Computer Hope

Software => Computer viruses and spyware => Topic started by: evilfantasy on November 09, 2007, 10:57:13 PM

Title: IMPORTANT: Read this before requesting malware removal help
Post by: evilfantasy on November 09, 2007, 10:57:13 PM

Computer Hope Virus and Spyware section Guidelines

First of all, welcome to Computer Hope.

Unfortunately, you have landed here because of an infection of some sort. We wish the circumstances would have been better, but it is what it is.

There are some things we require of you first so that the cleanup process is hopefully both fast and efficient:

Please follow ALL steps as outlined to you in the order they are requested. This may not make immediate sense to you, but it is done for a reason...a quick efficient resolution to your problems.
Under no circumstances should you attempt to fix things by following another log and doing it yourself. This can only lead to more problems and possibly an un-bootable system. Every machine and every infection is unique and this method will only cause more problems.
If this is a machine at your place of Business, we need to be informed beforehand. This is also not negotiable and we will not be responsible should you fail to do so.
We also request patience. The Experts here are Volunteers and are not here 24/7. This is not a live session either. If it takes a few hours or overnight for them to get back to you, trust me it is worth the wait. See here why not to bump your thread (http://www.computerhope.com/forum/index.php/topic,69848.0.html). And once you have been given the all-clear, be sure to stick around until your Helper clearly concludes the issue, as they may have some additional steps and advice for you to follow. Just because you have been cleaned of an infection, that doesn't always mean the work is over.
Only advice that is okay in this forum is ones from Malware Removal Specialists. We are not responsible if you take potentially inaccurate/harmful advice from someone who is not a designated helper. Anyone interested in joining the crew must have a good amount of experience and submit references to CBMatt (http://www.computerhope.com/forum/index.php?action=profile;u=361) (Chris) or Evil Fantasy (http://www.computerhope.com/forum/index.php?action=pm;sa=send;u=37166) in a PM. References will be checked. Others posting advice without approval are subject to have their posts removed immediately as the wrong advice is too risky.
And last but not least, please remember after you have left the World of Despair you were in a, simple Thank You to the Experts is always a nice touch. If we've helped, feel free to recommend us.

Title: Malware Removal Guide
Post by: evilfantasy on November 20, 2007, 10:13:00 AM

Updated November 17, 2016, updated all canned speeches and modified overall format.

Malware Removal Steps

Below are steps to begin the malware removal process. The steps will produce three logs which are requested to be added in your post.

* Important: Work the steps in order.
* If you don't understand a step stop and ask!
* Keep all questions/replies in the same thread.
* Continue to respond until given the all clear.
* Be patient: Malware removal can be just as time consuming and stressful for us as it is for you.
* Remember: Just because the symptoms may be gone does not promise that all of the malware is. It is strongly suggested to continue in posting all requested logs until given the all clear. You will then receive final cleanup steps specific to your PC, links to programs and advice to help you prevent infections in the future.

If for some reason you cannot perform one of the steps, move on to the next step and make note of what happened when posting your logs.

Spybot Users

Remove Spybot S&D

It is recommended that you uninstall Spybot S&D, as it is no longer capable of detecting the latest threats. Much better anti-malware solutions exist, and those will be pointed out later.

Step 1: House Cleaning

CCleaner Temporary Files Cleaning

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner (http://www.piriform.com/ccleaner)

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

Double-click the CCleaner shortcut on the desktop to start the program.
A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Step 2: AdwCleaner

Please download Malwarebytes' AdwCleaner (https://www.malwarebytes.com/adwcleaner/) onto your Desktop.

Double click on AdwCleaner_xxxx.exe to run the tool.
Click on Scan.
After done scanning, please hit Logfile. Locate the logfile in the Scan tab, double-click on it, copy the information inside of it, and paste it into your next reply.
You can find the logfile at C:\AdwCleaner[Sx].txt as well.

Step 3: Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here (https://www.malwarebytes.org/mwb-download).

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.

Please give details. Just posting the logs in many instances is not enough information for us.

Post the logs in the Virus and spyware removal (http://www.computerhope.com/forum/index.php/board,53.0.html) forum.

Logs needed:

- AdwCleaner
- Malwarebytes' Anti-Malware

Please copy and paste the logs directly into the reply unless specifically requested by your helper

Illegal software

Computer Hope does not support illegal activity. We do not support the use of any pirated or otherwise illegal software including Windows itself. If you install the cracked software, you are running executable files from unknown sources. You are in effect giving unknown sources access to information on your hard disk and potentially giving complete control over the operation of your computer.

* We will NOT help anyone pirate anything or help to make the system work with pirated software. But if you mess up your computer in the process, we will help you fix it.
* Uninstall any cracked applications before posting for help.
* You may be asked to uninstall any P2P or File Sharing programs during the removal process if they are believed to be the source of the problem.
* We will discontinue help if you refuse to remove any cracked (illegal) program.