CRC32: 622CE154
MD5: 7D1C0B37ED51E7AB7BBEF5C68EBD7568
SHA-1: E1950E3696071191D95F3295767990FA581E0886
===================================================
Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
After clicking Fix, exit HJT.
Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.
Now use windows explorer to find and delete:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCALSETTINGS\Temp\olhrwef.exe
C:\3j2h0tf.bat
C:\cj1m.com
C:\ix8bmwx.bat
Run CCLeaner and then make sure this folder is empty:
C:\Documents and Settings\Administrator\Local Settings\Temp\
Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).
Then attach the below logs:
* SAS, MBAM and RootRepeal logs
* C:\ComboFix.txt
* C:\MGlogs.zip
Make sure you tell me how things are working now!
Credit: Majorgeeks
MD5: 7D1C0B37ED51E7AB7BBEF5C68EBD7568
SHA-1: E1950E3696071191D95F3295767990FA581E0886
===================================================
Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):
Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
Quote:
| O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\olhrwef.exe |
Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
Quote:
REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"=- |
to the registry. If you do not get a success message, it definitely did not work.
Now use windows explorer to find and delete:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCALSETTINGS\Temp\olhrwef.exe
C:\3j2h0tf.bat
C:\cj1m.com
C:\ix8bmwx.bat
Run CCLeaner and then make sure this folder is empty:
C:\Documents and Settings\Administrator\Local Settings\Temp\
Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).
Then attach the below logs:
* SAS, MBAM and RootRepeal logs
* C:\ComboFix.txt
* C:\MGlogs.zip
Make sure you tell me how things are working now!
Credit: Majorgeeks
