on ATF-Cleaner to run it o Where it says Select Files To Delete, Check the Select All Option o Click Empty Selected &gt; OK
If you use Firefox browser, do this also: Click Firefox at the top and choose Select All from the list. Click the Empty Selected button. NOTE : If you would like to keep your saved passwords, click No at the prompt. If you use Opera browser, do this also: Click Opera at the top and choose Select All from the list. Click the Empty Selected button. NOTE : If you would like to keep your saved passwords, click No at the prompt. Click Exit on the Main menu to close the program.
Please run the GMER Rootkit Scanner. (If, for some reason, GMER crashes or will not run, let us know and please continue with the MBA-M and DDS steps below.)
-- DoubleClick GMER's randomly named .exe file and, if asked, allow the gmer.sys driver to load. When GMER opens, it should automatically do a quick scan for rootkits. When the quick scan finishes, click the Save Button and save the scanlog to your Desktop as GMER One.log. -- If upon running GMER you receive a warning about Rootkit Activity and GMER asks if you want to run a scan, Click NO
-- Make sure the Rootkit/Malware Tab is selected (Top Left of GMER GUI) Along the Right Side of the GMER GUI there will be a number of checked boxes ( GMER GUI ). Please Uncheck the following:
Drives or Partitions other than your Systemdrive (usually C:\)
Show All (be sure this one remains Unchecked)
-- Then, click the Scan Button
Allow the scan as long as it needs and then click the save button and name the log GMER Two.log and save it to the desktop with the first GMER log. *******Disconnect from the internet and do not run any other programs while GMER is scanning. Temporarily disable any real-time anti-spyware or anti-virus protection so they do not interfere with the running of GMER. DO NOT take any action for any found items until a volunteer can have a look and advise you further.
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop. DoubleClick mbam-setup.exe and follow the prompts to install MBA-M. Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform full scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Please take note of any problems that you had with the above instructions and any problems that remain. When posting your thread requesting assistance, please describe the problem(s) in as much detail as possible.
ALSO, please submit a DDS ScanLog along with your post. Be sure follow the instructions below carefully! o If your AV has a script blocker, please disable it o DoubleClick on dds.scr to run the tool * A command box will open, displaying added information for your reading pleasure while DDS completes its scan. * Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt). *
o Copy&Paste both the DDS.txt and the DDS Attach.txt into your post for assistance.
When you post your request for assistance, please be sure to submit (Copy &amp; Paste, not as an attachment unless requested) these requested scanlogs:
o MalwareBytes' Anti-Malware log o GMER One.log and GMER Two.log o BOTH DDS ScanLogs (DDS.txt & Attach.txt) **
ADDITIONALLY: Please note that responses to threads requesting help may be limited as this is a community forum dependent on the free time and good will of volunteers. Many forums are overwhelmed with requests for help and have few volunteers, so please do not be offended if there are few or no replies to your post. Also, please be aware that not all of the advice given in an open forum is accurate. Do not be afraid to question any advice you believe to be suspect!
*~ PhilliePhan ~ * Originally Posted 7-16-2008
THREADS/POSTS WILL NOT BE DELETED ON REQUEST. NO EXCEPTIONS, SO THINK BEFORE YOU POST