If it's your first time here, welcome to Geeks to Go! You must register (free) and be logged in to access some of the download links provided below.

Malware (Spyware, Adware, Trojans, Viruses) are every increasing in their frequency, and abilities to disguise themselves. This forum is a resource for removal of these unwanted pests. Following is a guide that will help you to remove many of the most common problems, and allow us to help you most efficiently. It may look daunting, but shouldn't take long to complete.

Please remember, people are helping you for FREE. Be patient, somebody will help you as soon as they become available. We all have REAL jobs, families, have other interests, and may live half way around the world. Plus, there may be people in front of you waiting for help. Following these steps will lighten our work load, and allow us to help more members. Do not 'bump' your topic. We work older topics first. If it's been three days without a reply, create a new topic in our special waiting room (must be logged in to view).

The reality is that Hijack This logs are getting more complicated, require more time to analyze, and the infections are more difficult to remove -- often requiring a multi-step process. Anything that you can do to help us before posting a log is greatly appreciated. Please acknowledge that you've followed these required steps (or our first reply will likely direct you here).

Finally, please follow your thread to a conclusion. Helpers like to know your issue is resolved, and they will post a "your clean" speech with instructions and advice on preventing future infections. If you fail to conclude the thread, your system may not be completely clean, and it may be vulnerable to future infections.

Self-help removal guides for many common infections can be found here: (including these):
How to remove Outerinfo
How to remove Trojan.Zlob-X.a - IEDefender
How to remove trojan.w32.looksky
How-to remove Winfixer, Virtumonde, Msevents, Trojan.vundo (ATLDistrib object)
How-to remove SpyAxe, SpywareStrike, SpySheriff, Winhound, Smitfraud

Preparation: These initial steps will remove temporary files and make the malware scans that follow run faster.

ATF Cleaner - Download - Homepage

1. Double-click ATF-Cleaner.exe to run the program.
2. Under Main choose: Select All
3. Click the Empty Selected button.
   1. If you use Firefox browser
      • Click Firefox at the top and choose: Select All
      • Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click No at the prompt.
   2. If you use Opera browser
      • Click Opera at the top and choose: Select All
      • Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

System Restore (Windows XP and ME only)
Create a new System Restore point.

1. Create a New System Restore Point:
   1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
   2. On the Welcome page, click Create a restore point.
   3. On the Create a Restore Point page, enter a descriptive name for your restore point, and then click Create.

If you have anything disabled by MSConfig or any other startup manager, please re-enable them before running any scans, or posting a Hijack This log.

Step One: Scan for Spyware/Adware
Note: No single program removes every threat. A multi-prong approach is best.
Malwarebytes' Anti-Malware (for Windows 2000, XP, Vista ONLY) - Download Free Version (freeware) - Homepage
MBAM has been very effective at helping remove some of the more difficult infections.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
  
  
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  
  
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. The rogue application should now be gone.

When completed, a log will open in Notepad. If you need to post a HijackThis log, please paste this log with it.

SUPERAntiSpyware Home Edition (free version) – Download - Home Page

1. Install it and double-click the icon on your desktop to run it.
2. It will ask if you want to update the program definitions, click Yes.
3. Under Configuration and Preferences, click the Preferences button.
4. Click the Scanning Control tab.
5. Under Scanner Options make sure the following are checked:
   1. Close browsers before scanning
   2. Scan for tracking cookies
   3. Terminate memory threats before quarantining.
   4. Please leave the others unchecked.
   5. Click the Close button to leave the control center screen.
6. On the main screen, under Scan for Harmful Software click Scan your computer.
7. On the left check C:\Fixed Drive.
8. On the right, under Complete Scan, choose Perform Complete Scan.
9. Click Next to start the scan. Please be patient while it scans your computer.
10. After the scan is complete a summary box will appear. Click OK.
11. Make sure everything in the white box has a check next to it, then click Next.
12. It will quarantine what it found and if it asks if you want to reboot, click Yes.
13. To retrieve the removal information for me please do the following:
    1. After reboot, double-click the SUPERAntispyware icon on your desktop.
    2. Click Preferences. Click the Statistics/Logs tab.
    3. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    4. It will open in your default text editor (such as Notepad/Wordpad).
    5. Please highlight everything in the notepad, then right-click and choose copy.
14. Click close and close again to exit the program.
15. Save the log information. If needed (still infected) paste this info along with your HijackThis log.

Step Two: Viruses/Trojans
Even the best antispyware programs are only able to remove about 70% of infections. Also, the line between spyware and trojans is getting blurred. To getting a deeper look at what is hiding on your system run the following online virus scan and post the results in your topic.

Online - Panda Activescan.

1. Once you are on the Panda site click the Scan your PC button
2. A new window will open...click the Check Now button
3. Enter your Country
4. Enter your State/Province
5. Enter your e-mail address and click send
6. Select either Home User or Company
7. Click the big Scan Now button
8. If it wants to install an ActiveX component allow it
9. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
10. When download is complete, click on My Computer to start the scan
11. When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report if you start a topic for assistance.

Step Three: Windows Updates
Windows Update - Homepage - Download SP1a
An unprotected, unpatched Windows XP installation will get infected within minutes of connecting to the Internet. Because of this, we'll require you to do install critical updates before providing assistance in our forums. If not, we're both just wasting our time.

SP2 NOTE: Windows XP Service Pack 2 (SP2) has terrific security features, and we highly recommend everyone install it, however it should not be installed until your system is free from malware. Installing SP2 with malware present can cause many compatibility problems, or even prevent your computer from restarting. If your system has a malware infection, or if you're unsure, use the SP1a download link above.

Step Four: Reboot - Test
The tools above will completely clear malware from the majority of systems. Test your system to see how it's working.

If you're still having problems, continue to the next step. Otherwise, check out this article on how to prevent future Spyware/Hijack attacks.

Step Five: Posting a Hijack This Log
Hijack This - Download.

Automated tools are not always successful at removing malware from your system. Some infections may generate random files names, are too new, or use other tricks to avoid detection.

HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers. Some items are perfectly fine. You should not remove them. Never remove everything. Doing that could leave you with missing items needed to run legitimate programs and add-ins.

This section is designed to help you produce a log, post the log into the Forum and finally remove the items as directed by the Member helping you. This involves no analysis of the list contents by you. That will be done by the Geeks to Go Staff.

If you have run any malware removal software (Ad-aware, Ewido, SuperAntiSpyware…), please reboot before scanning.

If you have not already done so download and install HijackThis.

If you downloaded the file here, it’s self-installing. Simply download to your desktop or other convenient location, and run HJTInstall.exe to install. Once installed open HijackThis by clicking Start -> Program Files -> HijackThis.

This is how HijackThis looks when it first opened.
1. Click the button labeled Do a system scan and save a logfile.




2. HijackThis will quickly scan your system, and then open two new windows. The results of the HijackThis scan, and hijackthis.log in Notepad. Save hijackthis.log. By default it will be saved to C:\Program Files\Trend Micro\HijackThis, or you can chose “Save As…”, and save to another location.




Hijackthis.log contains the info that’s required to receive analysis and assistance. Highlight the entire contents. Copy and paste the contents into your post, along with a complete description of your problem(s). DO NOT fix anything. Wait for help.

It will also be helpful to provide an uninstall list as well

• Start HijackThis
• Click on the Config button
• Click on the Misc Tools button
• Click on the Open Uninstall Manager button.
• You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your topic please

Return to the Forum and reply to your original post (or start a new thread in the Malware Removal Forum). Copy the entire contents of the Notepad file that opened, and paste it into your post. Then, wait for a Staff member to reply to your thread with instructions.

Additional Copy and Paste Instructions
Having problems with cut and paste? Open the text file. Go to the Toolbar of your text editor, Notepad for example and click Edit. Move the mouse down to Select All and click on Select All to highlight the text. Go back to Edit again and move the mouse down to Copy. Click Copy. Go to the Forum and reply to your original post. When the page opens, click on an empty space in the reply window with your mouse to set focus for the paste operation. Finally, hold down the Ctrl button and click the letter v on the keyboard to paste the text into your post.

Mark Items for Removal
Once you have received advice on what should be removed, reopen HijackThis. This time, click the Do a system scan only button. You have changed nothing and this scan result will be the same as the first. Place a check-mark in the box in front of each item you plan to remove. In this example, there are three items marked for removal.

Click the Fix checked button.
A confirmation box will appear. Click Yes. HijackThis will now remove the checked items.

Click Here to Download HijackThis
(NOTE: You must register and be logged in to download files.)

Hijack This Forum Rules:

* Pease stay with your original topic when posting follow ups.
* The "Topic Title" should contain the name of the infection that you are having a problem with e.g. WinTools, http://...sp.html etc. Use the "Topic Description" to include more details. This will help you get faster responses as some people are more familiar with certain infections.
* Tell us if you're having any problems, and please be specific. Let us know what you've already done to fix it (if anything).
* If you do not understand a step, do not panic, simply ask for direction and information. We will offer any advice necessary to help you.
* Please only post your topic once. Duplicate posts will be closed, and just create additional work for the staff members trying to help you.

Click Here if not yet registered. Click Here to start a new topic and paste your log.

If you would like to learn more about reading HJT logs and help us by becoming a member of the staff, please click here. If you're already an expert, and would like to help, please PM the admin.

Please acknowledge that you've followed these required steps (or our first reply will likely direct you here). Please be patient, let us know the results, and remember to thank the helper assisting you.

Printable View

Thanks!
--
Geeks to Go Malware Team

This post has been edited by admin: May 10 2008, 04:12 PM