TR/Hiloti is a very malicious item that is designed to allow remote access to your computer to largely occupy precious system resource, trace your Internet habits to record/steal your personal information
You will need to change all your passwords, using a known clean computer (not the infected one!) and notify your bank if you do any banking (or use credit cards) online.
First, let's flush the DNS cache and restore Ms's Hosts file.
Copy and paste these lines in Note pad. @Echo on
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
Save as flush.bat
to your desktop.
Right click on the flush.bat file to run it as administrator. Your computer will reboot itself.
Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums
and save it to your desktop. Save any unsaved work
. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean
Now Please run these two programs Download and Run RKill
Please download RKill
from one of the 4 links below and save it to your desktop
. Link 1
- Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
- Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
- A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
- Please post the resulting log in your next reply.
from any of the links below, and save it to your desktop
.<--Important Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
Click on this link Here
to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious. Next: Disconnect from the internet.
If you are on Cable or DSL, unplug your computer from the modem. Next: Please disable all onboard security programs
(all running with back ground protection) as it may hinder the scanner from working. This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall Please be patient while the scan runs, at times it may appear to stall.
- Double click combofix.exe and follow the prompts.
- When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt
Post this log in your next reply