Read me before posting a request for assistance


Hello and Welcome to Daniweb's Viruses, Spyware and Other Nasties Forum!

In order for the few volunteers who offer a bit of their free time and expertise in this forum to assist you in a timely manner, please adhere to our rules and complete the following steps before posting a request for help:***

  1. A - DO NOT Run combofix unless specifically directed to do so by a knowledgeable volunteer. Otherwise, you may be left with an undesirable result and nobody to assist you in repairing the damage.

    B - Please Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum. Rather than write a long piece on the dangers of P2P, I'm just going to say this:
    P2P software circumvents common-sense security measures and opens a user's computer to a world of hurt.
    Our regular volunteers' time is valuable and most are not willing to waste it on a machine that is almost certain to be reinfected in short order.
    So, please remove or disable all P2P software for the duration of the cleaning process. Failure to do so may result in your thread being ignored.

    C - Please endeavor to reply to your thread promptly and to follow all cleaning steps in a timely manner. The reason for this request is twofold:
    o Our volunteers can only address a limited number of threads at a time. If you wait too long to reply, they may move on to helping others and no longer have the free time to devote to your issues.
    o Malware tends to reconstitute itself if not addressed quickly and completely.

  2. Please Download ATF-Cleaner.exe by Atribune (Windows XP, 2K, 2003, 7 & Vista ONLY)

    o You can put ATF-Cleaner on your Desktop for easy access. Leave it for now.

  3. Download DDS by sUBs and save it to your Desktop.
    Just leave it there for now.

  4. Download GMER Rootkit Scanner and save it to your Desktop. (this download will be randomly named in order to avoid detection by malware)
    Just leave it on the Desktop for now.

Now, please begin the Initial Cleaning Process:

Please note that, if you have a 64-Bit Operating System, some of these steps may not be available to you.
If a step gives you trouble, please make a note of it for us and continue on as best you can with the remaining steps.

  1. If your OS is Windows 2000/2003, XP , Vista or Windows 7, please run the Microsoft® Windows® Malicious Software Removal Tool
    **Due to the increasing prevalence of Rootkits, this step is especially important if you do not run this tool regularly when visiting Windows Updates.

  2. If you are able, RUN ATF-Cleaner.exe.
    o Click on ATF-Cleaner to run it
    o Where it says Select Files To Delete, Check the Select All Option
    o Click Empty Selected > OK

    If you use Firefox browser, do this also: Click Firefox at the top and choose Select All from the list.
    Click the Empty Selected button.
    NOTE : If you would like to keep your saved passwords, click No at the prompt.
    If you use Opera browser, do this also: Click Opera at the top and choose Select All from the list.
    Click the Empty Selected button.
    NOTE : If you would like to keep your saved passwords, click No at the prompt.
    Click Exit on the Main menu to close the program.

  3. Please run the GMER Rootkit Scanner.
    (If, for some reason, GMER crashes or will not run, let us know and please continue with the MBA-M and DDS steps below.)

    -- DoubleClick GMER's randomly named .exe file and, if asked, allow the gmer.sys driver to load.
    When GMER opens, it should automatically do a quick scan for rootkits.
    When the quick scan finishes, click the Save Button and save the scanlog to your Desktop as GMER One.log.
    -- If upon running GMER you receive a warning about Rootkit Activity and GMER asks if you want to run a scan, Click NO

    -- Make sure the Rootkit/Malware Tab is selected (Top Left of GMER GUI)
    Along the Right Side of the GMER GUI there will be a number of checked boxes ( GMER GUI ). Please Uncheck the following:

    • Sections
    • IAT/EAT
    • Drives or Partitions other than your Systemdrive (usually C:\)
    • Show All (be sure this one remains Unchecked)

      -- Then, click the Scan Button

      Allow the scan as long as it needs and then click the save button and name the log GMER Two.log and save it to the desktop with the first GMER log.
      *******Disconnect from the internet and do not run any other programs while GMER is scanning. Temporarily disable any real-time anti-spyware or anti-virus protection so they do not interfere with the running of GMER.
      DO NOT take any action for any found items until a volunteer can have a look and advise you further.

  4. Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.
    DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
    Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    If an update is found, it will download and install the latest version.
    Once the program has loaded, select Perform full scan, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.
    Be sure that everything is checked, and click Remove Selected.
    When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

**REBOOT after running MBA-M!***If you are unable to update MBA-M, go to* and download the latest database, then run it.

After the initial cleaning has been completed:

Please take note of any problems that you had with the above instructions and any problems that remain.
When posting your thread requesting assistance, please describe the problem(s) in as much detail as possible.

ALSO, please submit a DDS ScanLog along with your post. Be sure follow the instructions below carefully!
o If your AV has a script blocker, please disable it
o DoubleClick on dds.scr to run the tool
* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt). *

o Copy&Paste both the DDS.txt and the DDS Attach.txt into your post for assistance.

When you post your request for assistance, please be sure to submit (Copy & Paste, not as an attachment unless requested) these requested scanlogs:

o MalwareBytes' Anti-Malware log
o GMER One.log and GMER Two.log
o BOTH DDS ScanLogs (DDS.txt & Attach.txt) **

Please note that responses to threads requesting help may be limited as this is a community forum dependent on the free time and good will of volunteers. Many forums are overwhelmed with requests for help and have few volunteers, so please do not be offended if there are few or no replies to your post.
Also, please be aware that not all of the advice given in an open forum is accurate. Do not be afraid to question any advice you believe to be suspect!

*~ PhilliePhan ~ *
Originally Posted 7-16-2008


Good info and help
Excellent sticky.
Great suggestions

Very informative steps to know.


it is my first visit in a forum ihave some problems with my drivers and i nead some help please.


american meatrends is comin on my pc!!! elp me. mine is an msi notebook. elp please


very good infos..



thanks for the info


thanks for this helpful article


do not know what to say


I'm on my phone , I don't have access to the Internet on my computer I'm sorry I didn't know I would cause a problem I'll get off the service now . I just wanted to learn this is my fault . I can't run a cleanup unless it's an iOS . Sorry to disturb you guys .



Isn't it about time forums rewarded their contributors?

Earn rewards points for helping others. Gain kudos. Cash out. Get better answers yourself.

It's as simple as contributing editorial or replying to discussions labeled or OP Kudos

This is an OP Kudos discussion and contributors may be rewarded
Start New Discussion
View similar articles that have also been tagged: