- Download the following self-extracting file smitRem.exe and save the file to your DESKTOP.
- Double click the Smitrem.exe icon on your Desktop.
- Then click Run>Start and a Smitrem folder will apear on your desktop also.
- Place a shortcut to Panda ActiveScan on your desktop.
- Download the trial version of Ewido Security Suite
- Please read Ewido Setup Instructions
- Install the program
- Update the definitions to the newest files.
- DO NOT RUN IT YET
- Install Ad-Aware SE 1.06, follow these download and setup instructions.
- Ad-Aware SE Setup
- Update the definitions
- DO NOT RUN IT YET
- REBOOT your computer in SafeMode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode.
- Now open HJT, click SCAN and place a checkmark next to each of the following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebsl...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebsl...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebsl...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebsl...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebsl...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hp7063.tmp
O16 - DPF: {416792D8-F532-493A-BECC-1C99A1501FF9} (vmLaunch Class) - http://media2.comcas...vmLauncher2.cab
- Click the Fix Checked box and EXIT HJT
- Using Windows Explorer, please locate and DELETE the following files/folders (with all their content), if they are still present:
C:\WINDOWS\system32\hp7063.tmp
- Open the smitRem folder
- Double click the RunThis.bat file to start the tool.
- Follow the prompts on screen.
- Wait for the tool to complete and disk cleanup to finish.
NOTE:The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
- Open Ad-aware and do a full scan. Remove all it finds.
- Run Ewido:
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- NOTE: During some scans with ewido it is finding cases of false positives.
- You will need to step through the process of cleaning files one-by-one.
- If ewido detects a file you KNOW to be legitimate, select none as the action.
- DO NOT select "Perform action on all infections"
- If you are unsure of any entry found select none for now.
- When the scan is finished, click the Save report button at the bottom of the screen.
- Save the report to your desktop
- Close Ewido
- Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.
- REBOOT back into Normal Mode
- Click the Panda ActiveScan shortcut
- Do a full system scan.
- Make sure the autoclean box is checked!
- Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Regards,
Trevuren