Hi
Please don't bump your topics as it makes it harder for us to see that there are no replies.
Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
- Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
- Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
- NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
You may also want to
Track This Topic. This feature of the forum will send out an email to the email address you've signed up with as soon as I reply, so you can be notified of my reply. To do this, please locate the
Options menu, located just under the
New Topic and
New Reply icons. Once you've found it, click it, and choose
Track This Topic from the dropdown menu (the first option). In the page that appears after you have clicked
Track This Topic, select
Immediate Email Notification, then click
Proceed.
In first glance there is nothing wrong with the machine, however there are the remains of Vundo and several files that indicate the newest variant of Vundo 'visited' your computer. Let's delete some files and get an online scan.
Step1 : Deleting files with OTMoveItPlease
download the
OTMoveIt2 by OldTimer.
Please note: If you already have OTMoveIt on your system, please replace it with this newer version.If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose
Yes.Step2 : Correcting orphaned entries with HijackThisPlease re-open HijackThis and click
Scan. Put a check next to the following entries presented in the window: (Do
NOT click Fix yet!)
O2 - BHO: {3b44e8c1-ed86-04cb-de34-516ac5b8068c} - {c8608b5c-a615-43ed-bc40-68de1c8e44b3} - C:\WINDOWS\system32\nvvxmtgq.dll (file missing)
Now,
close all other windows but HijackThis, including Explorer windows (folders) and this window, and click
Fix.
Note: It is vital you close all other windows, otherwise the fix will not succeed.Step3 : Online Scan with KasperskyPlease do an online scan with
Kaspersky WebScannerClick on
AcceptYou will be promted to install an ActiveX component from Kaspersky, Click
Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Archives
Scan Mail Bases - Click OK
- Now under select a target to scan:Select My Computer
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
SummaryIn your next reply, please include the following:- New DSS log - it will only produce main.txt - please post it and not attach it if possible.
- Kaspersky Log.
Regards,
Tal