|Ok, lets start here.|
Please Copy and Paste the instructions into a text file, print/write down steps & info. You will need them, as they are hard to remember, for when you are offline. Cross off each step as you do it.
Note: Is your important stuff backed up, including your emails & address book. Anything can happen, during the clean up.
The badies are always ahead of the goodies, be aware, this can be a very long process, involving many different tools to clean up an infected comp.
Some infections are irremovable.
As we dismantle the infection bit by bit, that may allow the repeat use of programs, which may in turn pick up more.
Removal of infected parts of the system, may cause other parts to stop working, such as your Internet connection or Services. These we then, have to repair.
If any program won't run ( due to the infection ) let me know.
1: Download & run Unhide
To run Unhide, simply download it to your desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
Copy & Paste the contents of the log. Let me know if it doesn't produce a log please.
3: Download Security Check by screen317 from one of the following links and save it to your desktop.
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
SecurityCheck is a program that searches for installed and running security programs on a user's computer. After it is finished, SecurityCheck will then display a log file that contains information about the security programs found on your computer and the status of security services such as Windows Firewall.
The log file that SecurityCheck creates is broken down into different sections. These sections are:
The Antivirus/Firewall Check section will contain information about antivirus programs that are installed on your computer and whether or not you have a firewall enabled.
The Anti-malware/Other Utilities Check lists installed anti-malware programs as well as utility programs that include Java, Adobe Reader, and Flash.
The Process Check section will list all of the running processes at the time the log was created.
4: Please download and run ListParts by Farbar (for 32-bit system):
Please download and run ListParts64 by Farbar (for 64-bit system):
Click on the Scan button.
The scan results will open in Notepad.
Copy and Paste the contents into your reply.
If Listparts won't run. May get the message > The disk management services could not complete the operation
1: Restart the computer. Any messages after the reboot?
2: Delete your copy of ListParts and download the latest ListParts and this time put in on the root of C drive (start => My Computer => C drive). Run ListParts, Copy & Paste the contents the log in your next reply.
Run ListParts, Copy & Paste the contents of the log please.
message edited by Johnw