Please follow the instructions provided, you may want to print out these instructions and use them as a reference. If you have any questions regarding the fix, please ask us before proceeding. Please make sure that you follow this in the right order as I have listed.
==========================================================
Your Java is out-of-date and that might cause you some infections. We recommend you to update to the latest version ASAP. Please download and install the latest version here. Then go to Control Panel » Add/Remove Programs and uninstall the old version there.
==========================================================
Download Tools
Please download these tool(s) first before we proceed to the next steps:
1. ATF Cleaner by Atribune
- Save it to your Desktop. We will use this later.
Download and unzip BFUzip from http://www.merijn.org/files/bfu.zip
Run the program and click the Web button as shown here:
Use this URL to copy into the address bar of the Download script window:
- Code: Select all
http://metallica.geekstogo.com/alcanshorty.bfu
Execute the script by clicking the Execute button.
==========================================================
Run HijackThis
Please open HJT, click Do a system scan only, and then place a checkmark beside each of these entries:
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Boyle Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Program Files\boylesportspokercomMPP\MPPoker.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
After placing all the checkmarks, close all windows (except HJT), and then hit Fix Checked. When it finishes, exit HJT.
==========================================================
Show Hidden Files and Folders
Click Start » My Computer » Tools » Folder Options. Select the View tab.
- Check - Show hidden files and folders
- Uncheck - Hide file extensions for known types
- Uncheck - Hide protected operating system files
==========================================================
Boot into Safe Mode. Please restart your computer and as soon as it starts to boot, tap F8 repeatedly. A menu should appear, select Safe Mode from the menu and then hit Enter on your keyboard. (this will take a while, so don't worry, just wait)
==========================================================
Uninstall Programs
Click Start » Control Panel » Add/Remove Programs, and then Uninstall these programs (if present):
- LimeWire
BearShare
boylesportspokercomMPP
PartyPoker
Delete Files and Folders
Locate and delete the following files and/or folders (if present):
a. Folders :
- C:\Program Files\LimeWire\
C:\Program Files\BearShare\
C:\Program Files\boylesportspokercomMPP\
C:\Program Files\PartyPoker.net\
C:\Program Files\PartyGaming\
==========================================================
Run ATF Cleaner
- Double-click ATF-Cleaner.exe to run the program.
- Click Select All found at the bottom of the list.
- Click the Empty Selected button.
==========================================================
Run Ewido
- Click on scanner.
- Click on Complete System Scan. (please don't use the computer while scanning)
- You will be prompted to clean the first infection:
- Sometimes Ewido reports legit files as malware, so you need to Remove these one-by-one, if you see a legit file being reported, just select None.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
- Click Save report.
- Save the report .txt file to your desktop or a location where you can find it easily.
- Close ewido security suite.
Restart your computer back to Normal again.
==========================================================
Run an online scan at Panda's ActiveScan
- Please go here and perform a full system scan.
- Once you are on the Panda site click the Scan your PC button.
- A new window will open...click the big Check Now button.
- Enter your Country.
- Enter your State/Province.
- Enter your Valid Email and click send.
- Select either Home User or Company.
- Click the big Scan Now button.
- If it wants to install an ActiveX component allow it.
- It will start downloading the files it requires for the scan.
- Click on Local Disks to start the scan.
- Save the log file created to your Desktop.
==========================================================
Just a review of the log(s) we need to see on your next reply:
- HijackThis (new)
- Panda
- Ewido