Jump to content

I'm infected - What do I do now?


exile360

Recommended Posts

Hello and welcome to Malwarebytes

Please print this topic and follow these basic steps first before posting any logs.

Our program, Malwarebytes' Anti-Malware can detect and remove most Malware with no further actions required for free.

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

    [*]Then click Finish.

    [*]If an update is found, it will download and install the latest version.

    [*]Once the program has loaded, select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad and if required the program will ask you to reboot to remove locked files.

We hope our application has helped you eradicate this malicious Malware.

If your current anti-virus solution let this infection through please consider purchasing the PRO version of Malwarebytes' Anti-Malware for additional protection.

Update your current Anti-Virus to the latest definitions and then perform a Full scan of your system.

If you don't currently have Anti-Virus please download and install Avira AntiVir Personal

Then update to the latest definitions and perform a Full scan of your system.

If you're still experiencing issues after running the above procedures then please follow the instructions below.

    Disable CD-ROM Emulation Software

      DeFogger - Disable

    • Please download the following tool
      DeFogger
      to your
      desktop
      .

    • Double click
      DeFogger
      to run the tool.

    • The application window will appear

    • Click the
      Disable
      button to disable your CD Emulation drivers.

    • Click
      Yes
      to continue

    • A
      'Finished!'
      message will appear

    • Click
      OK

    • DeFogger will now ask to reboot the machine - click
      OK

    • IMPORTANT!
      If you receive an error message while running DeFogger, please post the log
      defogger_disable
      which will appear on your desktop.

    • Do not
      re-enable these drivers until otherwise instructed.

      Download DDS and save it to your desktop from here or here or here
      Disable any script blocker, and then double click dds.scr to run the tool.

    • When done, DDS will open two (2) logs
      • DDS.txt

      • Attach.txt

      [*]
      Save both reports to your desktop.

      Download the following GMER Rootkit Scanner from here

    • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.

    • Double click on the new
      random named exe file
      you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run

    • It may take a minute to load and become available.

    • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on
      NO
      , then use the following settings for a more complete scan..

    • In the right panel, you will see several boxes that have been checked. Ensure the following are
      UNCHECKED

      • IAT/EAT

      • Drives/Partition other than Systemdrive
        (typically only C:\ should be checked)

      • Show All
        (don't miss this one)

      [*]
      Then click the Scan button & wait for it to finish.

      [*]
      Once done click on the
      [save..]
      button, and in the File name area, type in
      "ark.txt"
      or it will save as a .log file which cannot be uploaded to your post.

      [*]
      Save it where you can easily find it, such as your desktop

      [*]
      **Caution**
      Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

      [*]
      Click OK and quit the GMER program.

    Note:

    On Firefox you need to go to
    Tools/Options/Main
    then under the
    Downloads
    section, click on
    Always ask me where to save files
    so that you can choose the name and where to save to, in this case your Desktop.

      Copy/Paste the contents of 'DDS.txt' to be posted as text to your post
      The other two logs ...
      * attach.txt
      * ark.txt
      zipItB.gif
      ... should be zipped/archived before attaching to the post

    [*]Please start a New Topic here and not in the General forum; post the most recent Malwarebytes' Anti-Malware log file and DDS/GMER log files.

    [*]The Malwarebytes' Anti-Malware log file is located in the Logs tab of the program.

    DeFogger - Re-Enable (only run when instructed to when your system is clean again)
  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
  • IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.
  • Your Emulation drivers are now re-enabled.

Someone will analyze the logs and give you further instructions. Please DO NOT reply to another users post, create your own new post.

Prompt responses to instructions and performing the required fixes as soon as possible is always best.

During this scan and cleanup process you should not install any other software unless requested to do so.

Please see item #12 below as to who can help you, please ignore posts from others not authorized and their post will be removed.

Logs to reply with: MBAM and DDS/GMER

NOTE: If Malwarebytes won't run or DDS/GMER won't run please still create a new post in the Malware Removal - HijackThis Logs forum and explain what happens.

NOTE: Please DO NOT post back to your post within the first 48 hours. Replying to your own posts changes the post count and will often cause helpers to think that you're already being helped and thus they won't open and look at your post. If no one has replied within 48 hours then please go ahead and either reply to your post or send a private message to a Moderator and let them know that you're still needing assistance.

As soon as someone is available they will assist you.

Troubleshooting Tips

Please review some of the following potential fixes

  1. FAQ - Malwarebytes' Anti-Malware won't run or failed to resolve my issues
  2. MBAM will not install - Code 2 error, mbam.exe not found
  3. Windows Police Pro - MBAM will not install
  4. SystemSecurity - MBAM won't run
  5. Total-Security (FakeAlert) - MBAM won't run
  6. av360 (Fakealert) - MBAM won't run
  7. MBAM wont install or will not run.(CLB Rootkit-WinNT.Alureon) - TDSS/Seneka/GAOPDX/UAC/ovfst/kungsf/SKYNET/MSIVX/hjgrui/wzszx
  8. Error Code 732 - Internet Explorer 8, Possible Fix
  9. Basic procedures to prevent freezing in McAfee VirusScan Enterprise
  10. Basic procedures to prevent freezing in Trend Internet Security
  11. Fixes for common problems and Error Codes
  12. Windows Defender and/or UAC Notifications on Startup
  13. Groups authorized to help with HJT logs

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.