Most Current Malware Removal Instructions?

[sabered]

Hi,

On this particular machine, I'm running Windows 2000, SP4, with all the latest updates.

Occasionally, while browsing major news sites and reputable online stores, I'll get a short period of IE6 windows automatically opening up that contain unwanted ads. These are not the type of ads that the sites I'm browsing would want to be associated with.

I'd like to get rid of this distraction and make reasonably certain that this machine is generally clean of malware.

The only questionably sane installation I did recently was to try the MaxPCSecure's free Spyware Detector scan. I've since uninstalled that program.

The latest freeware versions of Spybot and Ad-Aware don't pick up anything unusual in this regard.

What's the link on this site to the most current generic malware removal instructions that would apply to Windows 2000? I'm thinking that I could first run through such a set of instructions to see if that would eliminate the pop-up malware.

Thanks

[TimW]

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide


Note:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

[sabered]

I just completed the Malwarebytes Anti-Malware instructions of the Cleaning Procedure; and, my active BillP Studios WinPatrol product is now alerting me that it is detecting a change to two of my file type associations, .reg and .scr.

(Just an fyi that, on my machine, .scr isn't listed as a file type under Explore->Tools->Folder Options->File Types. I realize that .scr is the extension for screensavers; but, I've also read at http://filext.com/file-extension/scr that a .scr file can execute other files which carry a Trojan.)

With regard to .reg, WinPatrol indicates that:
The program currently associated with this file type is
Registry Editor
Microsoft Corporation
regedit.exe %1

A change was made to use the following program for this file type
Registry Editor
Microsoft Corporation
regedit.exe %1, %*

With regard to .scr, WinPatrol indicates that:
The program associated with this file type is
Name
Company Name
%1 /S

A change was made to use the following program for this file type
Name
Company Name
%1, %*

Interestingly, for this second alert, there's no program name preceding the %1, %*; so, I'm not sure what program would actually be called with these paramaters.

Currently, I'm manually instructing WinPatrol to not permit the above changes; but this causes me to continue to receive the two WinPatrol alerts approximately every 12 minutes.

What do you suggest I do? Do I permit the changes to the file type associations and continue on to the combofix.exe instructions? Or, do I somehow go back and try to determine what's periodically generating the above alerts?

Thanks.

[TimW]

The instructions ask you to disable your anti-virus and spyware programs while you run the scans. Please do that and attach the logs.