Print out these instructions, and don't do anything without fully understanding how to step through this proceedure.
If anything is unclear, please ask on this thread for clarification or further instructions, being as specific as possible what the problem might be. If any of the links don't work, please report that, also in this thread, as soon as you are able.
If, while following the steps below, you should get an error message, try to to report just what you and your machine were doing at the time of the error, what, if anything, you did about it, what the results were, and as close to the
EXACT error message you received, not something like "I was doing fine, then all of a sudden I got some sort of error message". Be as specific as possible.
First, update your own resident antivirus and run a full system scan. If you have an expired subscription to a paid antivirus, either renew your subscription, or uninstall the expired version and acquire an antivirus which can be updated to current engine and pattern files. Any of the major name brand applications will work fine. If for some reason you don't wish to pay for a subscription, the following are downloadable free antivirus applications from reputable vendors. The free versions offer adequate basic protection, but will lack certain configuration and convenience features common to paid antivirus apps. Your choice, but whatever, get, update, configure and maintain (per the app's instructions) a current antivirus before going any further, and have it run a full system scan.
AntiVir Free Personal Edition
Avast! 4 Free Home Edition
AVG Free Personal Edition
If you have Ad-Aware SE, HiJackThis, Spybot S&D, or SpywareBlaster installed, I suggest you uninstall them via their own uninstall utilities, or through Add/Remove Programs, and redownload the latest versions. If you are sure you have the latest versions, you can just update them if you wish, and configure them as detailed in their respective sections below ... your call, but I do recommend starting fresh. As for the other tools linked here, if you have any version of them installed, it really is best to uninstall your copy and start fresh, to be sure of having the latest version.
Be certain you have the latest version of
HiJackThis,
and that it is installed to a folder of its own either in your Programs file or directly on your root drive. If you have already installed HiJackThis, be certain its in its own folder, as described, and not a temporary or desktop folder. Launch the application, then, from its splash screen, choose "Miscellaneous Tools", or from the main start page, select "Config", then select "Search for updates online", confirm, and be sure your's is the latest version. Don't run a scan or fix anything yet. When running HiJackThis to scan or fix things, run it from its own folder,
WITH NO OTHER BROWSERS, WINDOWS, FILESHARING, EMAIL, OR MESSAGING APPLICATIONS OPEN OR RUNNING
Go to
Windows Update and check to make certain there are no outstanding Service Packs or high-priority updates for your operating system and/or Internet Explorer.
Download
WinSockFix. The documentation is available in the downloaded file, be sure to read and understand it. You may not need this, but if the repair process disables your internet connectivity, this will get you back on line. Make sure you read and understand the intructions before going any further.
Download
STINGER. Again, just download it right now; we'll use it later. See this
TUTORIAL.
Download, install, and update
Ad-Aware SE Personal. Just install and update it (when the program has installed, click the blue-green "Planet" icon, second from the right at the top of the screen, to run the auto-update function, and follow the prompts to update the application); don't run a scan yet.
When it has updated, click on the orange-ish "Gear Icon" (second-from the left at the top right-hand side of the window) to open the Ad-Aware configuration utility.
Under the "General" tab, all radio buttons should be green; if not, click to activate them.
Click the "Scanning" bar at the left of the page. Under "Drivers, Folders & Files", only the "Scan within archives" button should be green. Under "Memory & Registry", all buttons should be green.
Click the "Advanced" bar. Under "Shell Integration", "Move deleted files to Recycle Bin" should be green, and its your call whether you want to add "Scan with Ad-Aware to Explorer".
Under "Logfile Detail Level", all 3 buttons should be green.
Under "Alternate Data Streams", both buttons should be red.
Skip the "Startup", "Default", and "Interface" bars for now.
Click the "Tweak" bar. Click the plus-sign to open "Scanning Engine". "Unload recognized processes ... ", "Obtain command line ... ", and ""Scan registry for all users ... " should be green, "Run scan as background ...", "Ignore spanned files ...", and "Use permanent ... " may be left red.
Click to open "Cleaning Engine". The first 5 buttons should be green ("Automatically check ...", "Always try ...", "During removal ... ", "Let Windows remove ... ", and "Delete quarantined ..."} should be green, the remaining 3 ("Suppress warning ...", "Suppress progress ..." and "Disable manual ...") should be red.
Skip the remaining bars, click "Proceed", then close Ad-Aware
WITHOUT RUNNING A SCAN.
With Ad-Aware closed, download Ad-Aware's
VX2 Cleaner Plugin, and install it per instructions found on the download page. read the instructions carefully so you'll know how to run the plugin when required. Do not run it, or Ad-Aware, yet; just exit back to your desktop.
Download, install, and update
Spybot S&D. Just install and update it (when it installs, the program will give you the option to "Download all updates" - let it do so), don't run it yet.
READ THE TUTORIAL. When the program has been installed and updated, select "Immunize", click the green "
+" plus-sign symbol at the top of the page to install Spybot's immunization, and follow any prompts. On that same page, click to place a checkmark in the "Browser Helper to block bad downloads ... " button, then, from the dropdown below that, select "Block all bad pages silently". While you have Spybot open it would be a good time to read the tutorial available under the Help file at the top left-hand corner of the page. When done, don't run a scan yet, just close the application.
Download
CWShredder, and unzip it to your desktop, but don't run it yet.
Download
NAILFIX. Just download it and unzip it to a folder on your desktop; don't do anything with it right now.
Download
AboutBuster 5.0, unzip it to a folder on your desktop, and read the accompanying text file. Launch and update the application, but don't run it yet; when the update has completed simply close the application and exit to your desktop.
Download
Cleanup! 4 - be sure to read the FAQ
HERE.
Download
DelDomains.inf. When it has downloaded (should take just a few seconds), click on the file to run it. If the link above displays text instead of downloading the file, then copy & paste the text into notepad and save the file as DelDomains.inf. To use it, right-click and select "Install". Note: This will remove all entries in your "Trusted Zone" and "Ranges".
Download, install, and
update Javacool Software's
SpyWareBlaster. When the update has completed, select "Enable all protection", and exit back to your desktop. SpywareBlaster does not need to be running for its protection to be active, but you should should launch it at least weekly to check for updates. Read the FAQ
HERE
Next, configure Windows Explorer to
Show All Files
Perform at least 2 of the following free online virus scans
(with your own resident antivirus disabled):
Trend Micro Free Online Scan
Panda Free Online Scan
BitDefender Free Online Scan
Symantec Free Online Scan
Kaspersky Free Online Scan
StopSign Free Online Scan
RAV Free Online Scan
McAfee Free Online Scan
IMPORTANT: DISABLE ANY OTHER ANTIVIRUS YOU MAY HAVE ON YOUR MACHINE BEFORE RUNNING ANY OF THE ONLINE SCANS. Also, if you have any popup blocking, adblocking, or actively running antispyware application, disable those as well; they can interfere with online virus scans. Should an online scan report it has detected something it cannot repair or remove, please copy the exact message received and save it to post to your help request thread at the appropriate time.
Make sure your Windows and your programs other than your browser are operating properly, then disable System Restore. Again, be sure everything else works as it should before you do this, as you will remove your previous restore points.
How to Disable/re-enable System Restore, Win ME
Remember this procedure, so you can re-enable System Restore when your machine is finally clean., but do not re-enable System Restore until your system really is clean.
Now,
Boot Into Safe Mode. Most of the following steps are to be carried out in safe mode until the series is completed, or you are advised to reboot normally. If at any time during the process you do reboot, boot back into safemode unless specifically advised for that step to boot normally before proceding with the next step.
Once booted into safemode, locate Stinger and run it, selecting "Fix". The process may take a fair while to complete - be patient, let it run to the end.
Locate "NAILFIX", and click on "Nailfix.cmd". Your desktop and icons will disappear and reappear, and a window should open and close very quickly.
When NAILFIX has run, locate and run AboutBuster 5.0; if either app prompts you to reboot, do so, then go on to the next step, otherwise, don't reboot.
When AboutBuster 5.0 has completed, locate and run CWShredder, selecting the "Fix" option. Don't reboot unless prompted to do so.
Locate and open Cleanup. When it opens, select "Options", set the slider to "Standard Cleanup", click "OK", then click "Cleanup" and let it scan through your system (which will take a few minutes), Cleanup is complete, you should be prompted to reboot. Reboot, back into safemode.
Locate Ad-Aware SE, and launch it. Click the "Add-ons" bar, locate, and run the VX2 Cleaner plugin. When that has been completed, close then relaunch Ad-Aware SE, select "Scan Now", select "Use custom scanning options", select "Next", and allow the scan to complete - which could take a good long while. When it has completed, have it fix all it has found, then close the application. If it requests permission to run again on reboot, permit it and reboot normally, allowing it to run, have it fix whatever, if anything it found, then reboot back into safe mode.
Locate and launch Spybot S&D, click "Check for problems", and be patient while it scans. Allow it to fix anything it finds that it lists in red. If it requests permission to run again on reboot, permit it and reboot normally, allowing it to run, have it fix whatever, if anything it found and listed in red, then reboot back into safe mode.
When Spybot S&D has finished, run Cleanup once more. When Cleanup has finished,
BOOT NORMALLY, not into safemode. Do not connect to the internet yet, and do not re-enable System Restore.
Disable your resident antivirus if not still disabled, then run full system scans Ad-Aware and Spybot S&D, allowing each to fix whatever, if anything, needs fixing.
Run Cleanup once more, then reboot into safe mode again. Close all running applications, and run HiJackThis
WITH NO OTHER BROWSERS, WINDOWS, FILESHARING, EMAIL, OR MESSAGING APPLICATIONS OPEN OR RUNNING.
Place a checkmark next to any of these, if found:
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR52.DLL 3dfxCmn.dll,CMNUpdateOnBoot
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\SYSTEM\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [qt5k36V] QDVMG32.EXE
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O14 - IERESET.INF: START_PAGE_URL=http://cgi.verizon.net/bookmarks/bmredir.asp?region=westbw=dslcd=4.0bm=ho_home
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\PROGRAM FILES\CAS\CLIENT\CASMF.DLL
and click "Fix".
Run Cleanup once more, then reboot back into safe mode.
Go to Start>Settings>Control Panel >Add/Remove Programs. If you find entries for Virtual Bouncer or Wintasks, remove them. Reboot into safe mode.
Using Windows Explorer - right-click "My Computer", select "Explore" then select your "C:\" drive folder, from that folder's toolbar, select View > Toolbars > Address Bar, in the address bar, type the desired path (for instance:
C:\WINDOWS\System\ or
C:\Windows\Program Files), click "Go", then locate the designated file or folder - look for and delete if found:
PSof1.exe which if present will be found in C:\WINDOWS\System32\ or C:\WINDOWS\System\
<--- Delete just the specific file, not the folder in which it resides
exp.exe which if present will be found in C:\WINDOWS\System32\ or C:\WINDOWS\System\
<--- Delete just the specific file, not the folder in which it resides
wintask.exe which if present will be found in C:\WINDOWS\System32\ or C:\WINDOWS\System\
<--- Delete just the specific file, not the folder in which it resides
AUNPS2.DLL which if present will be found in C:\WINDOWS\System32\ or C:\WINDOWS\System\
<--- Delete just the specific file, not the folder in which it resides
Now, still with Windows Explorer, look for and if found delete
C:\WINDOWS\cfgmgr52.dll.
<--- Delete just the specific file, not the folder in which it resides
The entire folder C:\Program Files\VBouncer\
<--- Delete the entire folder
The entire folder C:\PROGRAM FILES\CAS\
<--- Delete the entire folder
Reboot back into safe mode, and run CWShredder, Ad-Aware SE, and Spybot S&D once more, letting each fix whatever is necessary.
Run Cleanup once more, and reboot normally. Run a fresh HJT scan, this time just saving the log. Now, reconnect to the internet (use WinsockFix if you cannot connect), navigate to this A2K yuckware help thread, and post the new HJT log. Also include any error messages or "could not fix" reports you may have received. Do not re-enable System Restore yet; we may not be done.
Stumble It!
Tweet This
Bookmark on Delicious
Share on Facebook
Share on MySpace