1A – Please
Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum.
2 – Please Download
ATF-Cleaner.exe by Atribune (Windows XP, 2K, 2003, 7 & Vista ONLY)
• You can put ATF-Cleaner on your Desktop for easy access. Leave it for now.
3 – Download
DDS by sUBs and save it to your
Desktop.
• Just leave it there for now.
4 – Download
GMER Rootkit Scanner and save it to your
Desktop. (this download will be randomly named in order to avoid detection by malware)
• Just leave it on the Desktop for now.
Now, please begin the Initial Cleaning Process:
***
Please note that, if you have a 64-Bit Operating System, some of these steps may not be available to you.
If a step gives you trouble, please make a note of it for us and continue on as best you can with the remaining steps.
5 – If your OS is
Windows 2000/2003, XP , Vista or Windows 7, please run the
Microsoft® Windows® Malicious Software Removal Tool
*Due to the increasing prevalence of
Rootkits, this step is especially important if you do not run this tool regularly when visiting Windows Updates.
6 – If you are able, RUN
ATF-Cleaner.exe.
• Click on
ATF-Cleaner
to run it
• Where it says
Select Files To Delete
, Check the
Select All
Option
• Click
Empty Selected
>
OK
If you use Firefox browser
, do this also:
- Click
Firefox
at the top and choose
Select All
from the list.
- Click the
Empty Selected
button.
- NOTE
: If you would like to keep your saved passwords, click
No
at the prompt.
If you use Opera browser
, do this also:
- Click
Opera
at the top and choose
Select All
from the list.
- Click the
Empty Selected
button.
- NOTE
: If you would like to keep your saved passwords, click
No
at the prompt.
Click
Exit
on the Main menu to close the program.
7– Please run the
GMER Rootkit Scanner.
(If, for some reason, GMER crashes or will not run, let us know and please continue with the MBA-M and DDS steps below.)
-- DoubleClick GMER’s randomly named .exe file and, if asked,
allow the gmer.sys driver to load.
*
When GMER opens, it should automatically do a quick scan for rootkits.
When the quick scan finishes, click the Save Button and save the scanlog to your Desktop as
GMER One.log
.
-- If upon running GMER you receive a warning about Rootkit Activity and GMER asks if you want to run a scan, Click
NO
-- Make sure the
Rootkit/Malware Tab is selected (Top Left of GMER GUI)
Along the Right Side of the GMER GUI there will be a number of checked boxes (
GMER GUI). Please
Uncheck the following:
- Sections
- IAT/EAT
- Drives or Partitions
other than your Systemdrive (usually
C:\)
- Show All (
be sure this one remains Unchecked)
-- Then, click the
Scan Button
Allow the scan as long as it needs and then click the
save button and name the log
GMER Two.log and save it to the desktop with the first GMER log.
***
Disconnect from the internet and do not run any other programs while GMER is scanning. Temporarily disable any real-time anti-spyware or anti-virus protection so they do not interfere with the running of GMER.
DO NOT
take any action for any found items until a volunteer can have a look and advise you further.
8 – Please download
Malwarebytes' Anti-Malware (MBA-M) to your Desktop.
- DoubleClick
mbam-setup.exe
and follow the prompts to install MBA-M.
- Be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and
Launch Malwarebytes' Anti-Malware
, then click
Finish
.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select
Perform full scan
, then click
Scan
.
- When the scan is complete, click
OK
, then
Show Results
to view the results.
- Be sure that everything is checked, and click
Remove Selected
.
- When MBA-M finishes, Notepad will open with the log.
Please save it where you can find it easily
. The log can also be opened by going to
Start
>
All Programs
>
Malwarebytes' Anti-Malware
>
Logs
>
log-
date
.txt.
REBOOT
after running MBA-M!
If you are unable to update MBA-M, go to http://www.gt500.org...es/database.jsp and download the latest database, then run it.
After the initial cleaning has been completed:
Please take note of any problems that you had with the above instructions and any problems that remain.
When posting your thread requesting assistance, please describe the problem(s) in as much detail as possible.
ALSO, please submit a
DDS ScanLog along with your post. Be sure follow the instructions below carefully!
• If your AV has a script blocker, please disable it
• DoubleClick on
dds.scr
to run the tool
* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the
TWO
resulting logs (DDS.txt & Attach.txt).
• Copy&Paste
both
the
DDS.txt
and the
DDS Attach.txt
into your post for assistance.
When you post your request for assistance, please be sure to submit (Copy & Paste, not as an attachment unless requested) these requested scanlogs:
•
MalwareBytes’ Anti-Malware log
•
GMER One.log and GMER Two.log
•
BOTH DDS ScanLogs (DDS.txt & Attach.txt)
