If you want to receive help on this forum with your malware problem, please follow these steps.

• STEP 1. Describe the problems/symptoms you are experiencing. "I have a virus" is not a good description.
• STEP 2. If you are being bugged by obnoxious popups of a so-called security program or system tool, that does not allow you to work on your computer and practically forces you to buy said program: you are infected with rogueware. If this is the case, go to STEP 3. If this is not the case, go to STEP 4.
• STEP 3. Disable rogueware temporarily using the instructions here. After that go to STEP 5.
• STEP 4. If you are being redirected when clicking search links, follow the instructions here and after that proceed to STEP 5.
• STEP 5. Provide OTL logs as described here. Proceed to STEP 6.
• STEP 6. After posting your thread go to Thread options > Subscribe to this thread > Instant notification by mail. Nothing is more frustrating than spending time on a computer problem and see the original poster never getting back to his own thread.

PS1. If evidence is found of software piracy or other illegal activities on your computer, expect your malware case to be instadropped.
PS2. Post in the forum, do not PM. Help in the forum is for free. Private help is outside the "free" scope.

This is an update to Lirva's thread on the topic, which is a little old: http://forumserver.twoplustwo.com/48...osting-321637/

Please download RKill by Grinler from Download Mirror #1 and save it to your desktop.
Download Mirror #1 (rkill.exe)
Download Mirror #2 (rkill.scr)
Download Mirror #3 (rkill.com)
Download Mirror #4 (WiNlOgOn.exe)
Download Mirror #5 (uSeRiNiT.exe)
Download Mirror #6 (iExplore.exe)
Download Mirror #7 (eXplorer.exe)

• Double click the RKill desktop icon (right click > Run as Administrator for Vista/WIN7).
• A black screen will briefly flash indicating a successful run.
• If this does not occur please delete that application and try using Mirror #2
• Continue process until the tool runs.
• Important: RKill only temporarily disables the malware. If you reboot the computer, it will be active again. So do not reboot until we kill the infection.

====================

RKill troubleshooting section

Situation 1: you cannot get past the rogue warning messages
If you are able to download the tool, but all versions fail to disable the rogue (try multiple times!), try these tricks:

• Restart your computer and at the moment your desktop appears, doubleclick the RKill icon ASAP! The malware might not have full control yet and RKill could slip through its mazes.
• Doubleclick the RKill icon and when the rogue pops up with its fake warning message, leave all windows open and try to run RKill again by doubleclicking again.

Situation 2: you cannot download RKill
It is possible that you cannot download RKill because the malware blocks internet access. In that case, download RKill from a clean computer and copy it to e.g. an USB drive for use at the infected computer. If you do not have a clean computer available try the following:

• Reboot your computer
• Before windows starts to load, hit F8 a couple of times
• A startup menu appears - choose Safe Mode with Networking

After that:
Remove the Proxy settings

1. In Internet Explorer
2. Tools Menu -> Internet Options -> Connections Tab -> Lan Settings > uncheck "use a proxy server" (or reconfigure the Proxy server again in case you have set it previously).

1. In Firefox
2. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
3. Click the apply button and restart that computer in normal mode.

And try to download RKill again.

• Download TDSSKiller by Kaspersky from here and save it to your Desktop
• Doubleclick TDSSKiller.exe to run the tool
• Click the Start Scan button
• After the scan has finished, click the Close button
• Click the Report button and copy/paste the contents of it into your next reply
• The report can also be found in the root of your Windows drive (most likely C:\).

Please download OTL by OldTimer from here and save it to your Desktop.

• Close all windows and double click OTL.exe.
• The Extra Registry setting should be Use Safelist
• Copy and paste the following text into the Custom Scans/Fixes box:

• Click the Run Scan button and allow it to run.
• It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
• You may need to use multiple posts to get it all.

Below follows a short list of recommendations. None of these are earth shattering and you can find similar lists all over the Internet. If you require specific help with either of these, Google can be your friend and if not, feel free to post your question in the forum.

1. Choose a safe operating system. Windows XP < Windows Vista < Windows 7 < Linux/Mac.
2. Avoid cracked software, keygens etc. Pay for your software or find free alternatives.
3. Install an antivirus and exactly ONE. Don´t spend too much time on antivirus choice. The differences between them are overrated. Panda Cloud, Avast!, Avira are all free and A-OK. I´m not so fond of AVG, because it is a real PITA to clean uninstall from your computer. On 64-bit systems consider Comodo.
4. Don´t use an administrator account for your daily activities. Use a separate administrator account for administrator stuff, like (un)installing software wellju post FTW.
5. Keep your operating system, browser, Java and PDF reader (especially if you use Adobe Reader) updated.
6. Use a safe browser. Google Chrome and its clones are the best imo. Firefox + NoScript is not safe if you sometimes "temporarily allow" web content.
7. Install a firewall, if you have system memory >1 GB. Again: only ONE firewall. Online Armor, Comodo and Outpost are all free and fine choices.
8. Install an on-demand scanner for scanning your computer on a regular basis. MBAM is the preferred choice.
9. Use two partitions (or better two harddisks) on your system. One for operating system/programs, the other for your personal data (documents, movies, music, photos, etc).
10. Make an image of your system partition/harddisk and store it on your data partition/disk (e.g. with Clonezilla) or (better) on a removable disk.
11. If you don´t keep an image of your system disk, make sure you can recuperate your operating system, e.g. by having a Windows disk.
12. If you have a factory installed computer without Windows disk, verify the installed restore options. You may need to burn a couple of disks.
13. Pre-installed computers often have a customized MBR (Master Boot Record, a popular target for infections nowadays). Run MBRCheck to see if it recognizes your MBR. If it does not, make a backup of your MBR. Standard MBRs are easy to restore, customized MBRs are not, so this backup copy will help you here.
14. funkyworms videos FTW.

More detailed information about point 13 of the previous post. Detailed instructions of how to make a backup of your MBR, something that can never be a bad idea.

Please navigate to the Systemintegrasjon AS website here.
Various products are being offered on this website, find MBRFix and click the download link to download this tool.

• Unpack the zip archive and extract MBRFix.exe to your desktop
• Go to Start > Run, copy/paste the following (including the quotes):
  Quote:

  "%userprofile%\desktop\MBRFix" /drive 0 savembr "%userprofile%\desktop\MBR_0.dat"

  and hit Enter.
• A file named MBR_0.dat will appear on your desktop, containing the backup of your Master Boot Record.
• Store this file in a safe place.

NOTE: in some foreign languages Windows the Desktop is not called "Desktop". You will have to change the quoted script accordingly, otherwise it will fail.

In regards to getting rkill running, before the malware starts, place rkill into the startup folder. Rkill will run when computer is booted and will not give malware a chance to start up.

bump