Help me remove virus/infection

Hi Andrew,
Here are the logs of FSS and Hitman Pro. Thanks.

Ok, fss looked good, but hitman pro did not.

First thing first, delete the ffs exe and herdprotect exe. Now run a new scan with hitmanpro.

I found traces of conduit. You are going to need to do the following:

Activate the free 30 days of hitman pro.

Remove what hitmanpro finds. Especially these below:

mysearchdial
bandoo
conduit

Restart the pc. Post a fresh new log of hitman pro.

_________________________________________________________________________________


You will then need to reset your web browsers, (do you have any others?)

See here on how to reset internet explorer:


Warning
Doing the following will reset internet explorer, and will lose all saved passwords and settings


Tutorial for visual walkthrough:

Internet Explorer - Reset

Worded steps:

Open Control panel. - Network and internet. - internet options - advanced - Reset - Check the box to delete personal settings - Click reset. Click ok. Restart the PC.

andrew129260 said:

Ok, fss looked good, but hitman pro did not.

First thing first, delete the ffs exe and herdprotect exe. Now run a new scan with hitmanpro.

I found traces of conduit. You are going to need to do the following:

Activate the free 30 days of hitman pro.

Remove what hitmanpro finds. Especially these below:

mysearchdial
bandoo
conduit

Restart the pc. Post a fresh new log of hitman pro.

_________________________________________________________________________________


You will then need to reset your web browsers, (do you have any others?)

See here on how to reset internet explorer:


Warning
Doing the following will reset internet explorer, and will lose all saved passwords and settings


Tutorial for visual walkthrough:

Internet Explorer - Reset

Worded steps:

Open Control panel. - Network and internet. - internet options - advanced - Reset - Check the box to delete personal settings - Click reset. Click ok. Restart the PC.

I have attached the hitman pro log, I have also reset IE10 and google chrome, Thanks.

Great job! :) A few more steps then we should be done.

1.) Download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool

• Vista/Windows 7/8 users right-click and select Run As Administrator.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Upload the contents of that logfile in your next reply using the paper clip on the reply box.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

2.) Using AdwCleaner v3: Scan & Clean:

Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...

This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Upload the contents of that logfile in your next reply using the paper clip on the reply box.

Junkware Removal tool:


3.) Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Upload the contents of that logfile in your next reply using the paper clip on the reply box.
• When completed make sure to re-enable your antivirus

Hi Andrew,
I have no preference to keep any programs, please find the log below, I will do the steps 2 and 3 once you replied, Thanks.
EDIT:
I am not sure about wStLibG64 service, can I remove it as well.

Go ahead and scan and clean everything found for adwcleaner. then run Jrt- it will not prompt, it will just remove.

Info about the wStLibG64 service is here if your curious:

http://www.herdprotect.com/wstlibg64...9899ad1f6.aspx

Thanks for the link, hopefully everything is fine.

Logs look great now, good job.


A good idea when a pc is infected with malware is to disable system protection (AKA restore points) as malware likes to hide in restore points and recover itself upon boot.

Please follow this tutorial to disable system protection (system restore points) until we confirm your pc is clean. Keep it off until I tell you that you can turn it back on.

When you turn off system protection, it deletes all restore points and prevents windows from making new ones. (So malware cannot make new ones either.)

Here is the tutorial:

System Protection - Turn On or Off

_________________________________________________________________________________


Reboot the pc, and then re-enable system protection.


Now, rerun a scan with herdprotect and post the log.

Here's the herdProtect log after switching off the System protection.

Log looks good.

Make sure you turn system protection back on, and have it at least 10%.




Make sure your data is backed up either on an external hard drive or somewhere else before proceeding: (Just a precaution)

1.) Please download and save the file TFC by Old Timer. Again, save the file to your downloads folder or your desktop. Do not run it.

Downloading TFC


2.) Close your programs before running this tool. TFC will close ALL open programs.

3.) Browse to where you saved tfc. Right click on tfc.exe and choose Run As Administrator.

4.) Click the Start button to begin the cleaning process and let it run uninterrupted to completion. When it finishes it will say total files cleaned, and the start button will be grayed out. Click exit.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.