Just submitted a FAQ with some beginner steps for intial clean up:
The following is a beginners list of steps to take before posting a HJT log. I got this from some friends that are GURU's in this realm of work at another site.
Download and unzip or install these Programs / applications if you haven't already got them. If you have them, then make sure they are updated and configured as described
CWshredder from Spybot - Search & Destroy from AdAware 6 from
then
Run CWSHREDDER, check you have the current version, press check for update and let it update
Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only"
and let it do it's thing.
and make sure you follow the advice about the security updates listed at the bottom of the page, in order to prevent re-infection, otherwise you will be continually reinfected
the patches are :
*Note: The simplest way to make sure you have all the security patches is to go to Select Windows update and install all "Critical Updates & service Packs"
then reboot &
Run Sybot S&D
After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server
Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.
then reboot &
Run ADAWARE
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........
Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"
then......
click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"
then.........
go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and "Let windows remove files in use at next reboot"
then...... click "proceed" to save your settings.
Now to scan it´s just to click the "Scan" button.
When scan is finished, mark everything for removal and get rid of it. .(Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.
reboot again
Now, post a new hijackthis log so we can check what is left.
Terry
**************************
* General Disclaimor - Please read *
**************************
Please make sure your post is in the CORRECT forum, has a descriptive title, gives as much detail to the problem as possible, and has examples of expected results. This will enable me and others to help you faster...
The following is a beginners list of steps to take before posting a HJT log. I got this from some friends that are GURU's in this realm of work at another site.
Download and unzip or install these Programs / applications if you haven't already got them. If you have them, then make sure they are updated and configured as described
CWshredder from Spybot - Search & Destroy from AdAware 6 from
then
Run CWSHREDDER, check you have the current version, press check for update and let it update
Close all browser windows, click on the cwshredder.exe then click "FIX" (Not "Scan only"
and let it do it's thing.and make sure you follow the advice about the security updates listed at the bottom of the page, in order to prevent re-infection, otherwise you will be continually reinfected
the patches are :
*Note: The simplest way to make sure you have all the security patches is to go to Select Windows update and install all "Critical Updates & service Packs"
then reboot &
Run Sybot S&D
After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server
Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.
then reboot &
Run ADAWARE
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........
Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"
then......
click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"
then.........
go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and "Let windows remove files in use at next reboot"
then...... click "proceed" to save your settings.
Now to scan it´s just to click the "Scan" button.
When scan is finished, mark everything for removal and get rid of it. .(Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.
reboot again
Now, post a new hijackthis log so we can check what is left.
Terry
**************************
* General Disclaimor - Please read *
**************************
Please make sure your post is in the CORRECT forum, has a descriptive title, gives as much detail to the problem as possible, and has examples of expected results. This will enable me and others to help you faster...
