Welcome to Lockergnome.
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.
Please download Ewido Security Suite at
http://www.ewido.net/en/download/.
1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.
If you are having problems with the updater, you can go to
http://www.ewido.net/en/download/updates/ to update manually.
Download CleanUp!
http://cleanup.stevengould.org/ (Alternate Link if main link don't work -
http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.
Download CWShredder at
http://www.greyknight17.com/spy/CWShredder.exe and run it. Click on 'I Agree' button if you agree. Click on 'Fix' (it will automatically fix anything it finds for you) and then click OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.
Restart your computer and boot into Safe Mode (if you don't know how, go to
http://www.bleepingcomputer.com/forums/ind...showtutorial=61 ).
CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.
Now open Ewido and do a scan on your system.
* Click on scanner.
* Click on 'Complete System Scan' and the scan will begin.
* While the scan is in progress you will be prompted to clean the first infected file it finds. Choose 'Remove', then put a check next to 'Perform action on all infections' in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.
Exit Ewido when it's done.
* Once the scan has completed, there will be a button located on the bottom of the screen named 'Save report'.
* Click 'Save report'.
* Save the report to your desktop.
Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one:
O4 - HKLM\..\Run: [AdobeReaderPro] lssas.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] lssas.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS1\system32\ktn6l75s1.dll
Locate and delete the following:
lssas.exe - make SURE it's spelled exactly as shown here
Restart your computer to get back to Normal Mode.
Download L2MFix from one of these two locations:
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts. Then open the newly added l2mfix folder on your desktop.
Close any programs you have open since this step requires a reboot.
From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing Enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2MFix will continue to scan your computer and when it's finished, notepad will open with a log.
Copy the contents of that log and paste it back into this thread, along with a new HijackThis log and the Ewido report.
IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
Also go to the Windows Update site now and make sure you got all the critical and recommended updates installed.
General