Please only use the fixes in this thread if you know what you are doing, if you get stuck during the fix please make a new topic here asking for help.

Here's how to configure the new Ewido to correctly scan and fix. Also, here's the new canned for anybody that wants it:

Please download and install ewido anti-spyware tool

Close all other Applications
Select language click OK
Click I Agree
Click next
Click Install
Click Finish
Wait.
Ewido will open main screen automatically.
Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.

This in very important to get updates

When updating has finished, Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

Next, please reboot your computer in Safe Mode by doing the following:

Restart your computer.
After hearing your computer beep once during startup, but before the Windows icon appears, press F8
Instead of Windows loading as normal, a menu should appear use arrow up to highlight
Select the first option, to run Windows in Safe Mode hit enter.
For additional help in booting into Safe Mode, see this site: HERE

You MUST manage to get into Safe Mode for the fix to work

Make sure to close all open windows/programs/folders.
Have nothing else open while ewido performs its scan!
Open Ewido
Click on scanner top of Ewido sceen
Click on Settings[/b]
Under How to Act click on Recommended Action
Choose Quarantine
Under How to scan all boxes should be selected
Under Possibly unwanted software all boxes should be selected
On right side under Reports: click on Automatically generate report after every scan.
Under What to scan select scan every file
Click On scan Tab
Click on Complete system scan
Let the program scan the machine It can take a while give it time.
When scan has finished At bottom of screen click Apply all Actions
Click Save report
Click Save Report as (Save as window's screen should pop up.)
Click desktop
Click Save
Exit ewido

Reboot back to normal mode

Please download and install ewido anti-spyware tool

Close all other Applications
Select language click OK
Click I Agree
Click next
Click Install
Click Finish
Wait.
Ewido will open main screen automatically.
Wait again a few minutes and Ewido Should Auto update itself.
If it doesn't click update at top of screen.

This in very important to get updates

When updating has finished Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

Next, please reboot your computer in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear use arrow up to highlight
Select the first option, to run Windows in Safe Mode hit enter.
For additional help in booting into Safe Mode, see this site: HERE

You MUST manage to get into Safe Mode for the fix to work

Make sure to close all open windows/programs/folders.
Have nothing else open while ewido performs its scan!
Open Ewido
Click on scanner top of Ewido sceen
Click on Settings[/b]
Under How to Act click on Recommended Action
Choose Quarantine
Under How to scan all boxes should be selected
Under Possibly unwanted software all boxes should be selected
On right side under Reports: click on Automatically generate report after every scan.
Under What to scan select scan every file
Click On scan Tab
Click on Complete system scan
Let the program scan the machine It can take a while give it time.
When scan has finished At bottom of screen click Apply all Actions
Click Save report
Click Save Report as (Save as window's screen should pop up.)
Click desktop
Click Save
Exit ewido

And here's the Ewido/CCleaner combination

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

  1. Close all programs so that you are at your desktop.
  2. Double-click on the "My Computer" icon.
  3. Select the "Tools" menu and click "Folder Options".
  4. After the new window appears select the "View" tab.
  5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
  6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
  7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
  8. Remove the checkmark from the checkbox labeled "Hide protected operating system files".
  9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
  10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

**C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch
**

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.

Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.

Now you're ready for Ewido.

Please download and install ewido anti-spyware tool

Close all other Applications
Select language click OK
Click I Agree
Click next
Click Install
Click Finish
Wait.
Ewido will open main screen automatically.
Wait again a few minutes and Ewido Should Auto update itself.
If it doesn't click update at top of screen.

This in very important to get updates

When updating has finished Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

Next, please reboot your computer in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear use arrow up to highlight
Select the first option, to run Windows in Safe Mode hit enter.
For additional help in booting into Safe Mode, see this site: HERE

You MUST manage to get into Safe Mode for the fix to work

Make sure to close all open windows/programs/folders.
Have nothing else open while ewido performs its scan!
Open Ewido
Click on scanner top of Ewido sceen
Click on Settings[/b]
Under How to Act click on Recommended Action
Choose Quarantine
Under How to scan all boxes should be selected
Under Possibly unwanted software all boxes should be selected
On right side under Reports: click on Automatically generate report after every scan.
Under What to scan select scan every file
Click On scan Tab
Click on Complete system scan
Let the program scan the machine It can take a while give it time.
When scan has finished At bottom of screen click Apply all Actions
Click Save report
Click Save Report as (Save as window's screen should pop up.)
Click desktop
Click Save
Exit ewido

Reboot back to normal mode

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

  1. Close all programs so that you are at your desktop.
  2. Double-click on the "My Computer" icon.
  3. Select the "Tools" menu and click "Folder Options".
  4. After the new window appears select the "View" tab.
  5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
  6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
  7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
  8. Remove the checkmark from the checkbox labeled "Hide protected operating system files".
  9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
  10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

**C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch
**

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.

Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.

Now you're ready for Ewido.

Please download and install ewido anti-spyware tool

Close all other Applications
Select language click OK
Click I Agree
Click next
Click Install
Click Finish
Wait.
Ewido will open main screen automatically.
Wait again a few minutes and Ewido Should Auto update itself.
If it doesn't click update at top of screen.

This in very important to get updates

When updating has finished Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

Next, please reboot your computer in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear use arrow up to highlight
Select the first option, to run Windows in Safe Mode hit enter.
For additional help in booting into Safe Mode, see this site: HERE

You MUST manage to get into Safe Mode for the fix to work

Make sure to close all open windows/programs/folders.
Have nothing else open while ewido performs its scan!
Open Ewido
Click on scanner top of Ewido sceen
Click on Settings[/b]
Under How to Act click on Recommended Action
Choose Quarantine
Under How to scan all boxes should be selected
Under Possibly unwanted software all boxes should be selected
On right side under Reports: click on Automatically generate report after every scan.
Under What to scan select scan every file
Click On scan Tab
Click on Complete system scan
Let the program scan the machine It can take a while give it time.
When scan has finished At bottom of screen click Apply all Actions
Click Save report
Click Save Report as (Save as window's screen should pop up.)
Click desktop
Click Save
Exit ewido

Reboot back to normal mode

Recommended Answers

All 6 Replies

Here's a basic set of instructions for configuring and running CCleaner. Below it will be the canned message.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

  1. Close all programs so that you are at your desktop.
  2. Double-click on the "My Computer" icon.
  3. Select the "Tools" menu and click "Folder Options".
  4. After the new window appears select the "View" tab.
  5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
  6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
  7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
  8. Remove the checkmark from the checkbox labeled "Hide protected operating system files".
  9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
  10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.

Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

  1. Close all programs so that you are at your desktop.
  2. Double-click on the "My Computer" icon.
  3. Select the "Tools" menu and click "Folder Options".
  4. After the new window appears select the "View" tab.
  5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
  6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
  7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
  8. Remove the checkmark from the checkbox labeled "Hide protected operating system files".
  9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
  10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.

Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.

Here is the basic set of instuctions used to run VundoFix, which is used to remove Vundo, and some of its variants.

Please download http://www.atribune.org/ccount/click.php?id=4 VundoFix.exe to your desktop.
[ ]Double-click VundoFix.exe to run it.
[ ]Put a check next to Run VundoFix as a task.
[ ]You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
[ ]When VundoFix re-opens, click the Scan for Vundo button.
[ ]Once it's done scanning, click the Remove Vundo button.
[ ]You will receive a prompt asking if you want to remove the files, click YES
[ ]Once you click yes, your desktop will go blank as it starts removing Vundo.
[ ]When completed, it will prompt that it will shutdown your computer, click OK.
[ ]Turn your computer back on.
[ ]Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Here is the basic set of instructions used to run Look2Me-Destroyer, which is used to remove the common Look2Me infection.

Please download http://www.atribune.org/ccount/click.php?id=7] Look2Me-Destroyer.exe to your desktop.
[ ]Close all windows before continuing.
[ ]Double-click Look2Me-Destroyer.exe to run it.
[ ]Put a check next to Run this program as a task.
[ ]You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
[ ]When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
[ ]Once it's done scanning, click the Remove L2M button.
[ ]You will receive a Done Scanning message, click OK.
[ ]When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
[ ]Your computer will then shutdown.
[ ]Turn your computer back on.
[ ]Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

Here's instructions for correctly setting Adaware:

Please do the following: Download, install, update, configure, and run Ad-Aware SE Personal 1.06.

Download Ad-Aware SE Personal 1.06:
Download Ad-Aware SE Personal.
Save aawsepersonal.exe to a convenient location (eg. the Desktop).

Install Ad-Aware SE Personal
Double-click on aawsepersonal.exe to install the program.
Follow the default settings for installation.
After the program has finished installing, uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.

Update Ad-Aware SE Personal
Double-click the Ad-Aware SE Personal icon on your Desktop.
Click "Check for updates now" then click "Connect".
It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".

Configure Ad-Aware SE Personal
Click on the Gear button at the top of the window.
Click "General" on the left hand side to display the General Settings box.
Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
"Automatically save logfile"
"Automatically quarantine objects prior to removal"
"Safe Mode (always request confirmation)"
"Prompt to update outdated definitions" - change to 7 days from the default 14.

Click "Scanning" on the left hand side to display the Scan Settings box.
Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
"Scan within archives"
"Select drives & folders to scan" - select your hard drive(s).
"Scan active processes"
"Scan registry"
"Deep-scan registry"
"Scan my IE favorites for banned URLs"
"Scan my Hosts file"

Click "Advanced" on the left hand side to display the Advanced Settings box.
Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
"Move deleted files to Recycle Bin"
"Include additional object information"
"Include negligible objects information"
"Include environment information"

Click "Defaults" on the left hand side to display the Default Settings box.
Make sure the following items have your preferred settings in them.:
"Default homepage"
"Default searchpage"

Click "Tweak" on the left hand side to display the Tweak Settings box.
Click the + (plus) sign next to the Log Files section. This will expand the section.
Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
"Include basic Ad-Aware settings in log file"
"Include additional Ad-Aware settings in log file"
"Include reference summary in log file"
"Include alternate data stream details in log file"

Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
"Unload recognized processes & modules during scan"
"Scan registry for all users instead of current user only"
"Obtain command line of scanned processes"

Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
"Always try to unload modules before deletion"
"During removal, unload Explorer and IE if necessary"
"Let Windows remove files in use at next reboot"
"Delete quarantined objects after restoring"

Once you are done with these settings, click "Proceed" to save them.
This will take you back to the main screen.

Run Ad-Aware SE Personal
Click the "Start" button.
Uncheck the "Search for negligible risk entries" entry.
Choose the "Use custom scanning options" scan mode.
Click the "Next" button.
Ad-Aware will begin to scan for malware residing on your computer.
Allow the scan to finish.
Right-click on any entry in the list and click "Select All" to select the whole list.
Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.

Here's the handy AIM fix:

  1. Please download AIMFix from here.
  2. Run the program
  3. REBOOT your system
  4. Post back a new HJT log

Thanks.

Here's the canned for a 'Nail' infection:

Step 1.

Begin by downloading Ewido Security Suite.

Install ewido security suite
When installing, under "Additional Options" uncheck..
Install background guard
Install scan via context menu

Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.
On the left hand side of the main screen click Update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display "Update successful"

Now, close the program WITHOUT scanning.

Step 2.

Next, download Nailfix and unzip it to the desktop, but DO NOT run it yet.

Step 3.

Then, reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

Once in Safe Mode, double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then, run Ewido, and run a full scan. Save the logfile from the scan.

Next, open HJT and place checks next to the following:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe]

Now, Close all open windows except for HJT and click 'Fix Checked.'

Restart your computer in normal mode.

Post back here with a new HJT log, as well as the log from the Ewido scan.

Thanks.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.