Right click here and click Save Target As. Save the file to your desktop. Double click on the file you saved to run it. It will ask you if you want to merge it with your registry. Click Yes and then Ok on the confirmation. You will have to reboot for this to take effect.
We need to make sure all hidden files are showing so please:
- * Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
***
Open HijackThis
Go to ‘config’
Go to ‘misc tools’
Press the button ‘open uninstall manager’
In the list find:
Security IGuard
Virtual Maid
Search Maid
Press ‘delete this item’.
IF finished close hijack this
***
Download Pocket Killbox.
Unzip the files to a folder like c:\killbox\
Run Killbox (doubleclick Killbox.exe).
Click the radio button that says Delete a file on reboot.
In the field labeled Full Path of File to Delete enter the file paths listed in the box below ONE AT A TIME (EXACTLY as it appears, please double check to make sure! I would just copy each file path and paste it in the field). MAKE SURE TO ENTER ALL FILE PATHS!
After each one, click the red circle with a white cross in it.
C:\WINDOWS\System32\intmon.exe
C:\WINDOWS\System32\shnlog.exe
C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\system32\hhk.dll
C:\Windows\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\system32\msole32.exe
C:\Windows\System32\ole32vbs.exe
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
Let the system reboot to safe mode.
(While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.)
If you recieve an error message "PendingRenameOperation...." and your computer doesn't restart, please restart it manually.
***
Using Windows Explorer, delete the following (please do NOT try to find them by "search" because they will not show up that way)
FOLDERS to delete (in bold) if found:
C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files <-WILL be there!
C:\Program Files\Security Iguard
Reboot into normal mode.
***
Download Hoster
Unzip it to a convenient place and open the program.
Choose "Restore Original Hosts" and press "OK".
Close the program.
***
Download: deldomains.
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.
***
There may also be a number of icons in the system folder that don't belong. Here are some examples:
casino.ico
date.ico
games.ico
mobile.ico
network.ico
pharm.ico
pharm2.ico
scanner.ico
spam.ico
spyware.ico
***
Download CleanUp!.
If the link doesn´t work, download it from here.
Find and doubleclick the file cleanup312.exe.
Go to option
Select ‘custom’
Put a check to:
- * Prefetch
* Temp
* All users.
Press 'cleanup!'
Once it's done, log off and log on again. This will remove files that were in use during the scan.
***
Please do an online scan, 2 would be better,
Trend Micro Housecall
Panda online scan
Make sure that you choose "fix" or "clean".
Save the results from the scan!
***
Post back here in this topic using the button ‘add reply’:
The results from the AV scan and a new HiJackThis log.