The Mother Board

[kltsin]

Protocol for HiJackThis and removal of stubborn infections. **

Using HiJackThis to determine an infection by your self or using automated HijackThis Analyzers can have very bad repercussions and it should be limited exclusively to identification of scumware but fixing should be done by experts only.
Remember that they don’t want to be removed from your system and blindly removing things may have serious consequences.

Step #1
Post a HiJackThis log

Download HijackThis and unzip HJT into its own folder, never run it from a temp file or from a program (WinZip, etc.).
C:\HJT or C:\Hijackthis is preferable since the program makes backups of all files removed and they me be needed if something goes wrong.
(Alternate Self-Extracting download of Hijackthis for users without XP or a ZIP utility.
Double click HijackThis_sfx.exe and select Unzip. When done click "OK".
Close the WinZip self Extractor window.
The program will be found in this location when you need to use it. C:\Program Files\HijackThis\HijackThis.exe.)

A quick tutorial of How to use HijackThis is available Here along with links for security sites that can also review HJT logs.

Run HiJackThis.exe.
Click on the Do a System Scan and save a Log File button at the top.
A text file named "hijackthis.log" will pop up.
To copy the log to a forum simply copy all of the contents of that log into your post. Simplest and safest way is to hit Ctrl+A to select ALL of the text then Ctrl+C to copy that text, then use Ctrl+V to paste that text into the appropriate thread.

Since scumware compromises your system limit your access to secure sites and personal info on an infected computer until the issue is resolved and we know the extent of the damage.

Don’t "EDIT" your HJT log, there is no personal info given and you wont be judged by what’s in there.

Never post a HJT log in someone else’s thread.
Create your own since most infections are very complicated and requires one on one help.
Create a New Topic in the Virus/Spyware/Security area even if you have a thread in another area so it will be seen by those who can help in that field.

Include all issues you have and steps you have gone through to fix it up to this point.

Please be patient for a reply.

Feel free to continue to Step #2 if you have followed all of the above as it might clean your system of most issues.
If you do, make sure you reboot and post an updated HJT log.

Also note that when you reboot some file names may change and you must then post a new log.
This is mandatory and will help you get clean quicker.


Step #2
Run updated Security Programs

Once you have posted a HJT log, there are many free utilities that can possibly clean the system for you.
Note: “By posting a log first (step #1) we can access what was installed/damaged to begin with and any action that may need to be done to fix the “leftovers” of that infection if the other scans are successful.

Update your current Anti-Virus to the latest definitions and do a full system scan.

Download and run the following free Anti-Scumware programs and scanners.

Spybot S&D
Ad-Aware
MS’s Antispyware <(For XP and Windows 2k Only.)

Run one or more of the following free Online Scans

Housecall Trend Micro
Panda Online AV Scan
BitDefender
Etrust Online AV Scan (Note these require you to use IE and allow ActiveX applets to be installed)

After running any of the above please post a new HJT log!


Step #3
After the infection is removed, Only!

Always make sure your Security Settings are reset to default since some scumware changes your settings.
Reset IE Tutorial
MS’s Antispyware also has the ability to reset IE and Windows Update settings to default automatically. <(For XP and Windows 2k Only.)


Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected) XP - Please note you need Administrator Access to clean the restore points
Do NOT attempt this until you are sure the system is clean.
Several COLD reboots are suggested first, at least you will have the option of booting to a infected system instead of not being able to Boot at all!

Windows ME

1. Right-click My Computer and then click Properties.
2. On the Performance tab, click File System
3. On the Troubleshooting tab, click to select Disable System Restore
4. Click OK twice
5. Restart your computer.

6. Right-click My Computer and again click Properties
7. On the Performance tab, click File System
8. Clear the check mark in Disable System Restore check box.
9. System Restore is now active again.

Windows XP

1. Right-click My Computer and then click Properties.
2. Click the System Restore tab.
3. Put a Check in Turn off System Restore.
4. Click Apply, and then click OK.
5. Reboot.
6. Turn ON System Restore by removing the check in Turn Off System Restore by following previous instructions.
7. Click Apply, and then click OK.
8. System Restore is now active again.

Remove Temp and Junk files.
XP users: Start > Run > Type in, cleanmgr > OK. Select the hard drive that has your OS installed and put a check in the first 5 options. Hit OK
Or
Download and run one of the two following programs.
Cleanup!
Cr*p Cleaner


Update Windows
Once your system is clean make sure you update all Critical Service Packs for your system at Microsoft Windows Update.


Free Anti-Virus Programs
AVG
AVAST
AntiVir

Good reads.
Tony Klein's "How Did I get Infected in the First Place?"
Tons of security info here
Both links offer many free programs and tips to protect yourself.


** Any help given is to be used at your own risk

[~PJ~]

Hey Mods - you going to sticky this? Excellent piece of work thanks.
_________________


Let there be respect for the earth,
Peace for its people,
Love in our lives,
Delight in the good,
Forgiveness for past wrongs,
And from now on a new start.

[Tolemac]

I'll do ya one better there, PGGB.
_________________
The Gift of Healing

[Tolemac]

Ok due to the nature of this thread and info, I'm locking this so that it won't get mucked up. Please create a new thread with your HIJACKTHIS log in it and we'll help you out the best we can.
_________________
The Gift of Healing

[Toby B.]

It helps us a great deal with regaurds to helping get your system clean if we know what we are dealing with... IF you know of a certaing Virus/Trojan/etc, PLEASE help us help you faster by posting any and all availible information. This will in most cases help expediate getting you system cleaned up..

It will also help if your AV program finds a problem (i.e. Virus/Trojan/Worm) please be sure to provide the exact variant if known.. For example, if Norton finds your system infected with the MyDoom virus. Please dont just say "Help I got infected with the MyDoom Virus"; as there are many varients of most of these vireses/trojans/worms that require different tools/steps for removal...

Please keep an eye on this thread as it will be updated and/or modified periodically...
_________________
We Help You. You Can Help Us!
Read the rules prior to posting
Tell your newsgroup or mailing list
Link to us from your pages