Please see
THIS TOPIC.
Before doin' anything else, you should fully update your Windows, place the latest available version of HJT into a folder of its own on your root drive, and perform all of the preliminary downloads, application updates, and scans as listed in that topic. The removal advice to come will be offered with the assumption that all that has been done accordin' to instructions, and will not be effective if that is not the case.
Once that's been done, here's what I'd suggest to start with.
1) Print out these instructions and get all the suggested downloads before starting with this, as you will have to disconnect from the internet durin' the cleanup. These steps should be taken in order listed. This first procedure is "Broad Spectrum". It will solve many if not most problems, and provide you with tools to aid in the prevention of future infection. Once this runthrough has been completed, things get easier - sorta. There will be less to do per runthrough, but the critters we'll be goin' after once this procedure has been done will be the sneakier, trickier, nastier buggers. We'll likely get 'em, but its gonna take time, effort, and attention to detail. There's quite a bit more to gettin' rid of yuckware than there is to gettin' it.
First, a few basic set-up things. Be sure you understand what to do and how to do it before tryin' it. If you have any questions, ask first. These all are safe if used correctly, but improper use of some can cripple your system. Again, if you're unsure, please
ASK!
2) Make sure your Windows is operatin' properly apart from your browser issues. Turn off System Restore. Right-click the "My Computer" icon on your desktop and click "Properties". Click the "System Restore" tab, select "Turn off System Restore", click Apply > Yes > OK. Doing this will remove your saved restore points, so be sure Windows itself is operatin' satisfactorily. When the cleanup has been completed, re-enable System Restore by followin' the same procedure. Then, set a fresh restore point and reboot.
DO NOT RE-ENABLE SYSTEM RESTORE UNTILL THE ENTIRE CLEANUP PROCESS HAS BEEN COMPLETED!.
There may - most likely will - be steps required beyond those listed in this post.
3) Some of the procedures to follow need to be carried out in Safe Mode. To enter safe mode, restart your computure, then when the machine begins to boot up, start tapping the "F8" key. The machine may complain with a few beeps, but ignore that. You should eventually be presented with a black-abnd-white boot option screen. Using your keyboard's up/down arrows, select the option named simply "Safe Mode", then hit "Enter". If this method does not work for you, consult your computer's documentation or vendor's website support pages for instructions specific to your machine.
4) Many of the required dowloaded applications should be placed in folders of their own on your root drive, the one on which Windows resides. Open "My Computer, then locate your root drive folder, usually "Local Drive ( C: )", click-to-open that folder, select "File" from that folder's toolbar, select "New", then select "Folder", and name the new folder as would be appropriate for the download to go into it. The recommended applications should not be downloaded to or run from Desktop or Temporary folders.
5)It probably will be necessary to hunt around deep within Windows. Enable Explorer to view all files. Open "My Computer", click "Tools", select "Folder Options", and click the "View" tab. Place a check mark in the following boxes:
"Display the contents of system folders"
"Display full path in address bar"
Under "Hidden Files and folders" select the "Show hidden files and folders" button
Uncheck the following boxes:
"Hide extensions for known file types"
"Hide protected operating system files" (Recommended)"
Click "Yes" to confirm, Click "Apply", then click "OK" . Close the folder.
6) Enable "Search to search all files and folders. Click Start>Search, under "What do you want to search for?" select "All files and folders", then select "More advanced options, and make sure the 1st 3 boxes, "Search ssystem folders", "Search hidden files and folders", and "Search subfolders" are checked, then close the application; it should "remember" those settin's.
**** IMPORTANT: When running the scans and fixes, do so with no other windows, browsers, mail, or chat/messaging clients open, and with no other applications running. Also, before running any of the scans, disable any antivirus, popup/ad blocking, and antispyware applications you may have on your machine. Such applications can interfere with the some of the tools we're using. Re-enable these when the scan or fix has been completed. ****
7) Now, with the basic setup stuff out of the way, download
LSP-Fix. Just download it to a folder you will be able to find easily later, either on your root drive or in your Programs folder, as you prefer. It may or may not be needed, but if it is necessary, you'll have it. Removal of some yuckware can prevent you from accessing the internet. In the event this happens, you will need to run LSP-Fix to repair things. If after performin' a repair operation you find yourself unable to connect, run LSP Fix, followin' the onscreen prompts, and you should be able to get on line again.
8) Download to a folder of its own either on your root drive or in your Programs folder, as you prefer, Gibun Software's
Move On Boot. This will not be used yet, just downloadload it. If and when it is needed, exact instructions for its use
WITH SPECIFIC FILES OR FOLDERS will be provided as applicable.
9) Download
Cleanup. Again, just save it to an easilly findable folder either on your root drive or in your Programs folder. We will use this, probably frequently, but not just yet.
10) Run the
Microsoft Malicious Software Removal Tool, then download and install, into a folder of its own, preferably in your Programs folder,
11) Microsoft Windows Antispyware. Before runnin' it, click its "Advanced Options" icon, then click the "Browser Hijack Restore" icon. At the bottom of the page that will open, click "Select All", then click "Restore". Go back up to the top of the page, click "File", and click "Check for updates". When that's been done, disconnect from the internet, then click "Spyware Scan". Click "Scan options", and see to it that "Full system scan" is selected, and that all 3 boxes underneath it are checked; "Scan Memory", "Scan drives/folders", and "Deep scan folders". Also check to be sure that "Scan drives/folders" is configured to scan your entire root drive (click the little folder icon; your root drive - "
(C)" - should be selected). Finally, click "Run Scan Now" and let it run to completion, followin' whatever prompts or instructions - if any - it might pop up.
12 Download JavaCool Software's
SpywareBlaster into a folde of its own, either in your Programs folder or directly on your root drive as you prefer. Install it, then click "Updates", and click the "Check for Updates" bar on the next page. When the update has been completed, click "Back", then click "Enable All Protection", and close the application.
13) Open AdAware and have it check for updates by clicking the blue-ish globe icon at the upper right of the page and following the onscreen prompts. When the update process has been completed, click the grey-ish "Gear" icon to open AdAware's Configuration and Settings utility.
On the first tab, "General", be sure all 3 buttons in the top panel, "Safety", are green and checkmarked. Next, from the lefthand colum, select "Scanning". Be sure the 1st 2 buttons in the top panel, "Drives, folders, & files", are green and checkmarked. The 3rd button, "Skip files larger than ... ", should be red and display an "x". If any button is not as it should be, click to change its setting.
Under "Select drives and folders to scan", be certain AdAware is configured to scan your entire root drive (the drive on which Windows resides, usually "C".
In the bottom panel, "Memory & Registry", all buttons should be green and checked.
From the lefthand column, select "Advanced". In the first 2 panels, all buttons should be green and checked. In the bottom panel, "Alternate Data Streams", both buttons should be red and display an "x"
From the lefthand panel, select the last option, "Tweak". In the righthand panel, select the 1st option, "Scanning Engine" to open its tree. The 3rd button, "Run scan as background ... etc", should be red and display an "x", all other buttons should be green and checked.
Click "Cleaning Engine" to open its tree. The first 5 buttons should be green and checked, the last 3 should be red and display an "x".
Click "Proceed" to save the settings, but do not run an AdAware scan yet, just close the application.
14) Next, go to LavaSoft and download
AdAware VX2Cleaner Plugin[/i][/u]. Read, understand, and follow the directions on that page to install the plugin. Don't run it yet, but be sure you know how to. Close AdAware if it is open.
15) Open Spybot Search & Destroy, select "Mode" from its toolbar, and select "Advanced". Have it check for and install updates. When the update procedure has completed, select "Immunize", then click the green "
+" icon to install Spybot's immunization. In the lower pane, select "Enable permanent blocking of bad addresses in Internet Explorer", then from the dropdown, select "Block all bad pages silently"
Next, select "Tools", and place checkmarks in "Resident", "ActiveX", "BHOs", "Browser Pages", and "Hosts File". Double-click "Hosts File" then click the green "
+" icon to install Spybot's Hosts file.
Select "Settings", then select the "Settings' icon. Under Main Settings", place check marks next to:
"I do know all that legal stuff" (check that even if you don't :wink:)
"Save All Settings"
"Create backups of fixed spyware problems ... "
"Create backups of fixed system ... "
"Create system restore point when fixing spyware/usage tracks (Win XP only)"
"Create System restore point when fixing system internals (Win XP only)"
Then close Spybot S&D.
16) Create a folder on your root drive named "Sysclean". Download Trend Micro's
Sysclean Package to that folder. Into the same folder, download the
Latest Pattern File. This will be a compressed folder; extract the contents. When you have done so, the Sysclean folder should contain 3 items: a folder named "
lpt528", a compressed folder named "
lpt.528.zip", and the application "
sysclean.com". Move
sysclean.com into the
lpt528 folder.
17) Reboot into safe mode, find and open the
lpt528 folder, then click
sysclean.com to run the application. When it has completed, note the full path and name of all files it says it could not clean or delete, if any. Save that list, if there is one, for later use.
18) Still in safe mode, open AdAware, and run the VX2 Cleanup plugin, followed by an AdAware system scan, being sure the "Use custom scanning options" button is checked, and have AdAware fix whatever, if anything, it finds. Reboot normally, but do not connect to the internet, and run another full AdAware scan, again fixing whatever, if anything, it finds. If AdAware asks to run again on boot, let it do so. Boot normally; AdAware should be the first thing that runs. Fix whatever, if anything, it finds. If it did not ask to run again on boot, reboot normally, do not connect to the internet, and run another Adware scan, and again fix whatever, if anything, is found. When it has completed, reboot into safe mode once again.
19) While in safemode, open Spybot S&D, run a scan, and fix anything it finds and lists in red. Again, if it asks to run again on boot, let it do so, booting normally. Spybot should be the first thing that runs. Again, fix anything found and listed in red. If it did not ask to run at boot, reboot normally, do not connect to the internet, and run another full scan, again fixin anything found and listed in red. When finished, reboot into safe mode once more.
20) Now, run Cleanup, and reboot, normally, when it prompts you to. Run a new HJT scan immediately followin' bootup, connect to the internet, and post the fresh log to this thread, along with any lists of stuff any of the applications said they could not clean or delete.
Stumble It!
Tweet This
Bookmark on Delicious
Share on Facebook
Share on MySpace