- Open HijackThis
- Choose "Do a system scan only"
- Check the boxes in front of these lines:
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\iifCVmkh.dll,#1
O4 - HKLM\..\Run: [97D.tmp] C:\Windows\temp\97D.tmp
O17 - HKLM\System\CCS\Services\Tcpip\..\{83AD3E58-C09B-4D0A-96A5-3F9DB1B42D06}: NameServer = 85.255.112.86;85.255.112.189
O17 - HKLM\System\CCS\Services\Tcpip\..\{946929A1-ADDF-4C10-B5AB-CF0157D7A869}: NameServer = 85.255.112.86;85.255.112.189
O17 - HKLM\System\CCS\Services\Tcpip\..\{F30B99C5-05AE-40E9-820E-C331051DA836}: NameServer = 85.255.112.86;85.255.112.189
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdjac.exe - Press "Fix Checked"
- Close Hijack This.
Now open a new notepad file.
Input this into the notepad file:
@echo off
sc stop "Windows Tribute Service"
sc stop "Viewpoint Manager Service"
sc delete "Windows Tribute Service"
sc delete "Viewpoint Manager Service"
del fix.bat
exit
Save this as fix.bat, save it to your desktop.
Double click fix.bat and the black cmd window will open and close, this is normal.
Delete this file in bold:
C:\Windows\system32\kdjac.exe
Please download and run this tool.
Download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
Post the contents of the MBAM Log.
Site Admin / Security Administrator
Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.