Hi there belovd2000 and welcome to GeekPolice!
I am
Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
- Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
- Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
- I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
- Stick with me till the end! If your computer starts running better, doesn´t mean it is clean yet!
====================Careful now,
Best Malware Protection is
rogue software. For an explanation of this term you can consult e.g.
Wikipedia. Whatever you do,
do not buy a license for this program. If you already did, you have been
scammed. In that case I suggest you contact your financial institution and see if you can revert the payment.
The first thing we are going to do is try and
temporarily disable the rogue, to get rid of all the annoying popups and allow us to actually do something. For this we use
RKill.
====================Please download
RKill by
Grinler from Download Mirror #1 and save it to your
desktop.
Download Mirror #1 (rkill.exe)Download Mirror #2 (rkill.scr)Download Mirror #3 (rkill.com)Download Mirror #4 (WiNlOgOn.exe)Download Mirror #5 (uSeRiNiT.exe)Download Mirror #6 (iExplore.exe)Download Mirror #7 (eXplorer.exe)- Double click the RKill desktop icon (rightclick > Run as Administrator for Vista/WIN7).
- A black screen will briefly flash indicating a successful run.
- If this does not occur please delete that application and try using Mirror #2
- Continue process until the tool runs.
- Important: RKill only temporarily disables the malware. If you reboot the computer, it will be active again. So do not reboot until we kill the infection.
====================Since you cannot access your infected computer, you will have to download the required tools from your clean computer and move them to the infected computer with some removable media, for example burn it to a CD or write it to an USB flash disk.
If you use an USB flash disk, I highly recommend you to immunize it first, to prevent malware using the usb flash drive for spreading itself.
If you use an USB flash disk, I highly recommend you to immunize it first, to prevent malware using the usb flash drive for spreading itself.
Please download
Flash_Disinfector by
sUBs from
here and save it to your desktop.
- Double-click Flash_Disinfector.exe to run the tool
- When requested, insert the USB flash disk(s) you want to to immunize/disinfect
- Hold down the Shift key when inserting the drive(s) until Windows detects the drive
- Click OK to start the disinfection process
- Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named
autorun.inf in each partition and every USB drive that you choose to disinfect. Do not delete that folder!
====================Besides RKill (I recommend you download all 7 versions and save them to your CD/USB stick) you will also need OTL to run the OTL scan. So make sure OTL.exe is also saved to the CD/USB stick. Here are the instructions for downloading and running OTL:
Please download
OTL by
OldTimer from
here and save it to your
Desktop.
- Close all windows and double click OTL.exe.
- The Extra Registry setting should be Use Safelist
- Copy and paste the following text into the Custom Scans/Fixes box:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
/md5start
atapi.sys
explorer.exe
iastor.sys
userinit.exe
winlogon.exe
/md5stop
- Click the Run Scan button and allow it to run.
- It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
- You may need to use two posts to get it all.