Reply to thread

Message: <blockquote data-quote="Jack" data-source="post: 59049" data-attributes="member: 1">For now lets skip the ESET scan... please run the below software..... 1. Run a scan with ESET Sirefef Remover Download, save and run the ESET 'Win32/Sirefef' stand-alone malware removal tool and follow the prompts as directed.<a href="http://download.eset.com/special/ESETSirefefRemover.exe">ESET Sirefef Remover Download Link</a>2.Run a scan with Kaspersky TDSSKiller<>Read carefully and follow these steps.</><ol>    <li>Download <><a title="External link" href="http://support.kaspersky.com/downloads/utils/tdsskiller.exe" rel="external">TDSSKiller</a></> and save it to your Desktop.</li>    <li>Double-click on <>TDSSKiller.exe</> to run the application.<img src="http://img4.imageshack.us/img4/1907/tdss1.png" alt="Posted Image" /></li>    <li>Click <>Change parameters</><img src="http://img593.imageshack.us/img593/288/tdss2.png" alt="Posted Image" /></li>    <li>Check the boxes next to <>Verify Driver Digital Signature</> and <>Detect TDLFS file system</>, then click <>OK</><img src="http://img521.imageshack.us/img521/1456/tdss3.png" alt="Posted Image" /></li>    <li>Click on the <>Start Scan</> button to begin the scan and wait for it to finish.<>NOTE:</> Do not use the computer during the scan!</li>    <li>During the scan it will look similar to the image below:<img src="http://img6.imageshack.us/img6/9136/tdss4.jpg" alt="Posted Image" /></li>    <li>When it finishes, you will either see a report that no threats were found like below:<img src="http://img696.imageshack.us/img696/9898/tdss5.jpg" alt="Posted Image" />If no threats are found at this point, just click the <>Report</> selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.</li>    <li>If any infection or suspected items are found, you will see a window similar to below:<img src="http://img854.imageshack.us/img854/905/tdss7.jpg" alt="Posted Image" /><ul>    <li>If you have files that are shown to fail signature check do not take any action on these. Make sure you select <>Skip</>. I will tell you what to do with these later. They may not be issues at all.</li>    <li>If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.</li>    <li>If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objectsMake sure that <>Cure</> is selected. <>Important!</> - If Cure is not available, please choose <>Skip</> instead. Do not choose Delete unless instructed to do so.</li></ul></li>    <li>Click <>Continue</> to apply selected actions.</li>    <li>A reboot may be required to complete disinfection. A window like the below will appear:<img src="http://img828.imageshack.us/img828/4812/tdss6.jpg" alt="Posted Image" />Reboot immediately if TDSSKiller states that one is needed.</li>    <li>Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like <>TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt</> which is based on the program version # and date and time run.</li>    <li>Attach this log to your next reply.</li></ol>3. Please try to run again an OTL scan.<ol> <li data-xf-list-type="ol">Please download the OTL utility from here : <a href="http://oldtimer.geekstogo.com/OTL.exe" target="_blank">http://oldtimer.geekstogo.com/OTL.exe</a></li> <li data-xf-list-type="ol">Right-click on OTL.exe and select Run as Administrator to start OTL.</li> <li data-xf-list-type="ol">Double click on OTL.exe to run it.</li> <li data-xf-list-type="ol">Under the Custom Scan box paste this in: [code]%SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*.exe %APPDATA%\*. /md5start atapi.sys explorer.exe winlogon.exe Userinit.exe svchost.exe csrss.exe PrintIsolationHost.exe consrv.dll /md5stop %systemroot%\*. /mp /s hklm\software\clients\startmenuinternet|command /rs %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT[/code] </li> <li data-xf-list-type="ol">Click the Quick Scan button.The scan wont take long. </li> <li data-xf-list-type="ol">When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please post this 2 logs in your first reply.</li> </ol><hr />What's next?Attach the following logs to your post (You can find <a href="http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072" target="_blank">here</a> details on how to use the Attachment System): 1.ESET Sirefef Remover 2. TDSSKiller3.OTL logs</blockquote>

Verification

Top