Credits go to ditto
Geeks To Go _ Malware Removal - HiJackThis Logs Go Here _ You Must Read This Before Posting A Hijackthis Log

If it's your first time here, welcome to Geeks to Go! You must http://www.geekstogo.com/forum/register.html and be logged in to access the download links provided below.


Malware (Spyware, Adware, Trojans, Viruses) are every increasing in their frequency, and ability to disguise themselves. This forum is a resource for removal of these unwanted pests. Following is a guide that will help you to remove many of the most common problems, and allow us to help you most efficiently. It may look daunting, but shouldn't take long to complete.


Please remember, people are helping you for FREE. Be patient, somebody will help you as soon as they become available. We all have REAL jobs, families, have other interests, and may live half way around the world. Plus, there may be people in front of you waiting for help. Following these steps will lighten our work load, and allow us to help more members.


The reality is that Hijack This logs are getting more complicated, require more time to analyze, and the infections are more difficult to remove -- often requiring a multi-step process. Anything that you can do to help us before posting a log is greatly appreciated. Please acknowledge that you've followed these required steps (or our first reply will likely direct you here).



Preparation

If your having trouble connecting to the Internet try running the WinSockFix utility to repair your connection:

http://www.geekstogo.com/modules.php?modid...n=download&id=7

http://www.geekstogo.com/modules.php?modid...=download&id=21


CleanUp! - http://www.geekstogo.com/modules.php?modid...=download&id=49 - http://home.comcast.net/~sgould4567/softwa...anup/index.html

CleanUp!, is a quick and easy way to delete temporary files from your system. Simply deleting these temp files may clear some infections, and will make running the following scans faster.

-Install and run. Click on the button labeled CleanUp!.
-When it finishes it will prompt you to restart Windows - there will be one or two files it cannot delete when Windows is running - however, they will be deleted next time Windows starts up.

Step One: Scan for Spyware/Adware

Ad-aware SE - http://www.geekstogo.com/modules.php?modid...n=download&id=5 - http://www.lavasoftusa.com/software/adaware/

-Install the program and launch it. If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.

-First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we will configure Ad-Aware to perform a full scan. In the Ad-Aware main window, click on the gear icon at the top of the screen to open the preferences window. In the General window, make sure the following options are selected:

1) Automatically save log-file

2) Automatically quarantine objects prior to removal

3) Safe Mode (always request confirmation)

Click the Scanning button on the left-hand side and make sure the following options are selected:

1) Scan within archives

2) Scan active processes

3) Scan registry

4) Deep scan registry

4) Scan my IE Favorites for banned URLs

5) Scan my Hosts file



Please also click on Select drives & folders to scan and select your hard drive(s). Then click the Advanced button on the left-hand side and make sure all the options under Log-file Detail Level are selected. Next, click the Tweak button on the left-hand side. Click on Scanning Engine and make sure the following options are selected:

1) Unload recognized processes & modules during scanning

2) Obtain command line of scanned processes

3) Scan registry for all users instead of current user only

Click on Cleaning Engine and make sure the following options are selected:

1) Always try to unload modules before deletion

2) During removal, unload Explorer and IE if necessary

3) Let Windows remove files in use at next reboot

4) Delete quarantined objects after restoring

Finally, click on Safety Settings and make sure the following options are selected:

1) Automatically select problematic objects in results lists

2) Write-protect system files after repair (Hosts file, etc)

-Click on Proceed to save the preferences. Then please click the Start button on the bottom right side to begin a scan. Select Use custom scanning options and then click Next. Ad-Aware will then scan for malware.
-Save the log file when it asks and then click Finish. Do not post the Ad-aware log in this forum unless requested.
-When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).
-If you wish assistance with an Ad-Aware SE log file, please post your log http://www.geekstogo.com/forum/Lavasoft_Su..._aware-f62.html for analysis by Ad-Aware experts.
-Trouble? http://www.geekstogo.com/forum/Lavasoft_Su..._aware-f62.html
CWShredder - http://www.geekstogo.com/modules.php?modid...=download&id=17 - http://www.intermute.com/spysubtract/cwshr...r_download.html

CWShredder - http://www.geekstogo.com/modules.ph...=download&id=17 - http://www.intermute.com/spysubtrac...r_download.html
Run the program. Click the Fix button to remove any malicious programs found.


Spybot S&D - http://www.geekstogo.com/modules.php?modid...=download&id=14 - http://www.safer-networking.org/en/index.html - http://www.majorgeeks.com/download4392.html

Install Spybot and the DSO Exploit Fix. Start Spybot and select Update, Search For Updates, check the box next to each update and then select Download Updates. Next, select Search and Destroy, Check for problems and after scanning is complete, Fix selected problems. Finally, select Immunize and then the Immunize button to block common Spyware programs from installing.

No single program removes every threat. A multi-prong approach is best.

http://www.spywarewarrior.com/rogue_anti-spyware.htm. Unfortunately, many companies have chosen to exploit the spyware problem by releasing questionable software. These programs may be ripoffs of existing free programs, produce false positives to entice you to buy the full version, leave actual Spyware installed, or at the very worst even install Spyware. Use the link above to see if you have installed any of these programs on your system. Uninstall any found.


Step Two: Viruses/Trojans

Even the best antispyware programs are only able to remove about 70% of infections. Also, the line between spyware and trojans is getting blurred. You can never be too careful with these, we recommend at least one online scan.



Ewido Security Suite for Windows 2000 and XP only - http://shareit1.element5.com/download.html...3035e1f5a628(14 day trial) - http://shop.element5.com/product.html?cart...ateid=200004032

Ewido has been very effective at helping remove some of the more difficult infections. After installed, there should be a icon for ewido on your desktop. Double-click to run it.

Update ewido: From the main Ewido screen, click on update in the left menu, then click the Start update button.

After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, but if Ewido finds anything it will pop up a notification, so it needs to be monitored. If notified, select clean and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.

When the scan finishes, click on Save Report. This will create a text file. Please then paste the contents of the text file, and post it with your HijackThis log.


Trend Housecall - http://housecall.trendmicro.com/hous...start_corp.asp

Even if you do have antivirus software it can be compromised and corrupted by many forms of malware, so an online scan is a good idea.
!!!!!!!

Run the free online virus scan (tick the "Auto Clean" checkbox).

Here's another free online scan:
http://www.pandasoftware.com/activescan/



AVG - http://esd.element5.com/affiliate.html?aff...m%2Ffreeweb.php - http://www.grisoft.com

If you don't have any antivirus software on your system, or if your subscription to definition updates has lapsed, install AVG's very good free version of antivirus. This comprehensive package includes real-time protection, scheduled scans, automatic definition updates, and email scanning. More free antivirus tools http://www.geekstogo.com/forum/index.php?showtopic=38.

NOTE: DO NOT install more than one antivirus program. They will conflict, and provide less protection, not more.



TDS-3 - http://www.geekstogo.com/modules.php?modid...=download&id=45 - http://tds.diamondcs.com.au/

One of the best anti-trojan programs available. Free download and updates.


Step Three: Windows Updates

Windows Update - http://www.windowsupdate.com - http://www.microsoft.com/windowsxp/downloa...p1/default.mspx

An unprotected, unpatched Windows XP installation will get infected within minutes of connecting to the Internet. Because of this, we'll require you to do install critical updates before providing assistance in our forums. If not, we're both just wasting our time.

SP2 NOTE: Windows XP Service Pack 2 (SP2) has terrific security features, and we highly recommend everyone install it, however it should not be installed until your system is free from malware. Installing SP2 with malware present can cause many compatibility problems, or even prevent your computer from restarting. If your system has a malware infection, or if you're unsure, use the SP1a download link above.


Step Four: Reboot - Test
The tools above will completely clear malware from the majority of systems. Test your system to see how it's working.

If you're still having problems, continue to the next step. Otherwise, check out http://www.geekstogo.com/forum/index.php?showtopic=6060 on how to prevent future Spyware/Hijack attacks.

If u need to tweak ur computer to make thing goes faster check here

CHECK MY NEXT TUT FOR TWEAKING COMPUTER!!!!!!!!

Thank You....

lolzz no prob ankit ji

....lolz...thanks a lot.....i think just thnks was not appriciated


*Note-plz ignore da spammin lolz

thanks but no thanks my PC is already clean.
I have been running on WinXP SP1 from more than 9months now without problem.

My Suggestion:
Always keep, anti-spyware off else your pc performance will be weak [if < 512 MB Ram]
Check for spyware once every 4-5 days.

Keep Anti-Virus off most the time and only run where suspected.

Put anti virus application in download manager so that anti virus checks all the files that are downloaded.

Don't install unnecessary things.

Turn Off System Restore and Hibernate option to free up more than 1GB space on windows drive.

Keep deleting cache files.

Always run DiskCleanup [My Computer > WinDrive > Right Click > Properties > Disck Cleanup, check appropriate options and click Ok.]
Most of the times you'd free up 500mb - 1000mb of space with this.

There are 1000's more that I can't remember for now.

Wonderful.!! thats quite help ful..!! not quite.. a lot.!! thanks man..!! we hope some more tech helps.. from ur side.!!

thnx fr da tuto janvi

Janvi the link which u provided in the 1st post ...the site link ..doesnt work .. try to rechek it ...

lol too long anyways my PC is clean and instead of bothering all above move your imp files to other drives than format and reinstall windows and after that be carefull of following.

1. No Spyware/Anit Virus needed b'le me I never use them.
2. Dont accept .exe files on messenger/IRC and more.
3. Only accept files from trusted sources.
4. Always read the Certificate while accessing HTTPS pages.
5. Dont open mails from unknown sources.
6. Dont open site that have more than 1 popups.
7. Use Firefox as its most secure browser.
8. Keep Windows FIREWALL on no external firewall needed.
9. Keep your harddisk clean, always delete unnecessary stuff.
10. Try to put as much low media as you can, always store mp3's movies etc on CD-R, CR-RW or backup HardDiskDrive [I use Backup HDD as its 80gb so its easy to store and delete].
11. Never click ok on any popups [while using internet] always click 'X' dont even bother clicking Cancel.
12. Keep cleaning your temporary files.
13. If you see sign of infection than Install MICROSOFT ANTISPYWARE scan and delete spware [always delete dont quarantine or block]. Uninstall AntiSpyware after that else it'll block some of your outgoing TCP which may slowdown net access or applications access.
14. AntiVirus program if you wanna use [I recommend not to] than only use AVG AntiVirus. [http://www.grisoft.com]
15. If you wanna use AntiSpyware only use MS AntiSpyware [http://www.microsoft.com]
16. Using XP is securer than Win 98 and using WinXP Pro is better than WinXP Home.
17. Try to stay away from Beta Versions of any applications as they usually makes wrong Registeries and creates problems.

Thats all I can rem now If I get more points in mah mind will tell ya.
And sorry to say the above **** only explained SpyWare and Virus so sad na.

Thanks janvi and you too Bibli2oo3.Good work.Keep it up........lol

thx janvi!! gd work

nyc work Bibli2oo3

thanks for a great tutorial......................