Hi
It may prove beneficial if you print of the following instructions or save them to notepad.We will be using the
Non Infected computer you mentioned in your last post we have available for use and the
USB Flash/Thumb Drive.
Please boot-up/start(if not running) the aforementioned computer.
- Please download Flash_Disinfector and save it to the desktop.
- Do not use this yet! We will be shortly.
Next- Attach the USB Flash/Thumb Drive
- Double click on the desktop icon My Computer or if not present Start >> My Computer
- Make a note of the drive letter assigned to your USB Thumb Drive. For example it may be as follows: USB (E:)
- Now go to Start >> Run and type in the following exactly:
- Format X: <--- substitute X with the previously noted USB Thumb Drive drive letter designation and make sure to include : (colon) also
- Now click on OK
- Now the C:\Windows\system32\format.com window will launch.
- The wording will be something similar to the below:
Insert a new disk for drive X:
and press Enter when ready....- Ignore this part and just hit the Enter key
- The format will now begin.
- At the prompt Volume label (11 characters, ENTER for none)?
- Either name your drive what you wish, say bob350 for example or just hit the Enter key
- Your USB Thumb Drive is now formatted and if it was infected, it should now be clean.
If for any reason you could not carry out the above, please perform the following instead:
Remove your
USB/FlashDrive safely from the
Non Infected computer.
- Double click on Flash_Disinfector click to run it.
- You will be prompted to plug in your flash/usb drive. Plug it in.
- Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
- When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
- Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.
Next:Please download the following to your
Flash/USB Drive:
Next:Remove your
USB/FlashDrive safely from the
Non Infected computer.
Next:Note: Keep your infected computer offline during all of the below. Any logs/reports requested will have to be saved to your USB Drive.- Make sure your infected computer is switched off and connect your USB Thumb Drive.
- Now boot it up in to Normal Mode.
- Navigate to your USB Thumb Drive
Next:- Navigate to your USB/Flash Drive again
- Click once on Fix Policies to highlight it
- Now under File and Folder Tasks
- Select Move this file
- In the Move Items that appears select Desktop and click on the Move button
Now carry out the same above procedure so that the following also are on the
Desktop of your
Infected Computer:
- HJTInstall.exe
- gmer.zip
- RSIT.exe
Next:- Double-click on FixPolicies.exe.
- Click the "Install" button on the bottom toolbar of the box that will open.
- The program will create a new Folder called FixPolicies
- Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
- A black box should briefly appear and then close.
Next:
- Double-click on HJTInstall.exe.
- Choose the default location of C:\Program Files\Trend Micro\HijackThis as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
- Click the Install button.
- Accept the license agreement .
- The progam will place a shortcut on your desktop. This will make it easier for you to access the tool when required.
- Now close the application as we do need to use this yet!
Next:- Double click on the desktop RSIT.exe to run RSIT.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open:
- log.txt will be opened maximized.
- info.txt will be opened minimized.
- Please save the contents of both log.txt and info.txt to your USB/Flash Drive.
Next:- Unzip gmer.zip it to a folder on your desktop
- Double click on gmer.exe to launch GMER
- If asked, allow the gmer.sys driver load
- If it warns you about rootkit activity and asks if you want to run scan, click OK
- If you don't get a warning then
- Click the rootkit tab
- Click Scan
- Once the scan has finished, click copy
- Paste the log into notepad using Ctrl+V
- Save it to your desktop as gmerrk.txt
- Click on the >>> tab
- This will open up the rest of the tabs for you
- Click on the Autostart tab
- Click on Scan
- Once the scan has finished, click copy
- Paste the log into notepad using Ctrl+V
- Save it to your desktop as gmerautos.txt
- Now please save/transfer both logs to your USB/Flash Drive.
Power down switch of your infected computer, then remove your
USB/Flash Drive.
Now please return to the
Non Infected computer we have access to, power up if switched off then:
Flash_Disinfector- Double click to run it.
- You will be prompted to plug in your Flash/USB Drive. Plug it in.
- Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
- When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
- Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.
When completed the above, please post back the following:
- Both GMER logs.
- Both RSIT logs