12-21-2011 05:12 PM - edited 12-21-2011 05:14 PM
Need help removing the above virus. Rebooted and entered safe mode with networking and still get the popups and sometimes blocks any further work online. Ran the av removal but not sure it worked and no change in the popups.
Attached is the Hijack this log. Thanks
Solved! Go to Solution.
12-21-2011 09:21 PM - edited 12-21-2011 09:21 PM
Please download RKILL from the following locations. Please note that the other filenames below are RKill as well, just renamed in order to allow it run by certain malware. SPECIAL THANKS TO BLEEPINGCOMPUTERS.
When RKill is run it will display a console screen similar to the one below:
That console screen will continue to run until it RKill has finished. Once finished, the box will close and a log will be displayed showing all of the processes that were terminated by RKill and while RKill was running.
Note:Rkill only terminates malicious rougue processes temporarily enabling to run other tools.
Then it will display a log copy and paste it here on next reply.
Download ComboFix from the any of the locations given in this website:
12-22-2011 06:31 AM
Started computer in Safe mode with networking, then downloaded RKill and ran. The console screen never appeared and never received the log file. Should I go ahead with the Combofix steps?
12-22-2011 07:12 AM - edited 12-22-2011 07:12 AM
Yes please run combofix and post the log stay in safe mode unless told to boot to normal mode.
12-22-2011 07:20 AM
OK. Only way I could get Rkill and Combofix to run was in regular mode. Never did get the log from Rkill but did get Combofix to run and log is attached. I think it must have corrected something since no more pop ups from Win 7 Antispyware 2012 so far. Combofix log is attached.
Thanks so much for your help.
12-22-2011 07:21 AM - edited 12-22-2011 07:24 AM
Ok..lets bring down the rougue toaster
Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
12-22-2011 05:38 PM
Okay, ran the MBAM and the TDSSKiller. MBAM found two items requiring removal and TDSSKiller didn't find anything. The logs for each are attached. Can't tell you how much I appreciate your help on this.
What is your recommendation on how to prevent this type of virus from getting throught the antivirus software. Do I need to add Webroot or some other program?
Again, thanks so very much and have a wonderful Christmas
12-22-2011 07:18 PM - edited 12-22-2011 07:22 PM
subject to no further problems?
your computer is clean.
Now let me do some tune-ups.
Mark this topic as solved...use the options tab of your topic to do so.
For the first run I would recommend a boot defrag and disk check
Download and run Puran Disc Defragmenter
Malwarebytes. Update and run it today also i recommend to run it weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
To manually create a new Restore Point
Now we can purge the infected ones
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
I recommend comodo firewall with defence+ as a second line of defence here is the link to it:
To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?