Jump to content


Photo

Guidelines/Instructions for Posting in this Forum


  • This topic is locked This topic is locked
1 reply to this topic

#1 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • General Admin
  • 15,881 posts

Posted 19 January 2009 - 05:14 PM

1. Please register with the Gladiator Security Forum if you are not currently a member (it is free). You will need to use a valid email address, and follow the instructions to validate your membership. Then you can post. This will help us find your post much easier to distinguish it from anonymous guests. (Click here to reach the registration page: Register)

2. Backup your data!! Regardless of whether or not you have a malware infection, routinely backing up your data should be an important part of every computer users life. Whether it be a hard drive that has failed or malware that has caused your computer to become inoperable, not having your files, pictures, email, and music can be a disaster. We therefore suggest that before we move forward with this cleaning process, you first backup your data to a secure location.

3. Do not post at another site asking for the same help for the same computer unless you previously have asked us to close your topic. If we find that you have posted for help at another site regarding the same problem, we will be forced to close your topic here. This is because two different sites can give conflicting advice, which makes it harder for our helpers to provide quality help.

4. If you ran AntiVirus programs, AntiSpyware programs, or online scans, please let us know which ones you ran, and wherever possible, please post the logs from these programs and scans. The more information you give us, the better we can diagnose your problem(s) and the quicker and more effectively we can begin the cleaning process ans reach a final resolution to your issues.

5.
Once you have posted here, do not install or run any antivirus, antispyware, or other cleaning program unless instructed by your helper. Also, please do not install or remove any other software unless instructed by the helpers here.

6.
Install and run the program(s) as specified in the following post(s).


** Be sure to post all requested logs. Not posting all the logs will delay fixing **


Note:
The help provided by Gladiator Security Forums is for personal computers only, either singly, or on a small home network. We do not provide help for corporate or work environment computers.

Be aware that removing some malware can be a hazardous undertaking. It is possible that we might encounter the rare situation where the only recourse is to re-format and re-install your operating system and programs.

Because of legal and ethical considerations, Gladiator Security Forum's policy is to refuse to participate in the cleanup or restoration of a system that has unlicensed software. If you have become infected from using cracked software to bypass licensing software requirements, your best plan would be to reformat the hard disk and reinstall Windows. This would eliminate the infections you may have sustained and also restore your operating system's functionality.







Modified: 2009.06.02 - LPP: Removed all reference to HJT
Modified: 2009.06.10 - LPP: Revised OTListIt instructions. New name and link
Modified: 2009.12.15 - LPP: Added OTL Instruction to change Standard Registry selection to All
Modified: 2009.12.19 - LPP: Removed OTL Instruction to change Standard Registry selection to All (Safelist is default)
Modified: 2010.02.28 - LPP: Replace ATF with TFC to ensure Windows 7 and 64bit compatibility
Modified: 2010.07.21 - LPP: Added Secondary download addresses to TFC and OTL
Modified: 2011.01.02 - LPP: Amended wording and added disclaimer
Modified: 2011.05.27 - LPP: Added wording to Step 2 - TFC to skip if missing files/folders/icons


#2 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • General Admin
  • 15,881 posts

Posted 19 January 2009 - 05:31 PM

*** UPDATED June 24, 2011 ***


If you are running Windows XP, Windows XP SP1, Windows XP SP2, Windows Vista, or Windows Vista SP1, your operating system is out of date. For infected computers, our helpers strongly recommend that you reformat your hard drive and re-install your operating system and programs.

Please read and complete the following steps before posting your logs in the Malware Help Forum:

Special Note if Spybot is installed: Before proceeding, disable Spybot Tea Timer and leave it disabled until we're done here. See http://aumha.net/viewtopic.php?t=32409 for information on disabling Tea Timer.

Note: If you don't fully understand what Tea Timer does and how it does it, best to leave it permanently disabled.

Special Note for Vista: In all that follows, and subsequent sessions, you need to run these utilties "As Administrator" in most cases. Right click the program executable and choose "Run as Administrator". If you do not do this, some of these utilities will fail to work, or fail to work properly. If you have any problems with any of the utilities you are asked to run, check that you ran the application as an Administrator. Some of these utilties will not give you a UAC prompt, they will simply exit without doing anything at all or showing an error message.

You may want to print the rest of these instructions for offline reference.

1. Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application. (If using Windows Vista, be sure to "Run As Administrator")
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Acan" option is selected.
    • Then click on the Scan button.
  • The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2. Please download TFC - Temporary File Cleaner by Old Timer, saving it to your desktop: http://oldtimer.geekstogo.com/TFC.exe or http://www.itxassoci...T-Tools/TFC.exe
  • If you experiencing symptoms like missing files, folders, or a blank Desktop, skip this step and go on to Step 3.
  • Save it to your Desktop.
  • Close any open windows, save your work,
  • Double click the TFC icon to run the program,
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process,
  • Allow TFC to run uninterrupted,
  • The program should not take long to finish it's job,
  • Once it's finished, click OK to reboot.

3. Enable Show Hidden Files and Folders
If using Windows XP:
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and exit My Computer.
  • Now your computer is configured to show all hidden files.

If using Windows Vista or Windows 7:
  • Close all programs so that you are at your desktop.
  • Open the Control Panel menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and exit My Computer.
  • Now your computer is configured to show all hidden files.

[Online tutorial covering both of the above: http://www.bleepingc...tutorial62.html]

4. Important! Open Notepad; Click on Format; Uncheck Word wrap, if checked.

5. Download OTL by OldTimer, saving it to your desktop: http://oldtimer.geekstogo.com/OTL.exe
or http://www.itxassoci...T-Tools/OTL.exe
  • Close all open windows on the Task Bar. Click the OTL icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. The scan may take 5-10 minutes.
  • Do not TOUCH your keyboard until the scan completes!
  • It will produce two (2) logs on your desktop, one will pop up called OTL.txt; the other will be named Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

6. Download Security Check by screen317 and save it to your Desktop: http://screen317.spy...curityCheck.exe
  • Double-click on SecurityCheck.exe and follow the on-screen instructions inside the black box.
  • A Notepad document named checkup.txt should then open automatically; close Notepad, saving the file to your desktop. We will need this log, too.

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

7. After Registering, begin your own new thread. Briefly state your problem(s) and tell us what you've done so far to resolve them. Then copy/paste the following into your post (in order):
  • the contents of the MBAM log (Step 1)
  • the contents of OTL.txt (Step 5)
  • the contents of Extras.txt (Step 5)
  • the contents of checkup.txt (Step 6)

Please do NOT use the Attachment feature, despite what you might see in any of the above TXT files!

If you follow the above steps, it will accomplish three things:
  1. Your computer will be cleaner and in better shape before we even get to your log!
  2. It will save the volunteers on this site many hours of work and add to the accuracy of the information they are able to give you - it's easier to see individual trees in a thinned forrest.
  3. You won't delay the process of getting up & running again by having to answer a lot of questions.



Please provide us the information we need in order to help you efficiently and effectively. Without this information you will only delay the cleaning process.