Piriform Community Forums > BEFORE YOU POST !

Piriform Community Forums > Computer Help and Discussion > Spyware Hell

Rorschach112

Jan 27 2009, 02:24 PM

Welcome to Piriform.com

Before we can help you, we need you to help us by completing the following procedure.

Step 1 : Preparation

Please download The Comedian.exe to your desktop

Double click the program to run it. It will only take a few minutes to run.
It will do a series of tasks and tell you when each one is finished.
You will be prompted to press any key after each step
Once it is finished, it will remove itself.

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Step 2 : Cleaning

Now for a scan to remove malware :

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Reboot your PC and run a full scan with your anti-virus program. This scan along with Malwarebytes should remove most malware.

If your problem remains after this, go onto the next step.

Step 3 : Post on the forum

Peer-to-peer programs/cracks/keygens/warez :

Downloading cracks and keygens from p2p programs ( Limewire, eMule, uTorrent ) is the most common way of how people get infected. We do not support the use of illegal software, that is why if you wish to get help on the forums, ALL p2p programs, cracks and keygens must be removed before posting. Failure to do so will result in your helper refusing to help you until they are completely removed.

If you download cracks you will get infected, that is a guarantee. We wont be here to help you every time, users who keep getting infected from using p2p programs will have to reformat, so use some common sense and avoid illegal software as they always contain spyware. It just isn't worth it.

Now for the scans we need to get your PC clean. Make sure to post all these.

Download Rooter.exe to your desktop

Then doubleclick it to start the tool
A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

Download LockSearch to your desktop

A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply

Download CKScanner from here

Important : Save it to your desktop.

Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Download RootRepeal.zip or from here and unzip it to your Desktop.

Double click RootRepeal.exe to start the program
Click on the Report tab at the bottom of the program window
Click the Scan button
In the Select Scan dialog, check:
- Hidden Services
Click the OK button
In the next dialog, select your main drive, usually C:\
Click OK to start the scan
Note: The scan can take some time. DO NOT run any other programs while the scan is running
When the scan is complete, the Save Report button will become available
Click this and save the report to your Desktop as RootRepeal.txt
Post that log in your topic

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Then go to the Malware Removal forum here and post your MBAM, Rooter, LockSearch, CKScanner, RootRepeal, and OTL logs in a topic there. If you know the name of your infection put this in your topic title. Please do not make multiple topics as this will waste helpers time, have some patience as your log will get handled eventually.

If you don't follow the steps in this topic and go straight to the Malware Removal forum, our first reply will be to send you back here. These steps are designed to help fix a lot of cases and get important things done from the start, it will save us all time.

Warning :

DO NOT follow advice from a topic other than your own. Other topics may have similar problems but please do NOT follow the advice given. Doing so will/can cause your PC some damage. ALL PC's have different situations. I cannot and will not stress this any more.

DO NOT run any tools used on the forum here unless instructed to by a helper, otherwise you may damage your PC

DO NOT attach the logs, please post them in your topic.

Regards

The Piriform Staff

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.