Download hijack this from the link below.Please do this. Click here:
to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.
Download FixSF.reg to your desktop by right clicking on the following
link and then selecting Save Link As or Save File as, depending on your
browser.
Go to your desktop and double click on the FixSF.reg file that you
downloaded earlier. When it asks if you would like to merge the
information, press the Yes button and then the OK button.
Go to add/remove and uninstall spyfalcon!
Find the entry for SpyFalcon and double-click on it. Follow the prompts to uninstall the program, but do not allow it to reboot the computer if it asks.
When it has completed uninstalling you can close Add or Remove Programs and your Control Panel.
Delete the following files and folders (Do not be concerned if this folder does not exist):
C :\Windows\System32\dxmpp.dll
C:\Program Files\SpyFalcon\
* Click here to download smitRem.zip.
* Save the file to your desktop.
* Unzip smitRem.zip to extract the two files it contains.
* Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
*Download Cleanup from Here
* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* DO NOT RUN IT YET
* Download the trial version of Ewido Security Suite.
* Install ewido.
* During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Launch ewido
* It will prompt you to update click the OK button and it will go to the main screen
* On the left side of the main screen click update
* Click on Start and let it update.
* DO NOT run a scan yet. You will do that later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know how.
* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.
* Restart your computer into safe mode now. Perform the following steps in safe mode:
* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
* Run Ewido:
* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
* Run Cleanup:
* Click on the "Cleanup" button and let it run.
* Once its done, close the program.
* Go to Control Panel > Internet Options. Click on the Programs tab
then click the "Reset Web Settings" button. Click Apply then OK.
* Next go to Control Panel > Display. Click on the "Desktop" tab then click
the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you
should see an entry checked called something like "Security info" or similar.
If it is there, select that entry and click the "Delete" button. Click OK
then Apply and OK.
* Restart back into Windows normally now.
Run an online antivirus check from
* Run ActiveScan online virus scan here
When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!
post another hijack this log, the ewido and active scan logs and
the contents of smitfiles.txt from the smitRem folder
Member of ASAP Alliance of Security Analysis Professionals
under the name khazars
