We have to remove a similiar infection you had about 5 months ago, and some new stuff
If you still have Windows CleanUp! 4.0 installed
remove it from add/remove programs
==Download and install
Windows CleanUp! 4.5.1Open
Ewido Anti-malwareFrom the main ewido screen, click on
Update in the left menu, then click the
Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can take a look at the following link to help with
the updating
http://www.ewido.net/en/support/?AID=26Don't continue unless you were able to update Ewido's database
Come back here and let's resolve the updating problem first
Carry on if it updated fine
Can you open "MyComputer"
Double click to open Local Disk C: drive
Right click an empty spot and left click NEW>>Folder
A new folder will be placed in the C: folder , name it
BFUSo you now have
C:\BFUPlease download
Brute Force UninstallerReminder, choose SAVE rather than OPEN
Then Extract (UNZIP) the contents to the
(C:\BFU) folder you just made
So you now have C:\Bfu\bfu.exe
[color=\"#CC0000\"]RIGHT CLICK HERE[/color] and choose "Save As" (in IE it's "Save Target As") in order to download [color=\"#3333FF\"]Alcanshorty.bfu[/color].
Save it in the folder you made earlier (c:\BFU)
So you now have C:\Bfu\alcanshorty.bfu
Note: If you still have p2pnetwork.bfu, delete it please, this is an updated fix
Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu
In safe mode
==Open
Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done>>Click Close
DECLINE to Log off or Restart the computer
=Open the
C:\BFU folder
Double click to run
BFU.exeUse the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to
alcanshorty.bfu in the
C:\BFU folder
Right click
alcanshorty.bfu and choose
Select In Brute Force Uninstaller select
ExecuteWait for the "complete script execution" box to pop up and press
OK.
Press
exit to terminate the BFU program.
==Open Ewido Anti-malware
Click on the
Scanner button on the left menu
Select
Complete System Scan*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to the desktop or someplace you will remember
Exit Ewido
NOTE: When Ewido is running, don't open any other windows, let it run uninterrupted
Do a "System scan only" with Hijackthis and put a check next to these entries:
O4 - HKLM\..\Run: [newname] c:\windows\newname16.exe
O4 - HKLM\..\Run: [mousepad] c:\windows\mousepad16.exe
O4 - HKLM\..\Run: [keyboard] c:\windows\keyboard16.exe
After you have ticked the above entry, close
All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Afterwards, reboot back to normal mode
Leave everything enabled on startup
Post back a fresh hijackthis log and the Whole report from Ewido's
