Read over the following directions. Ask if anything appears unclear to you.
Download Clean.bat to your desktop: for later use to clean out your TEMPORARY and PREFETCH files.
http://www.thatcomputerguy.us/downloads/clean.bat
We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.
Quote:
C:\Program Files\ESET\infected\VEYCSBBA.NQF Infected: Backdoor.Win32.Dumador.dd skipped
C:\Program Files\ESET\infected\V5GA51CA.NQF Infected: not-a-virus ialer.Win32.gen skipped
|
Clean out any items left in the NOD32 quarantine area.
Quote:
C:\Documents and Settings\All Users\Application Data\hideerrorsupportactive\dupe atom.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Documents and Settings\ADAM GOODALL\Local Settings\Temp\bisC71.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Documents and Settings\ADAM GOODALL\Application Data\default global each\Bike Style.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Documents and Settings\ADAM GOODALL\Application Data\default global each\tcnyfrqk.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Documents and Settings\ADAM GOODALL\Application Data\default global each\32 Ante Balm Platform.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Documents and Settings\ADAM GOODALL\Application Data\default global each\cornthetrust.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
|
Preparation
1) Download lopremover.zip from here and save it to your Desktop:
http://www.joe-london.pwp.blueyonder...lopremover.zip
You will need to unzip it to use it.
To do this: Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish.
Close the window that appears as you will not need the file immediately.
Log off from the Internet and disconnect your modem cable for the duration of the fix.
Removal
1) Open the lopremover folder and double click lopremover.exe to run it.
Verify the above item removals or try removing them manually if necessary.
SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.
HIDDEN FILES: To make sure you can see all hidden files, please follow the directions
here
SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained
here if needed).
Delete TEMPORARY FILES: Now, hunt down the most common temporary file locations and the temporary file clutter contained therein (and of possible malware hiding places):
Go to Start > Run and type:
CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for: - Temporary Internet Files
- Downloaded Program Files
- Recycle Bin
- Temporary Files
Click OK or Enter
For additional, more thorough cleaning and for multi-profile user configurations:
(*) Run Clean.bat to clean up your TEMPorary files.
POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.