Quote:
|
Originally Posted by u-Bob
how?  |
i got help from some virus forum:
Preparation
1) Download Fixwareout.exe from here and save it to your Desktop.
2) Download the trial version of Ewido Anti-Malware from here and save it to your Desktop.
When the download has finished, locate ewido-setup.exe and double click it to begin installation.
**If you already have Ewido installed, update it and go to 2)**
In the 'Additional Options' window, uncheck both:
'Install required for automatic updates (background guard)' and
'Install scan via context menu'.
When installation is complete, you will need to update Ewido to the latest definition files.
To do this:
Double click the Ewido Desktop icon.
In the main screen, on the left hand side, click Update.
In the following screen, click Start Update
A progress bar will show how the update is going. When it has finished updating, close it.
If you have problems with the updater, you can manually update Ewido. Click here.
Select the 'Full Database' download, save it to your Desktop and double click it to install.
Ewido Anti-Malware is designed to be used to both scan for and remove malicious files and also to run alongside, but not replace, your existing anti-virus program to give an added layer of protection.
However, as the real-time protection may interfere with the fixing of your PC, this function will have been disabled as long as you followed the installation instructions correctly.
At the end of the trial period, Ewido will revert to a stand-alone scanner which you can keep and update for free and use in a similar way to Ad-Aware SE Personal.
Should you wish to benefit from the real-time protection, you will need to upgrade the program. To do this simply open it and click on the Buy now online button.
3) You will need to know how to boot into Safe Mode.
Instructions can be found here.
Removal
1) Double click Fixwareout.exe to start the Fixwareout Setup Wizard
Click Next, then Install and finally, ensuring that the box to the left of Run fixit is checked, click on Finish. - then follow the prompts.
You will be asked to reboot your computer - please do so. Your system may take longer than usual to load - this is normal.
When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Click on 'Do a system scan only' and place a checkmark in the boxes to the left of the following entries, by clicking on them:
O4 - HKLM\..\Run: [dmhes.exe] C:\WINDOWS\system32\dmhes.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{131AC4AE-FA4E-44BB-9687-943360041138}: NameServer = 85.255.116.99,85.255.112.212
O17 - HKLM\System\CCS\Services\Tcpip\..\{976BDA4F-1A18-470A-BC9F-9F25E05FBBD6}: NameServer = 85.255.116.99,85.255.112.212
O17 - HKLM\System\CS1\Services\Tcpip\..\{131AC4AE-FA4E-44BB-9687-943360041138}: NameServer = 85.255.116.99,85.255.112.212
O17 - HKLM\System\CS2\Services\Tcpip\..\{131AC4AE-FA4E-44BB-9687-943360041138}: NameServer = 85.255.116.99,85.255.112.212
CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked
2) Go to Start > Control Panel >Network Connections. Right click your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on Properties.
* Make a note of the settings before you change them just in case you need to put them back how they were.
Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice.
3) Go to Start > Run, enter CMD and click OK.
At the Dos Prompt Screen, type in cd\ and then press <ENTER>.
Now type in ipconfig /flushdns and then press <ENTER>. (notice the space after ipconfig)
Then close the command prompt.
4) Boot into Safe Mode.
5) Remove any/all of the following files/folders that you can find:
Files
C:\WINDOWS\system32\dmhes.exe
As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'
6) Run Ewido.
Click on Scanner.
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK.
When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says 'Perform action with all infections' then choose clean and click OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report - click it.
Save the report.txt file to your desktop.
Now close Ewido Anti-Malware.
Warning: While the scan is in progress, DO NOT open any folders or the Windows Control Panel !!
7) Navigate to the C:\Windows\Temp folder and delete all the files that you find there.
Do this for all Usernames.
8) Navigate to C:\Documents and Settings\Username\Local Settings\Temp and delete all the files that you find there.
Do this for all Usernames.
9) Go to Start > Control Panel > Internet Options and under Temporary Internet files, click on Delete Files...
Check the box to the left of 'Delete all offline content' and then click on OK.
10) Boot into Normal Mode.