Jump to content


Photo

I'm infected - What do I do now?


  • This topic is locked This topic is locked
No replies to this topic

#1 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,016 posts
  • Gender:Male

Posted 10 April 2011 - 02:27 AM

Hello and welcome to Malwarebytes

Please print this topic and follow these basic steps first before posting any logs.

Our program, Malwarebytes' Anti-Malware can detect and remove most Malware with no further actions required for free.
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and if required the program will ask you to reboot to remove locked files.
We hope our application has helped you eradicate this malicious Malware.
If your current anti-virus solution let this infection through please consider purchasing the PRO version of Malwarebytes' Anti-Malware for additional protection.

Update your current Anti-Virus to the latest definitions and then perform a Full scan of your system.
If you don't currently have Anti-Virus please download and install Avira AntiVir Personal
Then update to the latest definitions and perform a Full scan of your system.

If you're still experiencing issues after running the above procedures then please follow the instructions below.
  • Disable CD-ROM Emulation Software

    • DeFogger - Disable
    • Please download the following tool DeFogger to your desktop.
    • Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers.
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    • IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
    • Do not re-enable these drivers until otherwise instructed.

    Download DDS and save it to your desktop from here or here or here
    Disable any script blocker, and then double click dds.scr to run the tool.

    • When done, DDS will open two (2) logs
      • DDS.txt
      • Attach.txt
    • Save both reports to your desktop.

    Download the following GMER Rootkit Scanner from here

    • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
    • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
    • It may take a minute to load and become available.
    • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
    • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically only C:\ should be checked)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop
    • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
    • Click OK and quit the GMER program.
    Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.

    Copy/Paste the contents of 'DDS.txt' to be posted as text to your post
    The other two logs ...

    * attach.txt
    * ark.txt
    Posted Image
    ... should be zipped/archived before attaching to the post
  • Please start a New Topic here and not in the General forum; post the most recent Malwarebytes' Anti-Malware log file and DDS/GMER log files.
  • The Malwarebytes' Anti-Malware log file is located in the Logs tab of the program.
  • DeFogger - Re-Enable (only run when instructed to when your system is clean again)
  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
  • IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.
  • Your Emulation drivers are now re-enabled.

Someone will analyze the logs and give you further instructions. Please DO NOT reply to another users post, create your own new post.
Prompt responses to instructions and performing the required fixes as soon as possible is always best.
During this scan and cleanup process you should not install any other software unless requested to do so.
Please see item #12 below as to who can help you, please ignore posts from others not authorized and their post will be removed.

Logs to reply with: MBAM and DDS/GMER

NOTE: If Malwarebytes won't run or DDS/GMER won't run please still create a new post in the Malware Removal - HijackThis Logs forum and explain what happens.

NOTE: Please DO NOT post back to your post within the first 48 hours. Replying to your own posts changes the post count and will often cause helpers to think that you're already being helped and thus they won't open and look at your post. If no one has replied within 48 hours then please go ahead and either reply to your post or send a private message to a Moderator and let them know that you're still needing assistance.

As soon as someone is available they will assist you.

Troubleshooting Tips
Please review some of the following potential fixes

Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users