Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan:Win32/Danmec.gen!A [Solved]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It changes it to unallocated space

This is where the malware files are residing, probably just 1 or 2 Mb
  • 0

Advertisements


#17
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts
Can you please clarify what you mean by unallocated space? My boss (his computer) is worried that if we partition the 10 gigs he will lose everything... Can you please advise?

Edited by s0nginmyheart, 16 January 2012 - 05:25 PM.

  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Certainly...

At the moment the 10 Gb partition contains the malware files and nothing else, hence the 100% free indication on it
It is marked as the Active partition therefore it will always boot from there and activate the malware
Deletion of the partition and then fixing the MBR will then remove that threat
The space which is then unallocated (10 Gb ) can then be merged into either the C or D drive - your choice
On the other system it is a more normal 2Mb size, so it appears to have found the 10Gb partion free for its own use. So it was probably previously unallocated
  • 0

#19
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts
When I click on gparted-live-0.10.0-3.iso , there is a message that says the file could not be found or is unavailable. Please select another file.
There is an alternate link that says "Looking for the latest version? Download gparted-live-0.11.0-7.iso (119.8 MB)". Should I download this one?

Also, so I understand right... you want me to create these discs on another (clean) computer, but boot the discs on the infected computer correct?

Thanks for your patience and helping me/us work this out. Many thank yous!


Well it does look as though it is the large one

[attachment=55402:diskmgmt.jpg]

Preferably from a clean computer, I need you to download: gparted-live-0.10.0-3.iso (115.1 MB)
Windows XP Recovery Console rc.iso

Create a bootable CD, 1 for Gparted and 1 for the Windows XP Recovery Console, from the ISO images. You can use ImgBurn do this.

Now boot off of the newly created Gparted CD.


  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye take that copy please - they must have updated the programme - I will check.

Ideally all burns should be done on a different computer as this malware has been know to corrupt the burn
  • 0

#21
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts
I am stuck at this step. I tried to boot from the Recovery CD but it put me in to another screen asking if I wanted to repair from a Windows Recovery CD (press R and Enter) and I did... and then it asked which drive (C:\Windows) and then it asks for an administrator password which was not accepting the user+password combination we have set for the admin user. I am doing something wrong, please advise.

Edit: I just hit 'enter' at the password prompt. When I did that, another line came up:

C:\

and I entered in the first line below (fixmbr \Device\HardDisk0) but don't know how to enter in the 2nd and 3rd line. Or do I do those one at a time? When I do hit 'enter' after the first line, this message pops up:

This computer appears to have a non-standard or invalid master boot record
FIXMBR may damage your partition tables if you proceed
This could cause all the partitions on the current hard disk to become inaccessible.
If you are not having problems accessing your drive, do not continue.
Are you sure you want to write a new MBR?


Please advise on next steps.

Now reboot from the Windows XP Recovery Console CD and execute the following commands:

  • fixmbr \Device\HardDisk0
  • fixboot c:
  • exit

Once back in Windows.

Download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Attach that file.


Edited by s0nginmyheart, 18 January 2012 - 10:50 AM.

  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm I suppose it may be a tad confusing I will rectify that

At the C prompt type the following commands :

fixmbr \Device\HardDisk0
Press enter and accept the warnings

fixboot c:
Press enter

exit
Press enter

Return to normal windows
  • 0

#23
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fd

Kernel Drivers (total 137):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xB9F48000 fltMgr.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F29000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F03000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9EEB000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9ED9000 sr.sys
0xB9E9C000 PCTCore.sys
0xB9E45000 pctDS.sys
0xB9DA0000 pctEFA.sys
0xB9D8D000 TfSysMon.sys
0xB9D7C000 TfFsMon.sys
0xBA0F8000 PxHelp20.sys
0xB9D65000 KSecDD.sys
0xB9CD8000 Ntfs.sys
0xB9CAB000 NDIS.sys
0xBA108000 sbp2port.sys
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9C91000 Mup.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8DD9000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB8DC5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8D9D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8D83000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8D5F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA400000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA408000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8D4B000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA308000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA410000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA318000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA158000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8D28000 \SystemRoot\system32\DRIVERS\ks.sys
0xB93EC000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA5D0000 \SystemRoot\system32\DRIVERS\serscan.sys
0xBA74C000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB93DC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9C6D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8D11000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB93CC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB93BC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA418000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8D00000 \SystemRoot\system32\DRIVERS\psched.sys
0xB93AC000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA420000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA428000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA430000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB8CD0000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB939C000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA438000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5D2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8C4A000 \SystemRoot\system32\DRIVERS\update.sys
0xB9C51000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB938C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA7D93000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA7D6F000 \SystemRoot\system32\drivers\portcls.sys
0xB936C000 \SystemRoot\system32\drivers\drmk.sys
0xBA208000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5F4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA4A8000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xA6706000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xA5EB1000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xBA390000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA654000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA744000 \SystemRoot\System32\Drivers\Null.SYS
0xBA656000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA398000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3A0000 \SystemRoot\System32\drivers\vga.sys
0xBA658000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA65A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA8911000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xA5DF6000 \SystemRoot\system32\drivers\InCDFs.sys
0xBA3A8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3B8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA890D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA5D8E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA5D35000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA5D0F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA5CD3000 \??\C:\WINDOWS\system32\drivers\pctgntdi.sys
0xA6494000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA5CAB000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA7D53000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA5C61000 \SystemRoot\System32\drivers\afd.sys
0xA6484000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA5C36000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA5BC6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA3C0000 \SystemRoot\system32\drivers\InCDPass.sys
0xA6464000 \SystemRoot\System32\Drivers\Fips.SYS
0xA7D4F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA6454000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA3C8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA7D4B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA68A7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA6413000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA5B5E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5CC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA5EA9000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3F0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7BE000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1D9000 \SystemRoot\System32\igxpdx32.DLL
0xBF459000 \SystemRoot\System32\ATMFD.DLL
0xA5AD6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA57E7000 \SystemRoot\system32\drivers\wdmaud.sys
0xA6817000 \SystemRoot\system32\drivers\sysaudio.sys
0xA5652000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA66A000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA6877000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xA5442000 \SystemRoot\system32\DRIVERS\srv.sys
0xA3B06000 \SystemRoot\System32\Drivers\HTTP.sys
0xA3C0F000 \??\C:\WINDOWS\gdrv.sys
0xA3717000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA5B7E000 \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E572A28A-0C7F-4539-8FFD-7CF229382A0B}\MpKsl6ef7a8be.sys
0xA3534000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 57):
0 System Idle Process
4 System
680 C:\WINDOWS\system32\smss.exe
732 csrss.exe
756 C:\WINDOWS\system32\winlogon.exe
800 C:\WINDOWS\system32\services.exe
812 C:\WINDOWS\system32\lsass.exe
988 C:\WINDOWS\system32\svchost.exe
1052 svchost.exe
1172 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1208 C:\WINDOWS\system32\svchost.exe
1332 svchost.exe
1452 svchost.exe
1680 C:\WINDOWS\system32\spoolsv.exe
384 svchost.exe
524 C:\WINDOWS\explorer.exe
532 C:\Program Files\LSI SoftModem\agrsmsvc.exe
548 C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
636 C:\Program Files\Gigabyte\EasySaver\essvr.exe
672 C:\Program Files\Citrix\GoToMyPC\g2svc.exe
1016 C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
996 C:\Program Files\Citrix\GoToMyPC\g2comm.exe
1280 C:\Program Files\Citrix\GoToMyPC\g2pre.exe
1288 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1396 C:\Program Files\Citrix\GoToMyPC\g2tray.exe
2056 C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
2144 C:\Program Files\Common Files\Motive\McciCMService.exe
2276 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
2420 C:\WINDOWS\RTHDCPL.exe
2548 C:\WINDOWS\system32\igfxpers.exe
2696 C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE
2708 C:\WINDOWS\system32\igfxsrvc.exe
2844 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
2968 C:\WINDOWS\system32\hkcmd.exe
3056 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3104 C:\Program Files\Microsoft Security Client\msseces.exe
3172 C:\WINDOWS\system32\svchost.exe
3308 C:\Program Files\PC Tools Security\BDT\FGuard.exe
3316 wdfmgr.exe
3412 C:\WINDOWS\system32\ctfmon.exe
3560 C:\WINDOWS\system32\searchindexer.exe
3596 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
3688 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
3836 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
3884 C:\WINDOWS\system32\fxssvc.exe
3932 C:\Documents and Settings\steve\Application Data\Dropbox\bin\Dropbox.exe
220 C:\WINDOWS\system32\wuauclt.exe
2572 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
2864 wmiprvse.exe
3360 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
3160 C:\WINDOWS\system32\searchprotocolhost.exe
3756 alg.exe
4184 searchfilterhost.exe
4912 C:\Program Files\Internet Explorer\iexplore.exe
5412 C:\WINDOWS\system32\searchprotocolhost.exe
5828 C:\WINDOWS\system32\wscntfy.exe
5892 C:\Documents and Settings\steve\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000007`52c5e000 (NTFS)
\\.\H: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST31000333AS, Rev: CC1F
PhysicalDrive1 Model Number: ST31000333AS, Rev: CC1F
PhysicalDrive2 Model Number: MaxtorOneTouch, Rev: 0121

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
931 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK the redirects should have gone, you should have all the files/folders and icons back

What are the current problems on this system ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#25
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts
All seems to be working fine. Thank you, thank you! What do we need to do to restore the 10gigs we partitioned or was that already done?

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.18.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
steve :: STEVE-E192E14C2 [administrator]

1/18/2012 1:15:25 PM
mbam-log-2012-01-18 (13-15-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193116
Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\steve\Local Settings\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\steve\Local Settings\Temp\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\steve\Local Settings\Temp\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Bear with me just going to flash up my XP VM for some screen shots
  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK numpty forgot that XP does not have this facility it is only on Vista and 7

Rather than use the command line tool which is unforgiving of any errors

So we will use the free Easus Partition manager which will do it from within windows

Download Easus Partition Master
And install

Instructions on how to extend the other drive to encompass the unallocated partition are here

Once done let me know of any problems - If you are happy I will remove my tools and tidy up
  • 0

#28
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts
Thanks! I "extended" the C: drive with the unallocated 10 gigs.

I don't think I was supposed to do anything with the F: and G: drives though.

Posted Image
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No thats good, the thing is that this malware if it finds any unallocated space it will gobble it up for itself . But now your boss has more space.. We win all round :lol:



Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#30
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts
You are amazing! Thank you so much! We will monitor over the next day and let you know if there are any additional issues. Thank you again!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP