This thread provides information on malware removal, links to malware removal tools, and recommendations & links to anti-virus software. The intention of this thread is to provide quick and accurate support for malware-related issues and questions.
Many people here are willing to provide assistance if you're having computer problems, and this thread is not meant to discourage people from asking for help.... but, please read the information provided first, or else there's a good chance you'll be sent here, here, or here . We aren't Geek Squad, so while we won't grossly overcharge you for information and advice, we also aren't responsible for anything you do to your computer.
Also, feel free to make suggestions on the content of this post, and I'll try to keep it up to date.
Research
A lot of information can be found at this EliteKiller link, including...
Step 3 unzip the Kit, read the instruction file and run the tools in the order given.
Step 4 Thank me in about 3 hours for fixing your shit.
The Rogue Removal Kit is is a zipped file that includes malwarebytes, CCleaner (a registry cleaner that will also delete temporary files), Combofix, Hitman Pro, and HiJackThis (HiJackThis is optional, see below). The instructions guide you through running these tools in Safe Mode With Networking; then running malwarebytes and an online scanner in Normal Mode.
Some people don't recommend running Combofix unless you're fairly certain you need to use it, but I've never heard of people having major problems with it. Here's a list of symptoms to Vundo infections, which may help determine if you need to run Combofix. You can also look here to see instructions with screenshots on how to use Combofix.
Taken from the readme in the Rogue Removal Kit:
Quality Online Virus Scanners: (all scanners offer detection and removal)
My two cents on downloading anti-malware software...
Download it from another computer if possible, or from Safe Mode With Networking on the infected machine.
Verify you are downloading from a legit source and are not being redirected to a site where you'll end up downloading more malware. If you click on any links above, verify the link in the bottom left before clicking on it, then after clicking the link verify that's where you were taken in the address bar.
The elitekiller article mentions downloading the software to a USB drive. Do not download the software to a USB drive on the infected machine if you're not in Safe Mode, or else you risk infecting the USB drive and other computers you connect the drive to in the future.
Other Helpful Tips & Tools
Rkill will kill processes that may be preventing scanners from completely removing malware.
To get into Safe Mode With Networking, press F8 every couple of seconds while the computer is starting (before the Windows splash screen). If you see the Windows splash screen, you will need to try again. The safe thing to do is log into Windows, restart, and try pressing F8 several times before seeing the Windows splash screen. Alternatively, my advice that falls into the category of “what I'd do if it was my own computer, but wouldn't tell someone to do it if I worked in tech support” would be, if you didn't get into Safe Mode the first time and you're at the Windows splash screen, hold down the power button until the computer turns off. When you start the computer again, it should automatically ask you if you want to go into Safe Mode With Networking.
Still infected, or just want to make sure everything is okay?
HiJackThis is a tool that will create a log file that can be analyzed by geeks to see what is running on your computer. Install and run HiJackThis (preferably in Safe Mode With Networking), and select 'Do a system scan and save a log file'. You can then copy/paste the output to this thread, and with any luck, someone will stop by and let you know what you can delete. You can then checkmark the items in HiJackThis and click 'Fixed checked'.
If you don't get a quick response here or would rather do it yourself, you can also go to http://hijackthis.de/, which is an online analyzer for your HiJackThis log. Simply copy and paste the log into the text box and click the Analyze button. During my testing of the site, I found it wasn't perfect, especially when a proxy was setup (the visitor rating would be 'extremely nasty', but the site itself would say it was safe)... but, it's at least a good tool that can significantly shorten the time it takes to analyze the log, and it gives you an idea of which entries you can delete or at least Google/post here for further research.
You can also look at the responses to HiJackThis posts in this thread to get an idea of what is safe and what should be removed.
Windows Performance
A good starting point to knowing what processes and services are running on your computer is a HiJackThis log. There's also a lot of information that's only a Google search away.
To manage the process that start when Windows starts, use msconfig (Start button -> Run... -> msconfig -> Startup tab). This is a good resource on startup processes, and it includes a large database of startup processes with information on whether they're required to run Windows or if it's okay to uncheck them. You basically want processes that are in c:\Windows checked, and you can generally uncheck processes in c:\program files (but there are exceptions, like your antivirus), but do some research (Google, the provided links, this thread) if you're not sure. Adobe, Apple (including qttask, Boujour, AppleUpdater, etc), and any messenger program (unless you have it sign you in at startup) are always the first ones to get unchecked on my computer.
Services can be a little tougher to manage, because it's usually a much longer list, and it's not as simple as flipping them on or off. This is a great resource for managing Windows services (Start button -> Run... -> services.msc). Simply choose your version of Windows and then click on the Service Configuration link. It presents the default setup, a safe setup (what most people can use without any consequences), a tweaked setup for faster startup, and a bare bones setup for the super geek. There's also a Tweaks page for stuff like Adding/Removing programs and System Restore. [Reply]
so i turn hit the power button on my hp desktop and the fans spin and the lights light up, but nothing else happens. nothing on screen. is it toast? Posted via Mobile Device [Reply]
Originally Posted by KurtCobain:
so i turn hit the power button on my hp desktop and the fans spin and the lights light up, but nothing else happens. nothing on screen. is it toast? Posted via Mobile Device
Could be a video failure. Do you have another monitor around you could plug into the laptop? [Reply]
Originally Posted by :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:20:55 AM, on 11/28/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Never use a computer that you didn't install the operating system on...especially one that spits out log files that look like this.
Unless you installed LimeWire yourself from a known source (and even then using that network is asking for a vile note from your ISP or one of the record labels) I'd certainly consider it riddled with stuff that's part of a bonnet at this point. [Reply]
Followed the steps in the above link....rkill; malwarebytes; etc....Malwarebytes found it and I got it removed. Computer seems to be running fine now.
I've just rerun Malwarebytes a second time before doing another virus scan, here is a log of the files that it detects as malicious. Could someone in "the know" look at the files and make sure they are either A: malicious and need to be removed or B: normal and can be ignored on future scans.
I don't want to ignore something that I need to remove, and I definitely don't want to remove something that should be ignored.
Back up your data and reinstall windows. This is really the only way that you can be sure that all of this stuff is gone. "Good" malware will avoid all of these tools.
This is another reason to keep your data separate and constantly backed up so reinstalling windows isn't that big of a deal.
Originally Posted by :
Back up your data and reinstall windows.
Seriously. Malware is designed in many instances to steal login credentials and other sensitive information. It's foolish to rely on free tools which may or may not be completely effective to remove this crap. Once that's done, try to figure out what you did to get infected and stop doing that. Here are some other thoughts on how to avoid this situation entirely.
0. Back up your data so that reinstallation or hardware failure isn't so hard to recover from. If you don't have three copies (one working, one local backup, one offsite backup) then you're at risk of losing data.
1. If you can avoid using Windows, do so.
2. If you have to use Windows, use Windows 7.
3. Don't use IE. Chrome is a nice alternative.
4. Install Ad-Block extensions to any browsers that you use.
5. If you insist on installing Flash, use the Click-to-Flash extension. This way you're only loading flash content you actually want to see. The only way I run Flash is through Chrome which has it's own sandboxed version.
6. Install all of your system updates when they become available including Flash and Acrobat.
7. Stop using Windows. Mac hardware isn't as comparatively expensive as it used to be. What's your time worth? Is wrestling with constant malware infections and account compromises really worth saving a couple hundred bucks on a computer? [Reply]
Microsoft this week released a beta version of what appears to be a very useful tool: An offline version of its Windows Defender anti-malware solution. This tool can help final and remove malicious software, much like the version built into Windows. But because it can be installed to CD, DVD, or USB flash drive, it can be run in offline mode, when the Windows OS isn't running. And that makes it more effective, since many exploits, like rootkits, are hard to remove when Windows is running.
You can find the Windows Defender Offline Beta on the Microsoft web site. You'll need a blank CD, DVD, or a USB flash drive you don't mind formatting. There are basically two downloads that need to occur; the tiny installer and then a later 214 MB Setup package that is expanded and copied onto the media. This package includes all the files needed to boot your PC plus the Windows Defender Offline tool itself.
To use the tool, you need to reboot your PC from the created optical disk or USB flash drive. (This could require interrupting the boot process and choosing a different boot device, of course.) The interface is straightforward and basically resembles a full-screen version of Windows Defender, giving you a chance to perform Quick, Full, and Custom scans of the underlying PC.
Intriguingly, this tool also appears to be based on the Windows 8 version of Windows Defender, in that it provides both spyware and anti-virus scanning. [Reply]
Microsoft this week released a beta version of what appears to be a very useful tool: An offline version of its Windows Defender anti-malware solution. This tool can help final and remove malicious software, much like the version built into Windows. But because it can be installed to CD, DVD, or USB flash drive, it can be run in offline mode, when the Windows OS isn't running. And that makes it more effective, since many exploits, like rootkits, are hard to remove when Windows is running.
You can find the Windows Defender Offline Beta on the Microsoft web site. You'll need a blank CD, DVD, or a USB flash drive you don't mind formatting. There are basically two downloads that need to occur; the tiny installer and then a later 214 MB Setup package that is expanded and copied onto the media. This package includes all the files needed to boot your PC plus the Windows Defender Offline tool itself.
To use the tool, you need to reboot your PC from the created optical disk or USB flash drive. (This could require interrupting the boot process and choosing a different boot device, of course.) The interface is straightforward and basically resembles a full-screen version of Windows Defender, giving you a chance to perform Quick, Full, and Custom scans of the underlying PC.
Intriguingly, this tool also appears to be based on the Windows 8 version of Windows Defender, in that it provides both spyware and anti-virus scanning.
This would be encouraging if Windows Defender actually did anything useful.
Save your flashdrives/dvds for a useful tool(s), like Hirens or UBCD. [Reply]