Doing the following will help our team members assist you more quickly. It is important for the interpretation of and cleaning of any malware infection that these instructions be done in order, and thoroughly. Thank you for your cooperation.
Before using HijackThis Please Do the Following:
1. Set System and Hidden files and folders to show:
For XP:- Right-Click My Computer choose Explore, click on Tools, Folder Options.
- Click the View tab.
- Place a tick next to Display content of System folders, (answer OK to warnings)
- Under Hidden files and folders, click Show hidden files and folders.
- If you see a warning message, click Yes.
- Click Apply.
- Click OK.
For 98/2000/ME:- Double-click the My Computer icon
- Click on the View menu, click Folder Options
- Advanced Settings box, under the "Hidden files" folder, click Show all files.
- If you see a warning message, click Yes.
- Click Apply.
- Click OK.
2. Disable System Restore to prevent re-infection.
(If you have/use it.) Don't forget to turn it back on when your PC is clean!
WinXP.- Click the Start button.
- Right-click My Computer, and then click Properties.
- On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
WinME.- Click Start > Settings > Control Panel.
- Double-click the System icon.
- If the System icon is not visible, click View all Control Panel options to display it.
- On the Performance tab, click File System.
- On the Troubleshooting tab check Disable System Restore.
- Click OK. Click Yes, when you are prompted to restart Windows.
3. Download the following scanning software according to your Operating System and follow the installation and setup instructions.
All Users:
HijackThis
SUPERAntiSpyware
2000/XP/Vista Users:
AVG Anti-Spyware
4. Boot into Safe Mode, (continually tap the F8 key during bootup until either a beep sounds, or a menu pops up. Use your arrow keys to navigate to Safe Mode, and hit Enter.)
5. Now please run the following applications according to your Operating System in Safe Mode:
For XP/2000/Vista users:
AVG Scan: Double-click on the AVG icon on your desktop, then On the main screen select the icon "Update" then select the "Update now link".
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "
Reports" Select "
Automatically generate report after every scan"
Un-Select "Only if threats were found"
Next, click the Scanner tab, choose Complete System Scan . When it has finished, click on Reports, select the newest report, and click on Save Report As. Click on the down arrow next to Reports and choose your Desktop to make finding the file easier when posting. Close out of AVG. Remain in Safe Mode.
Note: if during your scan AVG Anti-Spyware "crashes" or "hangs", please try scanning again. If AVG still hangs, click on
Scanner,
Settings. Uncheck
Scan in NTFS Alternate Data Streams as this can cause problems in overly infected systems, then try running a new scan.
For All Users (2000/XP/Vista users, proceedure after AVG scan):
SUPERAntiSpyware Scan: Start the scanner, click "Scan your computer", mark the drives that you want to scan (in the left window). Select "Perform Complete Scan" (in the right window). Click "next".
The scanner will now start to scan. As soon as it has finished, you should mark everything that is found, and let the scanner fix it.
Restart your computer. After reboot, open the scanner again. Click "preferences"-> "stastics/logs". Mark the log. Click "View log", and save the contents of this report to somewhere convenient.
6.Clean up temporary and unneccesary files and folders:
Please download and then run
CCleaner
Upon installation, make sure to deselect Yahoo toolbar before clicking on OK.
Once installed, make sure that all options are selected, including Advanced, answer OK to all warnings. Click on Analyze, then Run Cleaner. Repeat until either no further files appear needing to be cleaned, or the same files keep reappearing.
If you have files that cannot be cleaned. Please make a note of them to post back in your thread.
7. Boot into Normal Mode and run HijackThis! (All Users)
Locate the folder you have installed HJT into. Double-click on it to run, and choose
Do a System Scan and Save a Log File. A notepad file will open, click on File, Save, and save this file to your Desktop for ease of posting.
When you post:
Please include all requested logs from this PreWork, as well as any uncleaned files.
To attach a log - simply paste it into your thread.
Please include a detailed description of the problem you are having, be as specific as possible, and tell us any symptoms, scans you may have already done, other than PreWork, and also any hard or software that you may have installed prior to the odd behavior starting.
Please post in either the Hijackthis forum starting your own thread, or return to your existing thread and post your resulting logs there, one of the staff will move it to the HJT forum.
We have an excellent Security Team, and will take the time and effort to assist you according to your technical abilities. Please feel free to ask for any clarification, guidance or information that you may need. That's what we're here for.
See you in the Forum,
The PCHF Security Team
Please Follow These Instructions Before Posting Your HijackThis Log, AKA "PreWork"
Installation and setup instructions for AVG Anti-Spyware:
Linear Mode
