Hello Napalmtom9 and Welcome to GeekPolice Malware removal forum.
My nick is
Net_Surfer and I will be helping you with your malware issues, this may or may not solve
other issues you may have with your machine.
Please note that whatever repairs we make, are for fixing
"your computer problems only" and by no means should be used on
another computer.
I would also like to inform you that most of us here at GeekPolice offer our expert assistance out of the goodness of our hearts.
Please be courteous and appreciative for the assistance provided!Please be patient and I'd be grateful if you would note the following:The cleaning process is not instant. Gmer, DDS, ComboFix, RSIT and hijackthis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.[/b]
- Please Read All Instructions Carefully and perform the steps fully and in the order they are written.
- If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
- Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
- In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
- Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
- Please continue to review my answers until I tell you that your machine is clean and free of malware. (Absence of symptoms does not mean that everything is clear.
Just because you can't see a problem doesn't mean it isn't there. If you can do these things, everything should go smoothly.
OK. Napalmtom9.......If you have a Vista computer ensure that you right click on the tools and run them as an Admin. IF XP double click on the program to run them.
Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.
Please carefully follow the next set of steps:If you can not download and run the following tools, then I would like for you to try another approach:
If you have the use of another computer please either use a Flash Drive or a CD to download the following and transfer them for use on the infected machine.
Be sure you put them on the desktop of the infected computer.* exeHelper by Raktor.step1. Please download: exeHelper to your desktop.Double-click on
exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of
exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).step2.* After running exeHelper (
"without rebooting") download and run Rkill and Malwarebyte's and run them using this instructions:
We need to use the RKill Tool by GrinlerRkill.com <--- Download site
- Please Download Rkill.com. Save it to your Desktop.
- Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
- NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.
- Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
- Please be patient while the program looks for various malware programs and ends them.
- When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Antivirus Suite when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.
If you continue having problems running rkill.com, you can download: iExplore.exe or
eXplorer.exe which are renamed copies of rkill.com, and try them instead.*If the tool does not run from any of the links, Please tell me about it.Malwarebytes' Anti-Malwarestep3.* Please download: Malwarebytes' Anti-Malware Note: If you already have Malwarebytes' Anti-Malware, just update first then run it.
- Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform a Full system Scan", then click Scan (the scan may take some time to finish, so please be patient).
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.step4.* We need to see some additional information about what is happening in your machine.
Please perform the following scan:
- Download DDS by sUBs from one of the following links. Save it to your desktop.
o DDS.scr
o DDS.pif
- Double click on the DDS icon, allow it to run.
- A small box will open, with an explanation about the tool. No input is needed, the scan is running.
- When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
- Save both reports to your desktop.
- The instructions here ask you to attach the Attach.txt.
- Instead of attaching, please copy/paste both logs into your next reply.
- Close the program window, and delete the program from your desktop.
[indent]
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all anti-virus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control
HERESummary of the logs I will need in your next reply:
- ExeHelper log.
- Rkill log.
- MBAM log.
- The two logs of DDS.
How are things your end Napalmtom9?The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.
Kind regards
Net_Surfer