Open HijackThis and select "Do a system scan only"
Place a check mark next to
O4 - HKLM\..\Run: [10bfcfd3] "rundll32.exe" "C:\WINDOWS\system32\fjygogwf.dll",bClick "Fix checked"
=====
Enable Viewing Of Hidden System Files & Folders1. Right Click
Start.2. Select
Control Panel.3. Select the
Tools menu and click
Folder Options.4. Select the
View Tab.5. Under the Hidden files and folders heading select
Show hidden files and folders.6.
Uncheck the Hide extensions for known file types option.
7.
Uncheck the Hide protected operating system files (recommended) option.
8. Click
Apply.9. Click
OK.Now go to
C:\WINDOWS\system32\fjygogwf.dll and delete the file/folder (if found)
=====
Go to
Start >
Run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit
Enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
=====
Delete any logs and programs like smitfraud and vundofix from the desktop.
=====
Run HijackThis and look for the
C:\WINDOWS\system32\fjygogwf.dll entry. If it is still there let us know.
Other than that the logs are clean.
To learn more about how to protect yourself while on the internet read this article by Tony Klien:
So how did I get infected in the first place?Let us know if anything else comes up.
