ONLY run Hijackthis from the New folder on your desktop
Can you do the following, and follow closely please
We should get you to download the latest version of Java for security reasons
==Download the latest version of
Java Runtime Environment (JRE) 5.0 Update 9- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement[/i]".
- The page will refresh.
- Click on the link to download Windows Offline Installation Multi-language
Save the file to your Desktop.
Don't install it yet==Download
[color=\"red\"]Brute Force Uninstaller[/color][/b] to your desktop.
- Right click the BFU folder on your desktop, and choose Extract All
- Click "Next"
- In the box to choose where to extract the files to,
- Click "Browse"
- Click on the + sign next to "My Computer"
- Click on "Local Disk (C:) or whatever your primary drive is
- Click "Make New Folder"
- Type in BFU
- Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. [color=\"red\"]RIGHT-CLICK HERE[/color][/b] and choose "Save As" (in IE it's "Save Target As") in order to download [color=\"red\"]MediaGateway Remover[/color].
Save it in the same folder you made earlier (c:\BFU).
We will need it later
==Download and save to your desktop
[color=\"red\"]SmitfraudFix[/color][/url] (by
S!Ri)
Right click on Smitfraudfix.zip and Extract the contents (a folder named
SmitfraudFix) to your Desktop.
We will need it later
==I know you have AVG AntiVirus installed
But can you also download it's antispyware program from it's affiliate Ewido networks, this is different than the AV you have installed
Download>>Install
[color=\"#000099\"]AVG Anti-Spyware 7.5[/color] from Ewido networks
- Load AVG-antispyware and then click the Update tab at the top. Under Manual Update click Start update.
- After the update finishes (the status bar at the bottom will display "Update successful")
- Close AVG antispyware as we will need it later
Print the rest of these instructions or save them too a text file on desktopI will need you to reboot into safe mode soon, without networking to complete most of the repairs
Close down all browser windows, including this one
Open the Windows Control panel and double click on the Java Icon
Ensure you are in Classic View, select the Java Icon
Under the General tab, select "Delete files"
Leave all 3 selections selected and click OK>>Close Java
Access your Add/remove programs via Control Panel
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
eg..
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8They should have the following icon next to it:
Select it and click Remove both of them
Stay in add/remove programs and also remove
MediaGatewayReboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the top of the screen that appears.
Sign in with your normal user account
==Go to Start > My Computer and navigate to the C:\BFU folder.
- Start the Brute Force Uninstaller by doubleclicking BFU.exe
- Behind the scriptline to execute field click the folder icon
and select MediaGateway.BFU
- Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
- Wait for the complete script execution box to pop up and press OK.
- Press exit to terminate the BFU program.
==Open the
SmitfraudFix folder you extracted to desktop earlier
- Double-click smitfraudfix.cmd
- Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
- You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
- The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process
I'll need to see these later, by default they are also saved at C:\rapport.txt
If a reboot was required, please reboot back to safe mode
If a reboot is not required, Remain in safe mode
AVG-Antispyware Scan- Load AVG and select the "Scanner" tab
- Click the "Settings" tab and then change the recommended action to Quarantine and ensure that Automatically generate report after every scan is selected
- Click back to the "Scan" tab and then click on Complete System Scan.
- Let this scan complete
- AVG will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
- Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Reboot the computer to Normal windows
At this time you can install Sun Java from the installer you saved to desktop earlier
Follow the prompts
After installation you can delete the installer from desktop
Post back all the following please
1. Post a fresh hijackthis log
2. Post the report from Smitfraudfix, located here>>C:\
Rapport.txt3. Post the whole report from AVG Antispyware
NOTE: You will have to enter your display properties and reset your desktop background image after running the clean with Smitfraudfix, so don't be alarmed
