A
AndyManchesta
This is a nasty one as it can infect the Windows core
Internet DLL wininet.dll
Im not sure how well MS Antispy does with this infection
so I will leave this out of the fix but you could use MS
Antispy in safe mode first to see if it can clear this.
I think we should use Smitrem as that will check the
Wininet.dll and if its infected this remover will also
find a clean replacement on your system, from the
dllcache folder for example.
You may want to print out or make a copy of these
instructions before starting, because you will not be
able to connect to the internet during most of this fix.
Download smitRem.exe and save the file to your desktop.
http://andymanchesta.com/DL/smitRem.exe
Double click on the file and click start to extract it to
it's own folder on the desktop.
Please download, install, and update the free version of
Ewido Security Suite
http://www.ewido.net/en/download/
When installing, under "Additional Options"
uncheck "Install background guard" and "Install scan via
context menu". From the main Ewido screen, click on
update in the left menu, then click the Start update
button.
After the update finishes, the status bar at the bottom
will display "Update successful"
Exit Ewido. DO NOT run a scan yet.
If you do not already have Ad-Aware SE, Download from
here
http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-
8022_4-10045910.html
Also check for updates then exit:
Next, please reboot your computer in Safe Mode (Reboot
and keep tapping F8 then choose safe mode from the list)
Check Add/Remove screen and remove any of these if any
exist :
Security IGuard
AntiVirusGold
PSGuard
SpySheriff
Open the smitRem folder, then double click the "RunThis"
file to start the tool. Follow the prompts on screen.
Your desktop and icons will disappear and then reappear
again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish -
-- this may take a while; please be patient.
Next, run Ad-aware and perform a full scan. Remove
everything found.
Now open Ewido Security Suite
Click on Scanner
Click on Complete System Scan and the scan will begin.
If it detects a infected file it will pop up a
notification choose remove for each or check the box at
the bottom left of the pop up for "Perform action on all
infections"
When the scan is finished, click the Save report button
at the bottom of the screen.
Save the report to your desktop
Close Ewido
Next follow this path Start Menu -> Control Panel, click
Display -> Desktop -> Customize Desktop -> Web ->
Uncheck "Security Info" if present.
Restart your computer in normal mode.
Run Panda's online virus scan
http://www.pandasoftware.com/activescan/com/activescan_pri
ncipal.htm
perform a full system scan. Make sure the Autoclean box
is checked!
Finally, restart your computer once more,
If you have any problems let me know and repost the log
from the Ewido scan and the log from the smitRem tool,
which will be located at C:\smitfiles.txt.
Regards
Andy
Internet DLL wininet.dll
Im not sure how well MS Antispy does with this infection
so I will leave this out of the fix but you could use MS
Antispy in safe mode first to see if it can clear this.
I think we should use Smitrem as that will check the
Wininet.dll and if its infected this remover will also
find a clean replacement on your system, from the
dllcache folder for example.
You may want to print out or make a copy of these
instructions before starting, because you will not be
able to connect to the internet during most of this fix.
Download smitRem.exe and save the file to your desktop.
http://andymanchesta.com/DL/smitRem.exe
Double click on the file and click start to extract it to
it's own folder on the desktop.
Please download, install, and update the free version of
Ewido Security Suite
http://www.ewido.net/en/download/
When installing, under "Additional Options"
uncheck "Install background guard" and "Install scan via
context menu". From the main Ewido screen, click on
update in the left menu, then click the Start update
button.
After the update finishes, the status bar at the bottom
will display "Update successful"
Exit Ewido. DO NOT run a scan yet.
If you do not already have Ad-Aware SE, Download from
here
http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-
8022_4-10045910.html
Also check for updates then exit:
Next, please reboot your computer in Safe Mode (Reboot
and keep tapping F8 then choose safe mode from the list)
Check Add/Remove screen and remove any of these if any
exist :
Security IGuard
AntiVirusGold
PSGuard
SpySheriff
Open the smitRem folder, then double click the "RunThis"
file to start the tool. Follow the prompts on screen.
Your desktop and icons will disappear and then reappear
again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish -
-- this may take a while; please be patient.
Next, run Ad-aware and perform a full scan. Remove
everything found.
Now open Ewido Security Suite
Click on Scanner
Click on Complete System Scan and the scan will begin.
If it detects a infected file it will pop up a
notification choose remove for each or check the box at
the bottom left of the pop up for "Perform action on all
infections"
When the scan is finished, click the Save report button
at the bottom of the screen.
Save the report to your desktop
Close Ewido
Next follow this path Start Menu -> Control Panel, click
Display -> Desktop -> Customize Desktop -> Web ->
Uncheck "Security Info" if present.
Restart your computer in normal mode.
Run Panda's online virus scan
http://www.pandasoftware.com/activescan/com/activescan_pri
ncipal.htm
perform a full system scan. Make sure the Autoclean box
is checked!
Finally, restart your computer once more,
If you have any problems let me know and repost the log
from the Ewido scan and the log from the smitRem tool,
which will be located at C:\smitfiles.txt.
Regards
Andy