If you suspect your computer has become infected by a virus or spyware program (sluggish performance, pop-up windows, internet search takes you to an unknown site etc.) following the steps outlined below may save you some time and money. Simply running the programs listed below could correct the problem(s). If additional help is needed, the programs listed will generate reports you can submit here for more precise removal instructions.
If you feel your computer is infected and/or a program below confirms it you should NOT continue to use your computer for online banking or other sensitive operations such as logging into your work computer. Many infections include programs that track and record your keystrokes! Things like account info and passwords are highly sought after on the “black market”.
First make a copy these instructions so you have them handy.
Pre-Cleaning Steps:
(a) If you have Spybot S&D or AdAware installed do the following:
- If Spybot is installed: Before proceeding, disable Spybot Tea Timer and leave it disabled until we’re done here.
• See »aumha.net/viewtopic.php?t=32409If Ad-Aware is installed and Ad-Watch is enabled: Before proceeding, disable Ad-Watch and leave it disabled until we’re done here.
• See »aumha.net/viewtopic.php?f=43&t=38668
NB: If you don’t fully understand what Tea Timer and/or Ad-Watch does and how it does it, best to leave it permanently disabled.
Special Note for Vista and Windows 7: In all that follows, and subsequent sessions, you need to run these utilties “As Administrator” in most cases. Right click the program executable and choose “Run as Administrator”. If you do not do this, some of these utilities will fail to work, or fail to work properly. If you have any problems with any of the utilities you are asked to run, check that you ran the application as an Administrator. Some of these utilties will not give you a UAC prompt, they will simply exit without doing anything at all or showing an error message.
(b) Enable Show Hidden Files and Folders
- If using Windows XP:
• Close all programs so that you are at your desktop.
• Double-click on the My Computer icon.
• Select the Tools menu and click Folder Options.
• After the new window appears select the View tab.
• Put a checkmark in the checkbox labeled Display the contents of system folders.
• Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
• Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
• Remove the checkmark from the checkbox labeled Hide protected operating system files.
• Press the Apply button and then the OK button and exit My Computer.
• Now your computer is configured to show all hidden files.
- If using Windows Vista or Windows 7:
• Close all programs so that you are at your desktop.
• Open the Control Panel menu and click Folder Options.
• After the new window appears select the View tab.
• Put a checkmark in the checkbox labeled Display the contents of system folders.
• Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
• Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
• Remove the checkmark from the checkbox labeled Hide protected operating system files.
• Press the Apply button and then the OK button and exit My Computer.
• Now your computer is configured to show all hidden files.
Online tutorial covering both of the above: »www.bleepingcomputer.com/tutoria···l62.html
(c) Check Notepad
- We need to make sure that word wrap is disabled for log readability.
• Open Notepad;
• Click on Format;
• Uncheck Word wrap, if checked.
(d) Disable Windows Defender
- If you have Windows Defender installed, we need to disable it before we begin the cleaning process.
• Open Windows Defender by clicking the ‘Start’ button
• Click ‘All Programs’, then click ‘Windows Defender’
• Click Tools’, then click ‘Options’
• Under ‘Administrator options’, select or clear the ‘Use Windows Defender’ check box
•click ‘Save’If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
(e) Please disable the real-time protection on your AntiVirus program
- •Please make sure not to run CCleaner until we’re done here, unless the following is unchecked
•See screenshot:
Cleaning Steps:
1. Download TFC – Temp File Cleaner, saving it to your desktop:
»www.itxassociates.com/OT-Tools/TFC.exe
- • Save it to your Desktop.
• Close any open windows, save your work,
• Double click the TFC icon to run the program,
• TFC will close all open programs itself in order to run,
• Click the Start button to begin the process,
• Allow TFC to run uninterrupted,
• The program should not take long to finish it’s job,
• Once it’s finished, click OK to reboot.
2. Download Malwarebytes Anti-Malware, saving it to your desktop.
• Update Malwarebytes’ Anti-Malware
• Launch Malwarebytes’ Anti-Malware
• Make sure the “Perform Full Scan” option is selected.
• Then click on the Scan button.
• Close all open windows on the Task Bar. Click the OTL icon (for Vista, right click the icon and Run as Administrator) to start the program.
• In the lower right corner of the Top Panel, checkmark “LOP Check” and checkmark “Purity Check”.
• Now click Run Scan at Top left and let the program run uninterrupted. The scan may take 5-10 minutes.
• Do not TOUCH your keyboard until the scan completes!
• It will produce two (2) logs on your desktop, one will pop up called OTL.txt; the other will be named Extras.txt.
• Exit Notepad. Remember where you’ve saved these 2 files as we will need both of them shortly!
• Exit OTL by clicking the X at top right.
- • Double-click on SecurityCheck.exe and follow the on-screen instructions inside the black box.
• A Notepad document named checkup.txt should then open automatically; close Notepad, saving the file to your desktop. We will need this log, too.
- • Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
—or for 64bit Windows: C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
• Copy and paste that log as a reply to your topic, along with a description of any remaining problems
• Make sure you are connected to the Internet.
• Double-click on Download_mbam-setup.exe to install the application. (If using Windows Vista, be sure to “Run As Administrator”)
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
• The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
• The scan will begin and “Scan in progress” will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say “The scan completed successfully. Click ‘Show Results’ to display all objects found”.
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.
Note 1:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Note 2:
Some malware will try to block Malwarebytes’ Anti-Malware. If you are unable to get Malwarebytes’ Anti-Malware to run, rename the executable file (normally C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe) to a random file name (such as somefile.exe, somefile.scr, etc) and double-click the file to see if it will run.
3. Download OTL, saving it to your desktop:
»www.itxassociates.com/OT-Tools/OTL.exe
4. Download Security Check, saving it to your Desktop:
If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
5. Online AV Scan
This is an important step to do even if you ran your resident AV program, as some malware can disable the program currently installed on your PC. The online AV scanners can sometimes reveal infections your present AV can not. An online scanner can’t be “fooled” or damaged by malware. The online scan will not interfere with your currently installed AV program. The logs in your post are a required step.
Only do one of following scans. Try ESET first, and if you have any problems, then try the bitDefender scan. If neither scan works, skip this step but be sure to let us know both failed.
ESET Online Scan:
ESET Online Scanner works with x32 and x64 (AMD64 and EMT64) versions of Microsoft Windows—it does not work with Itanium (IA64) versions of Microsoft Windows.
The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select “Run as administrator” from the context menu.
Go here: »www.eset.com/onlinescan to run an online scannner from ESET.
Note: If IE doesn’t work, try an alternate browser. Firefox & Opera are now supported w/ a downloadable tool.
You will find the Firefox/Opera tool here:
bitDefender Online Scan:
Go here: »quickscan.bitdefender.com/ to run an online scannner from bitDefender.
• Start the BitDefender online scan by pressing the ‘Start Scan’ button.
• You will need to allow an ActiveX control or plugin to install for the scan to run.
• Leave the scanning options at default and press “click here to scan”
• When finished scanning, click on “click here to export the scan report”
• Save it to your desktop, at “file name” type in “bdscan” then click save.
• I may request this log if your problem persists. Do not delete.
Related posts:
