READ ME Before Posting A Request For Assistance!

[PhilliePhan]

In order for the few volunteers who offer a bit of their free time and expertise in this forum to assist you in a timely manner, please complete the following steps before posting a request for help:


1 – Please familiarize yourself with the following instructions as you will be asked to perform them at various points in the cleaning process:

• Booting to Safe Mode

• Enabling the Viewing of Hidden Files

• Turning Off (Disabling) System Restore - (Windows ME / XP / Vista Only)

You will need to flush your restore points AFTER the fixing process has been completed to ensure that no malware is preserved. This is done by disabling and then re-enabling System Restore as per the above link.

With the addition of such tools as ComboFix, much of the malware removal process is “automated” these days and the above will be done for you via instructions for these types of tools. Still, it is good to be familiar with these procedures in the event you need to manually track down and remove stubborn malware.


2 – Please Download ATF-Cleaner.exe by Atribune(Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access. Leave it for now.

3 – This step has been temporarily removed while Deckard's System Scanner is being reworked to address problems with a certain malware. Please download and use HijackThis from Trend Micro instead.

Now, please begin the Initial Cleaning Process:

4 – Please look in Add or Remove Programs (Start > Control Panel > Add/Remove Programs) for any suspicious items and note them for us in the event you need to post back for further assistance.


5 – Please Enable the Viewing of Hidden Files. Be sure to uncheck the Hide Protected Operating System Files option! This should be done in the event that we need to track down and manually remove some baddies.


6 – If your OS is Windows 2000/2003, XP or Vista, please run the Microsoft® Windows® Malicious Software Removal Tool
*Due to the increasing prevalence of Rootkits, this step is especially important if you do not run this tool regularly when visiting Windows Updates.


7 – If you are able, RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

• Click Firefox at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, click No at the prompt.

If you use Opera browser, do this also:

• Click Opera at the top and choose Select All from the list.
• Click the Empty Selected button.
• NOTE : If you would like to keep your saved passwords, click No at the prompt.

Click Exit on the Main menu to close the program.

8 – Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

• DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
• Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

9 – Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

• You will need to use Internet Explorer to to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• ESET Online Scanner

• Kaspersky Online Scanner

• Panda Active Scan

• Trend Micro HouseCall

• F-Secure Online Virus Scanner

After the initial cleaning has been completed:

Please take note of any problems that you had with the above instructions and any problems that remain.
Should any malware issues remain, please start a thread requesting assistance. Please describe the problem(s) in as much detail as possible.

ALSO, please submit a HijackThis Log along with your post.

**** Also, please run HijackThis and open the Misc Tools section.

• Under the System Tools section, Click on Open Uninstall Manager and Click Save list.
• Save it to your desktop and then please post this Uninstall List as directed below.

When you post your request for assistance, please be sure to attach these FOUR requested scanlogs:<b>

• MalwareBytes’ Anti-Malware log
• ESET Online Scanner log
• HijackThis Scanlog
• Uninstall List

</b>Please save these Logs as .txt Files and attach them via the "Manage Attachments" tool in the Additional Options section when you post (scroll down).



ADDITIONALLY:
Please note that responses to threads requesting help may be limited as this is a community forum dependent on the free time and good will of volunteers. Also, please be aware that not all of the advice given in an open forum is accurate. Do not be afraid to question any advice you believe to be suspect!


PhilliePhan
Originally Posted 4-07-05
Revamped and Simplified 3-05-08