Updated Yuckware removal - Feb '07

PLEASE DO NOT POST HELP REQUESTS TO THIS TOPIC; THEY WILL BE IGNORED AND/OR DELETED

If you notice broken links or other errors in the following instructions, please note that on this thread with as much detail as you can. For any other questions or comments , and for individual yuckware removal assistance, please open a new topic here in the Computers forum - somebody who knows what they're doing will get to your questions and/or issues as soon as possible.




For a possible "quick & easy" fix, you might wanna try the free-for-home-use version of Nick Skrepetos' SuperAntiSpyware. I've found it to be safe, fairly effective and reliable. The app has been around a couple years now, and its been getting favorable reviews in general. The scan will take a good long while, so be patient. Be sure to read, understand, and follow the app's documentation, available from the download page.

If that doesn't do the trick, the following nit-picky, tedious, but very thourough and effective proceedure will get you started on the path to recovery from your current problem and prevention of future infestations:

This is an up-to-date, integrated series of steps designed to preliminarily deep-clean your system (though it is quite likely some cleanup will remain to be done after the first runthrough, which is why the follow-up logs and reports are requested) and to harden it against future infestations. It should be implemented in the order and manner listed. Its tedious, nit-picky, and time-consuming, but it is proven safe, effective, and reliable. Getting rid of yuckware is much more hassle than getting it in the first place, and taking the time and effort to prevent it once you've managed to get rid of it is time and effort well invested.

If you choose to give this method a shot, you should print out these instructions, as the proceedure will require that your machine be offline for several of the steps. Be certain you understand what to do, and how and in what order to do it. If you're unsure of, or have trouble with, anything here, please ask before going on. Also, if any of the supplied links don't work, please let me know.

If you already have installed any of the applications or tools listed below, please uninstall your version, download a fresh version, install, update, and configure as described below.


Again - Print out and fully understand these intructions, and gather all listed downloads before begining

1. First, gather the downloads and perform the installations and updates as recommended. Just download, install, update and configure these applications, DO NOT RUN ANY OF THEM YET, unless specifically directed otherwise.
   
   
2. Configure Windows Explorer to Show All Files
   
   
   
3. Be certain you have the latest version of HiJackThis, and that it is installed to a folder of its own either in your Programs file or directly on your root drive (the drive on which Windows is installed, usually "Drive C:\"). If you have already installed HiJackThis, be certain its in its own correctly placed folder, not a user-specific, temporary or desktop folder (to place HJT in its own folder, open Windows Explorer - Windows key + E - locate and select your root drive, the drive on which Windows is installed, and open that folder, right-clicking anywhere in that folder's blank space, select "New">"Folder", name the new folder "HJT", then download and extract, or if you already have the latest version somewhere else move, HJT into that folder). Launch the application, then, from its splash screen, choose "Miscellaneous Tools", or from the main start page, select "Config", then select "Search for updates online", confirm, and be sure your's is the latest version. Don't run a scan or fix anything yet. When running HiJackThis to scan or fix things, run it from its own folder, WITH NO OTHER BROWSERS, WINDOWS, FILESHARING, EMAIL, OR MESSAGING APPLICATIONS OPEN OR RUNNING
   
   
4. Go to Windows Update and check to make certain there are no outstanding Service Packs or High-Priority Updates for your operating system and/or Internet Explorer.
   
   
5. Run the online version of the Microsoft Windows Malicious Software Removal Tool.
   
   
6. Download, install, and update Windows Defender (Beta 2) (this is the successor to Microsoft Antispyware). Be sure to read, understand, and follow the download, installation, and update instructions available on the download page. Do not run the application's scan yet, just download, install, and update it.
   
   
7. Download, install, and update Ewido Anti-malware (the successor to Ewido Security Suite). Again, read, understand, and follow the download, installation, and update instructions available on the download page, and don't run the application's scan yet, just download, install, and update it. Note: when installing/configuring the trial version, do not select the automatic update or real-time protection options.
   
   
   
8. Download, install, and update Ad-Aware SE Personal. Just install and update it (when the program has installed, click the blue-green "Planet" icon, second from the right at the top of the screen, to run the auto-update function, and follow the prompts to update the application); don't run a scan yet.
   
   
   • When it has updated, click on the orange-ish "Gear Icon" (second-from the left at the top right-hand side of the window) to open the Ad-Aware configuration utility.
     
     
   • Under the "General" tab, all radio buttons should be green; if not, click to activate them.
     
     
   • Click the "Scanning" bar at the left of the page. Under "Drivers, Folders & Files", only the "Scan within archives" button should be green. Under "Memory & Registry", all buttons should be green.
     
     
   • Click the "Advanced" bar. Under "Shell Integration", "Move deleted files to Recycle Bin" should be green, and its your call whether you want to add "Scan with Ad-Aware to Explorer".
     
     
   • Under "Logfile Detail Level", all 3 buttons should be green.
     
     
   • Under "Alternate Data Streams", both buttons should be red.
     
     
   • Skip the "Startup", "Default", and "Interface" bars for now.
     
     
   • Click the "Tweak" bar. Click the plus-sign to open "Scanning Engine". "Unload recognized processes ... ", "Obtain command line ... ", and ""Scan registry for all users ... " should be green, "Run scan as background ...", "Ignore spanned files ...", and "Use permanent ... " may be left red.
     
     
   • Click to open "Cleaning Engine". The first 5 buttons should be green ("Automatically check ...", "Always try ...", "During removal ... ", "Let Windows remove ... ", and "Delete quarantined ..."} should be green, the remaining 3 ("Suppress warning ...", "Suppress progress ..." and "Disable manual ...") should be red.
     
     
   • Skip the remaining bars, click "Proceed", then close Ad-Aware WITHOUT RUNNING A SCAN.
     
     
   • With Ad-Aware closed, download LavaSoft's VX2 Cleaner Plugin, and install it per instructions found on the download page. read the instructions carefully so you'll know how to run the plugin when required. Do not run it, or Ad-Aware SE Personal, yet; just exit back to your desktop.
   
   
   
   
9. Download LSP-Fix. Just download it to a convenient-to-find place on your machine (A suitably named new folder your desktop is fine for now); it may or may not be needed, but if it is needed, you'll want to find it easily. Sometimes removal of yuckware will result in your not being able to connect to the internet. If this happens, LSP-Fix should take care of the problem. Be sure to read and understand (good idea to print out) the application's DOCUMENTATION so you know what to do if it becomes necessary.
   
   
10. Download, install, and update Spybot S&D. Just install and update it (when it installs, the program will give you the option to "Download all updates" - let it do so), don't run it yet.
    
    When it installs, the program will give you the option to "Download all updates" - let it do so. It will also step you through a Restore Point/Registry Backup process - follow through with each step Spybot wants you to do when it first installs.
    
    • When the program has been installed and updated, select "Immunize", click the green "+" plus-sign symbol at the top of the page to install Spybot's immunization, and follow any prompts.
      
      
    • On that same page, click to place a checkmark in the "Browser Helper to block bad downloads ..." button, then, from the dropdown below that, select "Block all bad pages silently".
      
      
    • At the top left of the main page, click "Mode", then select "Advanced"
      
      
    • Click "Tools", and make sure everything in the right-hand panel EXCEPT "View Report" and "Bug Report" is checkmarked.
      
      
    • Select "Resident" and on that page's right-hand panel, make sure only "Resident SD Helper" is checked, do not activate "Tea Timer"
      
      NOTE: DO NOT SELECT Spybot S&D's "TeaTimer" option at this time; its still sorta buggy, especially with WinXP.
      
      
    • Click "Hosts File", and at the top of that page's right-hand panel, click the green "+" plus-sign to install Spybot S&D's HOSTS list.
      
      
    • Next, click "Settings", then in that page's right-hand panel, select "File Sets"; everything in he right-hand panel under "Spybot - Search and Dstroy" should be checkmarked. "Usage Tracking" is optional and non-critical, but I recommend you select it too; doing so will help keep your machine free of Temporary File clutter.
      
      
    • Click "Ignore Products", and in that page's right-hand panel, under the "All Products" tab, make sure NOTHING is checked
      
      
    • When the configuration has been completed, just close Spybot S&D without running a scan yet.
    
    
11. Download CWShredder, and unzip it to your desktop, but don't run it yet.
    
    
12. Download, install, and update CCleaner[/i][/u] per the instructions on the download page. Just download, install, and update it, don't do anything with it yet; we'll be using it a a few times later in this process.
    
    
13. Download, install, and update Javacool Software's SpyWareBlaster. When the update has completed, select "Enable all protection", and exit back to your desktop. SpywareBlaster does not need to be running for its protection to be active, but you should should launch it at least weekly to check for updates. Read the FAQ HERE
    
    
14. Download the latest version of McAfee/AVERT Stinger - read and understand the instructions for running it, but don't run it yet, just download it to a convenient-to-find location such as an appropriately named folder on your desktop.
    
    
15. Update your own resident anti-virus application, but do not run a scan with it yet; just update it and close the application.
    
    
16. Now, per the instructions for your own resident antivirus and other security/privacy software, and with no other browsers or chat, messaging, or email clients open or running, DISABLE your resident anti-virus and other security/privacy software, then immediately go to TrendMicro HouseCall Free Online Scan and, per the instructions, run the free scan-and-clean process. If when it has finished, it reports it detected but did not remove something, please make careful, exact verbatim note of the item(s) reported - save it to report back here when the time comes.
    
    
17. When you have completed the TrendMicro scan-and-clean, locate and launch CCleaner, and have it run a full cleanup only (do not do anything with "Issues" or "Tools" at this time).
    
    
18. When that has completed, reboot your machine, and, with your resident antivirus and other security/privacy software disabled and no other browsers or chat, messaging, or email clients open or running, go to Panda Free Online Scan, and run the free online scan-and-clean available there. Please save the report it will generate when it has completed; we'll want to see that when the time comes.
    
    IMPORTANT: DISABLE ANY OTHER ANTIVIRUS YOU MAY HAVE ON YOUR MACHINE BEFORE RUNNING ANY OF THE ONLINE SCANS. Also, if you have any popup blocking, adblocking, or actively running antispyware application, disable those as well; they can interfere with online virus scans. Should an online scan report it has detected something it cannot repair or remove, please copy the exact message received, being sure to note the entire name and path of any file mentioned, and save it to post here at the appropriate time.
    
    
19. When that has been done, locate and launch CCleaner once more, again running a full scan-and-clean only.
    
    
20. When that has completed, Boot Into Safe Mode. The following steps are to be carried out in safe mode until the series is completed, and you are advised to reboot normally. If at any time during the process you do reboot, boot back into safemode before proceding with the next step.
    
    
21. Locate and launch Stinger; have it scan-and-clean your system per its instructions. When it has completed, reboot into Safe Mode and run it again. Do not reboot.
    
    
22. While in Safe Mode, locate and launch your own resident antivirus and run a full system scan-and-clean with it. When that has completed, do not reboot.
    
    
23. Next, while still in Safe Mode, locate, launch, and run CWShredder. Select "Fix" and let it run to completion. When it has completed, regardless what it reports, run it in its "Fix Mode" again. Do not reboot.
    
    
24. When that has completed, and while in Safe Mode, locate and launch Ewido Anti-malware, and run a full system scan-and-clean. Have it "Fix" whatever it finds. Please save the report it will generate when it has completed; we will want to see that when the time comes.
    
    
25. When that has completed, and while in Safe Mode, locate and launch Windows Defender, and run a full system scan-and clean with it, having it "Fix" whatever it finds. Again, when it has completed, and while in safe mode, run it a second time.
    
    
26. When that has completed, locate and launch Ad-Aware SE, select and run the VX2 Cleaner Plugin per instructions. When the plugin has completed, run it again. Now, again without rebooting, or if you have rebooted, while running in Safe Mode, run a full-system scan-and-clean with Ad-Aware SE, directing it to remove everything it finds. Once again, without rebooting, run a second full-system scan-and-clean with Ad-Aware SE.
    
    
27. Following the second run of Ad-Aware SE, locate and launch CCleaner once more, and again run a full scan-and-cleanup only.
    
    
28. Now, reboot normally, but DO NOT ALLOW YOUR MACHINE TO CONNECT TO THE INTERNET. If necessary, physically disconnect the cable between your machine and your internet access device or shut off your Wireless Gateway.
    
    
29. When your machine has rebooted, and not connected to the internet, be certain your own resident anti-virus and any other security/privacy software is disabled, then run full system scan and clean proceedures with, in this order:
    
    
    • CWShredder
      
    • Ewido Anti-malware (Note: Again please save the report generated when the application has completed)
      
    • Windows Defender
      
    • Ad-Aware SE (Note: Please also run Ad-Aware SE's VX2 Cleaner pluigin once more as well)
      
    • Spybot S&D (Note: Have Spybot S&D "Fix" everything it reports found which it lists in RED, items listed in GREEN are non-critical and your call)
      
    • CCleaner
    
    
    
30. Now, reboot normally once more, and without allowing your machine to connect to the internet, locate and launch HiJackThis. Before running a scan, please have it generate a Startup List by going to the "Miscellaneous Tools" page, placing a checkmark in each of the 2 boxes next to the "Generate StartupList Log" button, then click the button and save the generated report. When that has completed, WITH NO OTHER BROWSERS, WINDOWS, FILESHARING, EMAIL, OR MESSAGING APPLICATIONS OPEN OR RUNNING, click the "Back" button, and have HiJackThis run a scan-and-save-log only - DO NOT "FIX" anything yet.
    
    
31. When that has completed, make sure your resident anti-virus and other security/privacy software are enabled, connect to the internet, navigate back to Able2Know, open a new topic in here in the Computers forum, or if you have already opened a yuckware removal topic, return to that topic, and post
    
    • The Panda ActiveScan Report
      
    • Both the 1st and 2nd Ewido Anti-Malware reports
      
    • Any error messages or "Could not remove" reports you may have encountered, if any - please report these verbatim, exactly as they appeared.
      
    • The HiJackThis StartupList Log
      
    • The HiJackThis Scan Log

You may find it convenient to click "Turn on email updates" down at the bottom right of your personal yuckware removal discussion topic; doing so will cause a notification to be sent to the address you registered with A2K whenever the topic receives a reply.

PLEASE DO NOT POST HELP REQUESTS TO THIS TOPIC; THEY WILL BE IGNORED AND/OR DELTED

If you notice broken links or other errors in the above instructions, please note that on this thread with as much detail as you can. For any other questions or comments, and for individual yuckware removal assistance, please open a new topic here in the Computers forum - somebody who knows what they're doing will get to your questions and/or issues as soon as possible.