Red Dragon
21st February 2008, 11:21 PM
Very Important: Malware infections can possibly lead to identity theft, stolen bank funds, misuse of credit card information etc.
After completing these steps your symptoms may disappear, you still need to post your logs so that we can check them. We also need to secure your system from future attacks
================================================== =======
Step 1
Temporarily Disable Real Time Monitoring Programs
This is because some real time protection programs can interfere with any fixes we are trying to run.
See How to disable real time monitoring... (http://www.tech-101.com/viewtopic.php?f=18&t=34&start=0) for some of the most commonly used programs.
Once your system is clean, you are advised to turn the protection back on.
If you need specific instructions on your product, or if you have other protection that may need disabled feel free to ask in your thread in the security section.
================================================== =======
Step 2
If you`re NOT running any antivirus or firewall software, you should install some ASAP If you already have an Anti-virus program - please be sure to check for updates and run a full scan of your system - Please note anything that it finds in your thread.
Recommended Free Anti Virus:
http://i10.photobucket.com/albums/a117/justinlutzfl/1101.pngAvira Free (http://www.free-av.com/en/products/1/avira_antivir_personal__free_antivirus.html)
http://i10.photobucket.com/albums/a117/justinlutzfl/anyversion-icon-32x32-32bit.pngAvast Free (http://www.avast.com/eng/download-avast-home.html)
Recommended Free Firewall:
http://i10.photobucket.com/albums/a117/justinlutzfl/cpf_icn.gifComodo (http://www.personalfirewall.comodo.com/)
http://i10.photobucket.com/albums/a117/justinlutzfl/ZoneAlarm_logo.pngZonealarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp;jsessionid=EElu1mSWlQjHS1lqOdGhtXP 8vPmn2BX3FugIF1oqBBJ4j9pnXWWc!-559734354!-1062696904!7551!7552!NONE?dc=12bms&ctry=US&lang=en&lid=dbtopnav_zass)
================================================== =====
Step 3
http://i10.photobucket.com/albums/a117/justinlutzfl/Blind%20Dragon/ATF.gifATF Cleaner by Atribune
Please download ATF Cleaner to your desktop from HERE (http://www.atribune.org/ccount/click.php?id=1)
Double-click ATF Cleaner.exe to open it. Vista users: Right Click and Select Run as Administrator
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Firefox or Opera installed:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
================================================== =====
Step 4
http://img233.imageshack.us/img233/7729/mbamicontw5.gifMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please attach this log with your reply
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
================================================== ====
Step 5
http://i10.photobucket.com/albums/a117/justinlutzfl/Blind%20Dragon/SUPERAntiSpyware.gifSuperAntiSpyware Home Edition Free Version
Please download SuperAntiSpyware from HERE (http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE)
Launch SuperAntiSpyware and click on 'Check for updates'.
Wait for the updates to be installed
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan then Click 'Next' to start the scan.
Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.
It's possible that the program will ask you to reboot in order to delete some files.
Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Attach the notepad file here on your reply
================================================== =====
Step 6
http://i10.photobucket.com/albums/a117/justinlutzfl/Blind%20Dragon/jav.pngUpdate your Java Runtime Environment
Many types of malware like to exploit out of date Java versions!
First Verify that your version is up to date by clicking HERE (http://www.java.com/en/download/installed.jsp)
If you need to update your version:
That link button will change to one that allows you to update directly by clicking on it, in which case please do so.
When it finds the newer version - Follow the on screen instructions (uncheck the yahoo toolbar option)
After it installs the newest version Go back to Start -> Control Panel -> Add/remove programs (programs and features in vista)
Uninstall any older versions of Java except the most current update that you just installed
You can manually install the most recent version of Java through this link -> Java Runtime Environment (http://java.sun.com/javase/downloads/index.jsp) Make sure to scroll down to Java Runtime Environment
================================================== =====
Step 7
http://i10.photobucket.com/albums/a117/justinlutzfl/Blind%20Dragon/hjt_spy.jpgHighjackthis Instructions
Only do this step after completing the previous steps
Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE (http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe)
Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
After installing, the program launches automatically, select Scan now and save a log
After the scan is complete please attach your logs onto the forums
================================================== ========
Step 8
http://i10.photobucket.com/albums/a117/justinlutzfl/Blind%20Dragon/NotePad_128.pngAttach the requested logs to our Techie Section (http://forum.oddthought.com/techie-section/)
1) Malwarebytes Anti Malware log
2) SuperAntiSpyware log
3) Hijackthis log
Attachment Instructions
ONLY attach .txt or .log files, that mean NO .doc or word files
We prefer you to attach the logs into the thread, but if you have trouble with that, you are permitted to copy and paste them into your thread
To attach a log click on New Thread (or use Post Reply in an existing thread).
Scroll down until you see a button Manage Attachments. Click on that and a popup-window opens.
Click on the Browse button, find the requested log file, and doubleclick on it.
Now click on the Upload button in the popup. When done, click on the Close this window button.
Please Note: you can attach more than one file to a post by repeating the above steps.
!!!Also remember to tell us any symptoms that you may be having !!!
After completing these steps your symptoms may disappear, you still need to post your logs so that we can check them. We also need to secure your system from future attacks
================================================== =======
Step 1
Temporarily Disable Real Time Monitoring Programs
This is because some real time protection programs can interfere with any fixes we are trying to run.
See How to disable real time monitoring... (http://www.tech-101.com/viewtopic.php?f=18&t=34&start=0) for some of the most commonly used programs.
Once your system is clean, you are advised to turn the protection back on.
If you need specific instructions on your product, or if you have other protection that may need disabled feel free to ask in your thread in the security section.
================================================== =======
Step 2
If you`re NOT running any antivirus or firewall software, you should install some ASAP If you already have an Anti-virus program - please be sure to check for updates and run a full scan of your system - Please note anything that it finds in your thread.
Recommended Free Anti Virus:
http://i10.photobucket.com/albums/a117/justinlutzfl/1101.pngAvira Free (http://www.free-av.com/en/products/1/avira_antivir_personal__free_antivirus.html)
http://i10.photobucket.com/albums/a117/justinlutzfl/anyversion-icon-32x32-32bit.pngAvast Free (http://www.avast.com/eng/download-avast-home.html)
Recommended Free Firewall:
http://i10.photobucket.com/albums/a117/justinlutzfl/cpf_icn.gifComodo (http://www.personalfirewall.comodo.com/)
http://i10.photobucket.com/albums/a117/justinlutzfl/ZoneAlarm_logo.pngZonealarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp;jsessionid=EElu1mSWlQjHS1lqOdGhtXP 8vPmn2BX3FugIF1oqBBJ4j9pnXWWc!-559734354!-1062696904!7551!7552!NONE?dc=12bms&ctry=US&lang=en&lid=dbtopnav_zass)
================================================== =====
Step 3
http://i10.photobucket.com/albums/a117/justinlutzfl/Blind%20Dragon/ATF.gifATF Cleaner by Atribune
Please download ATF Cleaner to your desktop from HERE (http://www.atribune.org/ccount/click.php?id=1)
Double-click ATF Cleaner.exe to open it. Vista users: Right Click and Select Run as Administrator
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Firefox or Opera installed:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
================================================== =====
Step 4
http://img233.imageshack.us/img233/7729/mbamicontw5.gifMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please attach this log with your reply
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
================================================== ====
Step 5
http://i10.photobucket.com/albums/a117/justinlutzfl/Blind%20Dragon/SUPERAntiSpyware.gifSuperAntiSpyware Home Edition Free Version
Please download SuperAntiSpyware from HERE (http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE)
Launch SuperAntiSpyware and click on 'Check for updates'.
Wait for the updates to be installed
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan then Click 'Next' to start the scan.
Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.
It's possible that the program will ask you to reboot in order to delete some files.
Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Attach the notepad file here on your reply
================================================== =====
Step 6
http://i10.photobucket.com/albums/a117/justinlutzfl/Blind%20Dragon/jav.pngUpdate your Java Runtime Environment
Many types of malware like to exploit out of date Java versions!
First Verify that your version is up to date by clicking HERE (http://www.java.com/en/download/installed.jsp)
If you need to update your version:
That link button will change to one that allows you to update directly by clicking on it, in which case please do so.
When it finds the newer version - Follow the on screen instructions (uncheck the yahoo toolbar option)
After it installs the newest version Go back to Start -> Control Panel -> Add/remove programs (programs and features in vista)
Uninstall any older versions of Java except the most current update that you just installed
You can manually install the most recent version of Java through this link -> Java Runtime Environment (http://java.sun.com/javase/downloads/index.jsp) Make sure to scroll down to Java Runtime Environment
================================================== =====
Step 7
http://i10.photobucket.com/albums/a117/justinlutzfl/Blind%20Dragon/hjt_spy.jpgHighjackthis Instructions
Only do this step after completing the previous steps
Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE (http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe)
Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
After installing, the program launches automatically, select Scan now and save a log
After the scan is complete please attach your logs onto the forums
================================================== ========
Step 8
http://i10.photobucket.com/albums/a117/justinlutzfl/Blind%20Dragon/NotePad_128.pngAttach the requested logs to our Techie Section (http://forum.oddthought.com/techie-section/)
1) Malwarebytes Anti Malware log
2) SuperAntiSpyware log
3) Hijackthis log
Attachment Instructions
ONLY attach .txt or .log files, that mean NO .doc or word files
We prefer you to attach the logs into the thread, but if you have trouble with that, you are permitted to copy and paste them into your thread
To attach a log click on New Thread (or use Post Reply in an existing thread).
Scroll down until you see a button Manage Attachments. Click on that and a popup-window opens.
Click on the Browse button, find the requested log file, and doubleclick on it.
Now click on the Upload button in the popup. When done, click on the Close this window button.
Please Note: you can attach more than one file to a post by repeating the above steps.
!!!Also remember to tell us any symptoms that you may be having !!!