You should now get your friend to print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because he will not be able to connect to the Internet to read from this site.
Please reboot the computer in
Safe Mode by doing the following :
- Restart the computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose the usual account.
Once in Safe Mode, open the
SmitfraudFix folder again and double-click
smitfraudfix.cmd
Select option #2 -
Clean by typing
2 and press "
Enter" to delete infected files.
There will be a prompt : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing
Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if
wininet.dll is infected. He may be prompted to replace the infected file (if found); answer "Yes" by typing
Y and press "Enter".
The tool may need to restart the computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at
C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
PC Help Forum
» Security & Safety
» [Fixed] Hijackthis! Logs
»
[Resolved] SpyMarshal
Linear Mode
