Hi,
Can you still access your Task Manager?
(Ctrl + Alt + Delete)
Go into Task manager > Processes tab
check the checkbox labeled Show processes from all users bottom left of the Task Manager window.
Find the process
Windows Police Pro.exe and left-click on it once so it becomes highlighted.
Now click on the
End Process button Task manager will ask you if you are sure - say
YESNow scroll through the list of processes until you find the
svchast.exe process.
end this process as well by clicking on the End Process button and confirming that you want to end it.
note the spelling
svchAst.exe there are legitimate files spelt
svchOst < do not end process on those.
NEXT- Please open your MalwareBytes AntiMalware Program
- Click the Update Tab and search for updates
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish, so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected. <-- very important
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
NEXTPlease download
DDS from either of these links
LINK 1 LINK 2and save it to your
desktop.- Disable any script blocking protection
- Double click dds.pif to run the tool.
- When done, two DDS.txt's will open.
- Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:DDS.txtAttach.txt.
NEXTDownload
GMER Rootkit Scanner from
here or
here.
- Extract the contents of the zipped file to desktop.
- Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
Click the image to enlarge it
- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop, and post it in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Edited by CatByte, 05 September 2009 - 07:15 AM.