Hello and welcome to
Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.
1. I will be working on your
Malware issues. This
may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please
DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the
shift key down while inserting the USB storage device for about
10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*******************************
Please download and run the below tool named Rkill
(courtesy of BleepingComputer.com) which may help allow other programs to run.
Save
Rkill to your desktop.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose
Run as Administrator You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.exeRkill.comRkill.scrRkill.pifOnce you've gotten one of them to run then try to
immediately run the following.
Now download and Run exeHelper. Please download
exeHelper from Raktor to your desktop. Double-click on
exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the
log.txt file to your next message.Note: If the window shows a message that says
"Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
***************************************
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!Download
SuperAntispyware Free Edition (SAS)* Double-click the icon on your desktop to run the installer.
* When asked to
Update the program definitions, click
Yes* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the
Preferences button.
•Under
Start-Up Options uncheck
Start SUPERAntiSpyware when Windows starts
* Click the
Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•
Please leave the others unchecked•Click the
Close button to leave the control center screen.
* On the main screen click
Scan your computer* On the left check the box for the drive you are scanning.
* On the right choose
Perform Complete Scan* Click
Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click
OK* Make sure everything in the white box has a
check next to it, then click
Next* It will quarantine what it found and if it asks if you want to reboot, click
Yes•To retrieve the removal information please do the following:
•After
reboot, double-click the
SUPERAntiSpyware icon on your desktop.
•Click
Preferences. Click the
Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably
Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*
Copy and Paste the log in your post.
************************************
Please download Malwarebytes Anti-Malware from
here.
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.*****************************************
Download
Security Check by screen317 from one of the following links and save it to your desktop.
Link 1Link 2* Unzip
SecurityCheck.zip and a folder named
Security Check should appear.
* Open the
Security Check folder and double-click
Security Check.bat* Follow the on-screen instructions inside of the black box.
* A
Notepad document should open automatically called
checkup.txt* Post the contents of that document in your next reply.
Note: If a security program requests permission from
dig.exe to access the Internet, allow it to do so.
