By racooper w/SwanDog46 & miekiemoes
PLEASE READ AND FOLLOW THESE INSTRUCTIONS CAREFULLY; YOU MAY WANT TO PRINT OR SAVE THESE INSTRUCTIONS LOCALLY BEFORE STARTING.
1. Please download, install, and update the free version of Ewido Security Suite:
- When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
- From the main ewido screen, click on update in the left menu, then click the Start update button.
- After the update finishes (the status bar at the bottom will display "Update successful")
- Exit Ewido. DO NOT scan yet.
2. Please download this revised installer for the Nailfix utility.
DO NOT run it yet.
Alternate download links here:
3. Reboot to Safe Mode
How to start the computer in Safe mode
4. Once in Safe Mode, please double-click on nailfix.exe. Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish". Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
5. Next, run Ewido again.
- Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
- If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. We'll see that in the log you will post later and let you know if ewido needs to be run again.
- When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [random] c:\windows\system32\random.exe r
Close all open windows except for HijackThis and click Fix Checked Note that the 04 entry may have changed names if you have rebooted since posting the log; look for an entry with a similar format, that will always in in a single letter r.
Locate and delete the following File in BOLD:
c:\windows\system32\random.exe (or whatever the name may have changed to, as noted above).
6. Now, run CCleaner.
- Uncheck "Cookies" under "Internet Explorer".
- If running Firefox: click on the "Applications" tab and uncheck "Cookies" under "Firefox".
- Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
7. Please start a new topic if you need help. Do not post your logs in someone else's threads.
Thank you! :)
Edited for new version of Nailfix 22Jul2005