The following is a beginners list of steps to take before posting a HJT log. I got this from some friends that are GURU's in this realm of work at another site.
Download and unzip or install these Programs / applications if you haven't already got them. If you have them, then make sure they are updated and configured as described
Hijack This from http://tomcoyote.com/hjt/
CWshredder from http://www.majorgeeks.com/download4086.html
Spybot - Search & Destroy from http://security.kolla.de
AdAware 6 from http://www.lavasoft.de/support/download/
Spyware Blaster from http://www.javacoolsoftware.com/spywareblaster.html
Spyware Guard from http://www.javacoolsoftware.com/spywareguard.html
then
Run CWSHREDDER, check you have the current version, press check for update and let it update
Close all browser windows, click on the cwshredder.exe then click FIX (Not Scan only) and let it do it's thing.
and [color red]make sure you follow the advice about the security updates listed at the bottom of the page, in order to prevent re-infection, otherwise you will be continually reinfected[/color]
the patches are :
http://support.microsoft.com/default.aspx?kbid=828026
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-011.asp
*Note: The simplest way to make sure you have all the security patches is to go to http://v4.windowsupdate.microsoft.com/en/default.asp
[color red]Select Windows update[/color] and install all Critical Updates & service Packs
then[color red] reboot [/color]&
Run Spybot S&D
After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server
Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.
then [color red]reboot [/color]&
Run ADAWARE
Before you scan with AdAware, check for updates of the reference file by using the webupdate.
Then ........
Make sure the following settings are made and on -------[color green]ON=GREEN[/color]
From main window :Click Start then Activate in-depth scan
then......
click Use custom scanning options>Customize and have these options on: Scan within archives, Scan active processes, Scan registry, Deep scan registry, Scan my IE Favorites for banned URL and Scan my host-files
then.........
go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick Unload recognized processes during scanning ...........then........Cleaning engine and Let windows remove files in use at next reboot
then...... click proceed to save your settings.
Now to scan it¦s just to click the Scan button.
When scan is finished, mark everything for removal and get rid of it. .(Right-click the window and choose select all from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.
[color red]reboot [/color]again
Now, post a new hijackthis log so we can check what is left.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.