+ 0 Votes Some tips near the bottom Jacky Howe 4 years ago let us know how you get on.Follow the steps below with the System started and restarted in Safe Mode with Networking. Running in Safe Mode loads a minimal set of drivers for the Operating System. You can use these options to start Windows so that you can modify the registry or load or remove drivers. If you can access the Internet use it to download and install the files.If you can't access the internet to update MBAM try the instructions below to clear a path to the internet to be able to run MBAM. You can also download the updates for MBAM and run them from the USB.From another System download and install Spybot, update it and copy the the installed folders to a USB Stick. Copy MBAM and the Update as well.With the new strains of Virus that have been created you may find it necessary to rename the executable files so that they will work. Rename mbam-setup.exe and then navigate to the install folder and rename mbam.exe. Do not change the files extension from .exe. Do the same with Spybot.Removing malware from System Restore points: When your infected with any trojans, spyware, malware, they could have been saved in System Restore and can re-infect you. It's best to remove them.XPPress the WinKey + r type sysdm.cpl and press Enter. Select the System Restore tab and check "Turn off System Restore". VistaPress the WinKey + r type sysdm.cpl and press EnterSelect the System Protection tab. Untick the box next to Local Disk C: and any other drives and click on Turn System Restore off.After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from "Turn off System Restore". When all is clear you may need to tidy up the Registry. Link is at the bottom.Once you have restarted the Infected System in Safe Mode, navigate to the USB stick and run Spybot.Download Spybot - Search & Destroy and install it. Update it. http://www.safer-networking.org/en/download/index.htmlWhen you first start Spybot, click on the Mode menu and select Advanced mode. Under the Tools options (bottom left) select View Report. On the screen in the right hand pane, select View report to create a new report. Save the report as it may come in handy later. Spybot will also keep log files in this location in Vista:C:\ProgramData\Spybot - Search & Destroy\LogsSpybot will also keep saved log files in this location in XP:C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\LogsDownload Malwarebytes Anti-Malware, install it and update it.<a href="http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe" target="_blank"><u>Malwarebytes</u></a>* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select Perform Quick Scan, then click Scan.* When the scan is complete, click OK, then Show Results to view the results.* Be sure that everything is checked, and click Remove Selected.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. <a href="http://malwarebytes.gt500.org/" target="_blank"><u>mbam-rules</u></a>I would keep scanning with it until it is clean by closing out and rebooting and running it again.Run this Rootkit Revealer GMer<a href="http://www.gmer.net/index.php" target="_blank"><u>Gmer</u></a>FAQ<a href="http://www.gmer.net/faq.php" target="_blank"><u>FAQ</u></a>Those applications should be able to get you up and running. Here are some extra tasks if it is not working for you.Tip! If you want to write protect the USB drive/stick while you are working on an infected System. In the recent release of Windows XP Service Pack 2 (SP2), a new feature was added by Microsoft to allow the write protection of USB block storage devices. This entails a simple Registry modification that requires no hardware devices to write protect thumb drives.If the USB drive has no small switch for write protection you can turn it on through the Registry via Command Line.REG ADD HKLM\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies /v WriteProtect /t REG_DWORD /d 1 /fand one to turn it off but a System restart is required. Place a Batch file on the USB to turn it off.reg delete HKLM\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies /fIf TaskManager has been disabled this will enable TaskManager to allow access to the Registry.Command line removal or create Batch files.Click Start Run and type cmd and then press Enter.Execute the following commands in the command line in order to activate the registry editor and Task Manager:reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /freg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /fYou could also check these registry entries and change the values from 1 to 0 if they are disabled.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1" If you are still having problems try this.Download Combofix and rename the executable Combofix.exe to cfix.exe before running it.http://www.combofix.org/http://www.combofix.org/download.phpBy now you should know what the name if the infection is, if you think that it may have infected the MBR try this.Fixmbr - Repair Master Boot Record and remove Viral activity:Sitehttp://www.ambience.sk/fdisk-master-boot-record-windows-linux-lilo-fixmbr.phpDownloadhttp://www.ambience.sk/experiments/MbrFix.exeDownload MbrFix to c:\Press Winkey + r and type in cmd and press Enter.now type cd\ and press Enter.now type MbrFix /drive 0 savembr Backup_MBR_0.bin and press Enter.now type MbrFix /drive 0 fixmbr /yes and press Enter.now type exit and press Enter.Restart the System for it to take effect.Registry Cleanup:Download and install CCleaner to tidy up your Registry. Backup the Registry as you go along, rescan again and again saving as you go until there are no errors left.Cleaner: WindowsWhen you first open Ccleaner you will have an option to Analyze or Run Cleaner, after checking the left Pane and making your choices. Delete all Temp Files. If you scroll down you will see a greyed out box that has Advanced next to it. Left click on it and keep pressing OK to all of the responses. I normally Untick Windows Log Files and Memory Dumps as they may come in handy.You don't have to install all of the add ons or shortcuts just the one to the Desktop.http://www.ccleaner.com/downloadOr if you want to wipe the Hard drive and start fresh try this. This is a sure way to remove any infections.DBAN will overwrite the hard drive filling it with 0's and 1's completly wiping the drive of information. You then create new Partitions, Format and install the OS without having to worry about a reinfection. Any traces of the Viral infection should be annihilated. Darik's Boot and Nuke.http://dban.sourceforge.net/Autonuke should do it by running it at least 3 times.Removal Toolshttp://www.symantec.com/business/security_response/removaltools.jsp + 0 Votes Maybe TR should have a Paid Support area CG IT 4 years ago all these people coming onto the site and put in the subject Help.. or Please Help.... + 0 Votes Not a bad idea Jacky Howe 4 years ago I counted 7 this morning.