Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

MR - chuky_r_law

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

MR - chuky_r_law

Unread postby Jag11 » March 26th, 2006, 6:03 am

http://www.malwareremoval.com/forum/viewtop ... 0477#60477



Please follow the instructions provided, you may want to print out these instructions and use them as a reference. If you have any questions regarding the fix, please ask us before proceeding. Please make sure that you follow this in the right order as I have listed.

==========================================================

Your Java is out-of-date and that might cause you some infections. We recommend you to update to the latest version ASAP. Please download and install the latest version here. Then go to Control Panel » Add/Remove Programs and uninstall the old version there.

==========================================================

Download Tools

Please download these tool(s) first before we proceed to the next steps:

1. ATF Cleaner by Atribune
  • Save it to your Desktop. We will use this later.
==========================================================

Download and unzip BFUzip from http://www.merijn.org/files/bfu.zip
Run the program and click the Web button as shown here:

Image

Use this URL to copy into the address bar of the Download script window:
Code: Select all
http://metallica.geekstogo.com/alcanshorty.bfu


Execute the script by clicking the Execute button.

==========================================================

Run HijackThis

Please open HJT, click Do a system scan only, and then place a checkmark beside each of these entries:

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Boyle Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Program Files\boylesportspokercomMPP\MPPoker.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)


After placing all the checkmarks, close all windows (except HJT), and then hit Fix Checked. When it finishes, exit HJT.

==========================================================

Show Hidden Files and Folders

Click Start » My Computer » Tools » Folder Options. Select the View tab.
  • Check - Show hidden files and folders
  • Uncheck - Hide file extensions for known types
  • Uncheck - Hide protected operating system files
Click Yes to confirm, then OK to exit.

==========================================================

Boot into Safe Mode. Please restart your computer and as soon as it starts to boot, tap F8 repeatedly. A menu should appear, select Safe Mode from the menu and then hit Enter on your keyboard. (this will take a while, so don't worry, just wait)

==========================================================

Uninstall Programs

Click Start » Control Panel » Add/Remove Programs, and then Uninstall these programs (if present):
    LimeWire
    BearShare
    boylesportspokercomMPP
    PartyPoker

==========================================================

Delete Files and Folders

Locate and delete the following files and/or folders (if present):

a. Folders :
    C:\Program Files\LimeWire\
    C:\Program Files\BearShare\
    C:\Program Files\boylesportspokercomMPP\
    C:\Program Files\PartyPoker.net\
    C:\Program Files\PartyGaming\
NOTE: Please let us know if there were any files or folders that you couldn't delete or find.

==========================================================

Run ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
Click Exit on the Main menu to close the program.

==========================================================

Run Ewido
  • Click on scanner.
  • Click on Complete System Scan. (please don't use the computer while scanning)
  • You will be prompted to clean the first infection:
    • Sometimes Ewido reports legit files as malware, so you need to Remove these one-by-one, if you see a legit file being reported, just select None.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
  • Close ewido security suite.
==========================================================

Restart your computer back to Normal again.

==========================================================

Run an online scan at Panda's ActiveScan
  • Please go here and perform a full system scan.
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open...click the big Check Now button.
  • Enter your Country.
  • Enter your State/Province.
  • Enter your Valid Email and click send.
  • Select either Home User or Company.
  • Click the big Scan Now button.
  • If it wants to install an ActiveX component allow it.
  • It will start downloading the files it requires for the scan.
  • Click on Local Disks to start the scan.
  • Save the log file created to your Desktop.
NOTE: Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.

==========================================================

Just a review of the log(s) we need to see on your next reply:
  • HijackThis (new)
  • Panda
  • Ewido
Please also provide details of any problems you encountered while performing the above steps and update us on how the computer behaves now.
Jag11
Retired Graduate
 
Posts: 1096
Joined: November 27th, 2005, 5:40 am
Location: 127.0.0.1
Advertisement
Register to Remove

Unread postby LDTate » March 26th, 2006, 9:04 am

Looks like this user wants to use a P2P. Post this link so they can get a Safe one:
Here is the list on 'good and bad' P2P:
http://www.spywareinfo.com/articles/p2p/

Post away ;)
User avatar
LDTate
WTT Teacher
WTT Teacher
 
Posts: 3920
Joined: February 18th, 2005, 8:38 pm
Location: Missouri, USA

Unread postby Jag11 » April 11th, 2006, 10:02 pm

Dead topic. Can be archived now. :D
Jag11
Retired Graduate
 
Posts: 1096
Joined: November 27th, 2005, 5:40 am
Location: 127.0.0.1


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: Vanilla-krypton and 72 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware