"Computer Registry Tools"
"Registry Analysis-Removal Tools"

"Geeks to Go! "

To access some of the download links provided below, and to post a topic in the forums you must http://www.geekstogo.com/forum/register.html. Best of all - registration and all assistance, is FREE!

Malware (Spyware, Adware, Trojans, Viruses) are every increasing in their frequency, and abilities to disguise themselves. This forum is a resource for removal of this malicious software (malware). Following is a guide that will help you to remove many of the most common problems, and allow us to help you most efficiently. It may look daunting, but shouldn't take long to complete.

Please remember, people helping you are volunteers. Be patient, somebody will help you as soon as they become available. We all have REAL jobs, families, have other interests, and may live half way around the world. Plus, there may be people in front of you waiting for help. Following these steps will lighten our work load, and allow us to help more members. Do not 'bump' your topic. We work older topics first.

The reality is that Hijack This logs are getting more complicated, require more time to analyze, and the infections are more difficult to remove -- often requiring a multi-step process. Anything that you can do to help us before posting a log is greatly appreciated. Please acknowledge that you've followed these required steps (or our first reply will likely direct you here).

Finally, please follow your thread to a conclusion. Helpers like to know your issue is resolved. When finished they will post instructions and advice on preventing future infections. If you fail to conclude the thread, your system may not be completely clean, and it may be vulnerable to future infections.

We offer http://www.geekstogo.com/forum/Malware_Removal_Guides_and_Tutorials-f121.html for many common infections. Including these:

ATF Cleaner - http://www.geekstogo.com/forum/index.php?automodule=downloads&showfile=21 - http://www.atribune.org/content/view/19/2/
This will remove unneeded temporary files from your system, make automated scans that follow run faster, and save you time.

  1. Double-click ATF-Cleaner.exe to run the program.
  2. Under Main choose: Select All
  3. Click the Empty Selected button.
    1. If you use Firefox browser
      • Click Firefox at the top and choose: Select All
      • Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    2. If you use Opera browser
      • Click Opera at the top and choose: Select All
      • Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpsysrst.mspx (Windows XP and ME only)
This ensures there's a valid system restore point, in case it's needed.

ERUNT - http://www.geekstogo.com/forum/index.php?autocom=downloads&showfile=113 - http://www.larshederer.homepage.t-online.de/erunt/
This ensures we have a valid registry backup. http://www.geekstogo.com/forum/Backing-Up-Registry-Using-ERUNT-t208859.html (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore if needed. Removing modern malware infections often requires making changes to the registry, and a corrupt registry can prevent a system from booting. Compatible with Windows NT, 2000, 2003, XP, Vista, 32 & 64-bit versions.
  1. Download http://www.geekstogo.com/forum/index.php?automodule=downloads&req=download&code=confirm_download&id=113
  2. Double-click erunt_setup.exe to run.
  3. Follow the prompts and install using the default configuration (setup language, install location, shortcuts...).
  4. Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.
  5. Start ERUNT
  6. Choose a location for the backup
    The default location C:\WINDOWS\ERDNT\[today's date] is preferred
  7. The first two check boxes are ticked by default (System registry and Current user registry).
  8. Press OK
  9. When prompted, click YES to create a new folder.
  10. Progress bars will show backup status.
  11. A confirmation window will popup when complete. Click OK to close.

System Settings
If you have anything disabled by MSConfig or any other startup manager, please re-enable them before running any scans, or posting a Hijack This log.

Windows Notepad will be used to view logs, and copy/paste the results. By default "Word Wrap" is disabled. However, since Word Wrap interferes with the formatting of the logs, please be sure it's disabled. When notepad is open, click "Format" on menu bar, and ensure "Word Wrap" is NOT ticked by a checkmark.

Step One: Scan for Spyware/Adware
Malwarebytes' Anti-Malware (for Windows 2000, XP, Vista ONLY) - http://www.geekstogo.com/link/mbam.php - http://www.malwarebytes.org/mbam.php
Malwarebytes' Anti-Malware is very good at removing the zlob trojan, virtumonde, and most other current infections. This single tool has replaced multiple tools that have been required in the past.
  1. Double-click mbam-setup.exe and follow the prompts to install the program.
  2. At the end, confirm a checkmark is placed next to the following:

    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

  3. Then click Finish.
  4. If an update is found, it will download and install the latest version.
  5. Once the program has loaded, select Perform quick scan, then click Scan.
  6. When the scan is complete, click OK, then Show Results to view the results.
  7. Be sure that everything is checked, and click Remove Selected.
  8. When completed, a log will open in Notepad. The rogue application should now be gone.
When completed, a log will open in Notepad. If you need to post a HijackThis log, please paste this log with it.

Step Two: Viruses/Trojans
Even the best antispyware programs are only able to remove about 70% of infections. Also, the line between spyware and viruses/trojans is getting blurred. Everyone should have an antivirus application installed on their system. If you don't have an antivirus installed, or if the subscription for yours has expired, see our recommendations for http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html. If you install an antivirus application, please run a full system scan immediately.

Important note: Geeks to Go highly recommends uninstalling any existing antivirus software BEFORE installing another antivirus application. Antivirus programs often conflict and can cause system slowdowns, crashes, or even leave you unprotected. Only ONE should be installed on a system at any time.

Step Three: Windows Updates
Windows Update - http://www.windowsupdate.com/
An unprotected, unpatched Windows XP installation will get infected within minutes of connecting to the Internet. Because of this, we'll require you to do install critical updates before providing assistance in our forums. If not, we're both just wasting our time.

Step Four: Reboot - Test
The steps above will completely clear malware from the majority of systems. Test your system to see how it's working.

If you're still having problems, continue to the next step. Otherwise, read http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I to prevent future Spyware/Hijack attacks.

Step Five: Posting a Hijack This Log
Hijack This - http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe.

Important note: Please do not post ANY other logs until requested by the person helping you. Deckard's System Scanner, antivirus scan logs, and other information can be helpful, but can also complicate the initial diagnosis. Also, Combofix should NEVER be run unless requested. While it's a powerful tool useful for removing a number of infections, things can and do go wrong. Sometimes systems even refuse to boot. There are safeguards built into Combofix, but only someone trained in its use will be able to help you recover. The logs generated can also be very difficult to read.

Automated tools are not always successful at removing malware from your system. Some infections may generate random files names, are too new, or use other tricks to avoid detection.

HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers. Some items are perfectly fine. You should not remove them. Never remove everything. Doing that could leave you with missing items needed to run legitimate programs and add-ins.

This section is designed to help you produce a log, post the log into the Forum and finally remove the items as directed by the Member helping you. This involves no analysis of the list contents by you. That will be done by the Geeks to Go Staff.

If you have run any malware removal software (Ad-aware, Ewido, SuperAntiSpyware…), please reboot before scanning.

If you have not already done so http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe and install HijackThis.

If you downloaded the file here, it’s self-installing. Simply download to your desktop or other convenient location, and run HJTInstall.exe to install. Once installed open HijackThis by clicking Start -> Program Files -> HijackThis.

This is how HijackThis looks when it first opened.
1. Click the button labeled Do a system scan and save a logfile.

2. HijackThis will quickly scan your system, and then open two new windows. The results of the HijackThis scan, and hijackthis.log in Notepad. Save hijackthis.log. By default it will be saved to C:\Program Files\Trend Micro\HijackThis, or you can chose “Save As…”, and save to another location.

Hijackthis.log contains the info that’s required to receive analysis and assistance. Highlight the entire contents. Copy and paste the contents into your post, along with a complete description of your problem(s). DO NOT fix anything. Wait for help.

(Optional) It would be helpful to also provide an uninstall list:
  1. Start HijackThis
  2. Click on the Config button
  3. Click on the Misc Tools button
  4. Click on the Open Uninstall Manager button.
  5. You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your topic please
Return to the Forum and reply to your original post (or start a new thread in the http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html). Copy the entire contents of the Notepad file that opened, and paste it into your post. Then, wait for a Staff member to reply to your thread with instructions.

Additional Copy and Paste Instructions
Having problems with cut and paste? Open the text file. Go to the Toolbar of your text editor, Notepad for example and click Edit. Move the mouse down to Select All and click on Select All to highlight the text. Go back to Edit again and move the mouse down to Copy. Click Copy. Go to the Forum and reply to your original post. When the page opens, click on an empty space in the reply window with your mouse to set focus for the paste operation. Finally, hold down the Ctrl button and click the letter v on the keyboard to paste the text into your post.

(NOTE: You must register and be logged in to download files.)

Hijack This Forum Rules:
http://www.geekstogo.com/forum/register.html if not yet registered. http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-new-topic-f37.html to start a new topic and paste your log.

If you would like to learn more about reading HJT logs and help us by becoming a member of the staff, please click http://www.geekstogo.com/forum/Want-to-help-others-t2792.html. If you're already an expert, and would like to help, please http://www.geekstogo.com/forum/compose-new-message.html&MID=1.

Please acknowledge that you've followed these required steps (or our first reply will likely direct you here). Please be patient, let us know the results, and remember to thank the helper assisting you.


Geeks to Go (Malware Removal Staff)


Click Here For Download of SpywareBlasterSetup.exe Zip file 2.71 MB 32 Bit for XP PC

Click Here For Download of RegistryMechanic.exe Zip File 7.12 MB 32 Bit XP PC

Click Here To Download Revo Uninstaller, 411 K (Much More Than Just Uninstall), Registry Tools.

Click Here To Download Registry Booster

Click Here To Return To Link Page