Hello and welcome to Geeks to Go! I'm Dave and I'll be helping you out. Let's get started:
Please go to the
GMER Rootkit Scanner Download Site.
- Click on the Download EXE button.
- The file you are downloading will have a random name in order to circumvent the attempts of malware to block it from running.
- Take note of the name of the file (please don't change it), and then save it directly to your desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.Double-click on the file you downloaded (Vista users please right-click it and select
Run as Administrator). The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
- Click NO
- In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure that the "Show all" box is un-checked.
- Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity, don't worry. - Click Ok.
- GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
- Save it to a location where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Then:Please visit this webpage for download links and instructions for running ComboFix:
http://www.bleepingc...to-use-combofixClick on any of the links at that website to download ComboFix. At the window that appears, please change the name of the file from
ComboFix.exe to
svchost.exe. This name is important and must be exactly as I have given it to you here. Once you have changed the name, save the renamed file directly to your desktop.
Return to the above link and continue with the instructions provided there for running ComboFix. Be sure that you read
ALL of the instructions on that page very carefully and follow them exactly. It is particularly important to disable all your protection programs before running ComboFix. If you need further help figuring out how to disable a specific program look
here. Installing the recovery console if you're running an XP machine is another critical step. By following the directions in that guide closely, you give ComboFix the best chance at a successful run and minimmize the likelihood of having potentially serious problems occur after an attempted removal of malware.
Once the program has finished running its log should pop up automatically, or if for some reason you lose it it can found at
C:\ComboFix.txt. Please post the log's contents in your next reply.
Just need the logs from GMER and ComboFix in your next reply.
Cheers,
Dave