Support Forums
I am infected! What do I do? - Printable Version

+- Support Forums (https://www.supportforums.net)
+-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87)
+--- Forum: Virus Protection, Removals, and HJT Team (https://www.supportforums.net/forumdisplay.php?fid=56)
+---- Forum: Virus Removal, Hijack This Logs, and Support (https://www.supportforums.net/forumdisplay.php?fid=48)
+---- Thread: I am infected! What do I do? (/showthread.php?tid=12900)



I am infected! What do I do? - --([-S7N-])-- - 10-17-2010

Introduction

Malware (Spyware, Adware, Trojans, Viruses) are every increasing in their frequency, and abilities to disguise themselves. This forum is a resource for removal of this malicious software (malware). This guide will help you to remove many of the most common problems, and allow us to help you most efficiently. It may look daunting, but shouldn't take long to complete.

Please remember, people helping you here are all volunteers. Be patient, somebody will help you as soon as they become available. We have REAL jobs, families, have other interests, or may live half way around the world. Plus, there may be people in front of you waiting for help. Following the steps below will lighten our work load, and allow us to help more people. Please acknowledge that you've followed the steps in this cleaning guide (or our first reply will likely direct you here).

Finally, please follow your thread to a conclusion. Just because a popup is gone, or a desktop is restored, it does not mean your system is free of malware. It may still be sending spam silently in the background, or even collecting personal information. If you fail to follow your topic to conclusion, your system may not be completely clean, and it will be vulnerable to future infections. When finished, we will post instructions and advice on preventing future infections.

Rules

If you want a checkup, please start helping yourself by performing all the instructions here:
  1. Post all the logs in your checkup thread or your thread will be closed/unattended until you do the scans.

  2. Do not post logs in another's thread. Create your own.

  3. Do not try and help other members, although we appreciate your willingness to try. It can be VERY dangerous.

  4. Do not bump your threads, we look for threads with 0 replies.
If you happen to intentionally install malware on your computer, please state so.

If your helper has not responded within 3 days, please PM your helper.

Official Helper List

Do not accept help from anyone other than the following users:
  1. Quintus
  2. AsSaSs@iN
  3. --([-S7N-])--
  4. N3w_2_H@Ck1n™

How to receive help from us

Step 1:

What issues are you having with your computer? Please be very specific.

Step 2:

Click here to download ATF-Cleaner by Atribune - Please use this link to avoid downloading incorrect and potentially harmful software.

Save it to your Desktop.
  • Double-click 'ATF-Cleaner.exe' to run it.
  • Under 'Main' check the 'Select All' box.
  • Press the 'Empty Selected' button.
    • If you use Firefox browser:
      • Click Firefox at the top and then check the 'Select All' box.
      • Press the 'Empty Selected' button.
      • Note: If you wish to keep your saved passwords, click No at the prompt.
    • If you use Opera browser:
      • Click Opera at the top and then check the 'Select All' box.
      • Press the 'Empty Selected' button.
      • Note: If you wish to keep your saved passwords, click No at the prompt.
  • Click 'Exit' on the Main menu to close the program.

Step 3:

Please download Malwarebytes' AntiMalware.

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full Scan, then click Scan.
    The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Step 4:

  • Please download: HijackThis Installer to your Desktop.
  • Double Click the HijackThis icon.
  • By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
    • It will also create a shortcut on your Desktop.
  • Run HijackThis.
  • Accept the license agreement.
  • Click on 'Do a system scan and save the logfile'.
    • Do NOT fix ANY HijackThis entries unless instructed to do so.
  • Copy paste the contents of the notepad file that opens in your thread.
Step 5:

Download DDS.scr by sUBs from one of the following links.
  1. Link 1
Save it to your desktop.
  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Remember to use www.pastebin.com if the logs are too long to post.

Post all the logs in the following template in a new thread at the Virus Removal, Hijack This Logs, and Support Forum.

1.My issues are:

2.My MBAM log:

3.My HJT log:

4.My DDS log:

Issues encountered:

Code:
[color=#00BFFF][b]1.My issues are:[/b][/color]

[color=#00BFFF][b]2.My MBAM log:[/b][/color]

[color=#00BFFF][b]3.My HJT log:[/b][/color]

[color=#00BFFF][b]4.My DDS log:[/b][/color]

[color=#FF0000][b]Issues encountered:[/b][/color]



Check up scan procedure:

Do the following steps and include all logs in your thread.

Step 1:

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

Step 2:

Download SuperAntiSpyware
  • Load SuperAntiSpyware and click the Check for updates button.
  • Once the update is finished click the Scan your computer button.
  • Check Perform Complete Scan and then next.
  • SuperAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.

Step 3:

Please download Malwarebytes' AntiMalware.

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full Scan, then click Scan.
    The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Step 4:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to Yes, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Step 5:
  • Please download: HijackThis Installer to your Desktop.
  • Double Click the HijackThis icon.
  • By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
    • It will also create a shortcut on your Desktop.
  • Run HijackThis.
  • Accept the license agreement.
  • Click on 'Do a system scan and save the logfile'.
    • Do NOT fix ANY HijackThis entries unless instructed to do so.
  • Copy paste the contents of the notepad file that opens in your thread.

Step 6:

Download DDS.scr by sUBs from one of the following links.
  1. Link 1
Save it to your desktop.
  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Remember to use www.pastebin.com if the logs are too long to post.

Step 7:

Create a new thread here: http://www.supportforums.net/showthread.php?tid=12900

Include all the logs and information from the steps above using this template:

1.My SAS log:

2.My MBAM log:

3.My ESET log:

4.My HJT log:

5.My DDS log:

Code:
[color=#00BFFF][b]1.My SAS log:[/b][/color]

[color=#00BFFF][b]2.My MBAM log:[/b][/color]

[color=#00BFFF][b]3.My ESET log:[/b][/color]

[color=#00BFFF][b]4.My HJT log:[/b][/color]

[color=#00BFFF][b]5.My DDS log:[/b][/color]