header image
Home arrow Downloads
Downloads PDF Print E-mail
Written by Ed Freeman   
Mar 06, 2008 at 08:22 PM

 

 



Welcome to the Downloads Page. This is the page where you can download the files that our experts recommend or can instruct you to get. It is recommended that you use these programs with the assistance of one of our staff members.


Used correctly this software will help us rid your computer of unwanted programs, viruses, and other malware.

Freeman Business Services does not offer a warranty on this software. Freeman Business Services cannot be held responsible for misuse or failure to follow the instructions given by our staff.







The reality is that Hijack This logs are getting more complicated, require more time to analyze, and the infections are more difficult to remove -- often requiring a multi-step process. Anything that you can do to help us before posting a log is greatly appreciated.



Preparation
: These initial steps will remove temporary files and make the malware scans that follow run faster.



ATF Cleaner (for Windows 2000 and XP ONLY) - Download - Hompage



  1. Double-click ATF-Cleaner.exe to run the program.

  2. Under Main choose: Select All

  3. Click the Empty Selected button.

    1. If you use Firefox browser

      • Click Firefox at the top and choose: Select All

      • Click the Empty Selected button.

        NOTE: If you would like to keep your saved passwords, please click No at the prompt.



    2. If you use Opera browser

      • Click Opera at the top and choose: Select All

      • Click the Empty Selected button.

        NOTE: If you would like to keep your saved passwords, please click No at the prompt.






Click Exit on the Main menu to close the program.



System Restore (Windows XP and ME only)

Create a new System Restore point, and flush old.

  1. Create a New System Restore Point:

    1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.

    2. On the Welcome page, click Create a restore point.

    3. On the Create a Restore Point page, enter a descriptive name for your restore point, and then click Create.



  2. Flush All Previous System Restore Points:

    1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Disk Cleanup.

    2. Click the More Options tab, and then under System Restore, click Clean up.

    3. Click Yes to remove all but the most recent restore point. Click OK, click Yes to proceed with this action, and then click OK.




If you have anything disabled by MSConfig or any other startup manager, please re-enable them before running any scans, or posting a Hijack This log.





Step One: Scan for Spyware/Adware




Ad-aware SEDownload - Homepage

1) Download and install.

2) Run the Webupdate feature. (Click on the Globe icon, Click connect, Click OK, Click Finish.)

3) Set up the Configurations (Gear wheel at the top) as follows:

  • General Button > Safety & Settings: Check (Green) all three.


  • Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".


4) To start the scan, Click > "Scan Now"

  • Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.


  • Select "Search for low-risk threats"


  • Select "Perform full system scan"


  • Click Next


5) When the scan has completed, select Next.

  • In the Scanning Results window, select the "Scan Summary" tab.

  • Check all objects found in the Critical Objects tab that you wish to remove

  • Click Next, Click OK.


AVG Anti-Spyware (for Windows 2000 and XP ONLY) - Download 30 day Free Trial - Homepage - Purchase

Ewido has been very effective at helping remove some of the more difficult infections.

  1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.

  2. Once the setup is complete you will need run ewido and update the definition files.

  3. On the main screen select the icon "Update" then select the "Update now" link.

    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.



  4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

  6. Under "Reports"

    • Select "Automatically generate report after every scan"

    • Un-Select "Only if threats were found"




Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

  1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.



    IMPORTANT:


    Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:

  2. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.

  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".

  4. ewido will now begin the scanning process, be patient this may take a little time.

    Once the scan is complete do the following:

  5. If you have any infections you will prompted, then select "Apply all actions"

  6. Next select the "Reports" icon at the top.

  7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

  8. Close ewido and reboot your system back into Normal Mode.


If needed, please then paste the contents of the text file, and post it with your HijackThis log.



No single program removes every threat. A multi-prong approach is best.





Step Two: Viruses/Trojans




Even the best antispyware programs are only able to remove about 70% of infections. Also, the line between spyware and trojans is getting blurred. To getting a deeper look at what is hiding on your system run the following online virus scan and post the results in your topic.



Online Panda Activescan.

  1. Once you are on the Panda site click the Scan your PC button

  2. A new window will open...click the Check Now button

  3. Enter your Country

  4. Enter your State/Province

  5. Enter your e-mail address and click send

  6. Select either Home User or Company

  7. Click the big Scan Now button

  8. If it wants to install an ActiveX component allow it

  9. It will start downloading the files it requires for the scan


    (Note: It may take a couple of minutes)



  10. When download is complete, click on My Computer to start the scan

  11. When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report if you start a topic for assistance.


If you don't have any antivirus software on your system, or if your subscription to definition updates has lapsed, we recommend AVG's very good free version of antivirus. This comprehensive package includes real-time protection, scheduled scans, automatic definition updates, and email scanning. More free antivirus tools http://www.geekstogo.com/forum/index.php?showtopic=38. DO NOT install more than one antivirus program. They will conflict, and provide less protection, not more. Uninstall any existing antivirus programs if you're going to install AVG.

AVG - Download - HomePage - Purchase







Step Three: Windows Updates




Windows Update - Windows Update - SP1

An unprotected, unpatched Windows XP installation will get infected within minutes of connecting to the Internet. Because of this, we'll require you to do install critical updates before providing assistance in our forums. If not, we're both just wasting our time.



SP2 NOTE: Windows XP Service Pack 2 (SP2) has terrific security features, and we highly recommend everyone install it, however it should not be installed until your system is free from malware. Installing SP2 with malware present can cause many compatibility problems, or even prevent your computer from restarting. If your system has a malware infection, or if you're unsure, use the SP1a download link above.





Step Four: Reboot - Test




The tools above will completely clear malware from the majority of systems. Test your system to see how it's working.



If you're still having problems, continue to the next step. Otherwise, check out http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I on how to prevent future Spyware/Hijack attacks.





Step Five: Posting a Hijack This Log




Hijack This - Download

Automated tools are not always successful at removing malware from your system. Some infections may generate random files names, are too new, or use other tricks to avoid detection.



HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers. Some items are perfectly fine. You should not remove them. Never remove everything. Doing that could leave you with missing items needed to run legitimate programs and add-ins.



This section is designed to help you produce a log, post the log into the Forum and finally remove the items as directed by the Member helping you. This involves no analysis of the list contents by you. That will be done by the Geeks to Go Staff.



If you have run and fixed anything with Spybot Search and Destroy, Ad-Aware, or any spyware program please reboot before scanning.



Save HijackThis in its own folder (i.e. C:\HJT). DO NOT run it from within a zip manager (Winzip), as no backups will be saved.



This is how HijackThis looks when it first opened.



You do not have to change any settings at this point.

Notice the empty section in the middle. This is where the scan results will be listed later.

Note the set of buttons down the middle. To start the scan, Click the Do a System Scan and Save a Logfile button on the top.



HijackThis after the scan.



After HijackThis finishes scanning, a log will automatically open for you in Notepad with the results.



It will also be helpful to provide an uninstall list as well

  • Start HijackThis

  • Click on the Config button

  • Click on the Misc Tools button

  • Click on the Open Uninstall Manager button.

  • You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your topic please


Return to the Forum and reply to your original post (or start a new thread in the http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html). Copy the entire contents of the Notepad file that opened, and paste it into your post. Then, wait for a Staff member to reply to your thread with instructions.



Additional Copy and Paste Instructions

Having problems with cut and paste? Open the text file. Go to the Toolbar of your text editor, Notepad for example and click Edit. Move the mouse down to Select All and click on Select All to highlight the text. Go back to Edit again and move the mouse down to Copy. Click Copy. Go to the Forum and reply to your original post. When the page opens, click on an empty space in the reply window with your mouse to set focus for the paste operation. Finally, hold down the Ctrl button and click the letter v on the keyboard to paste the text into your post.



Mark Items for Removal

Once you have received advice on what should be removed, reopen HijackThis. This time, click the Do a system scan only button. You have changed nothing and this scan result will be the same as the first. Place a check-mark in the box in front of each item you plan to remove. In this example, there are three items marked for removal.



Click the Fix checked button.

A confirmation box will appear. Click Yes. HijackThis will now remove the checked items.



You Must be registered and logged in to post a Hijack This Log in the Forums.





This guide originally created by Don77 from Geekstogo.com