Mediacodec removal

Hi

you will need to re-run Hijackthis as per the sticky guide as the Hijackthis.exe file needs re-naming to Analyze.exe as many new malwares are hidden from the scan if the original name is still evident as in this C:\Program Files\HJT\HijackThis.exe


also a tip bumping your thread will bring it to the front page, however the guys that assist in removing malware go from the oldest thread first, which could be from page 5, thus getting to yours last sadly.

As at present malware is a bit of an epidemic all forums that assist in removing malware are busy ( some have even stopped dealing with malware logs as its just taking too much of peoples free time as this is a non-paid job, one that many here give up much of their free time to do but still unpaid ) and are doing their best to help all users needing assistance so do please bare with us.

 

You did not install the version of Spybot as requested in the READ ME. As a result you are using Spybot - Search & Destroy 1.3.1 TX which is over 2 years out of date. Uninstall this old version, REBOOT, and then please install and configure the version given in the READ ME.

Also uninstall the below (they may or may not uninstall! Just continue it they don't!)
Internet Explorer Security Plugin 2006
Internet Security Add-On

I'm going to post two messages! This is the first! Complete this procedure completely including attaching the requested log before doing the second procedure.

Download SmitfraudFix (by S!Ri) to your Desktop.

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please attach that log in your next reply.

Note:process.exe ( which is used my SmitFraudFIx ) is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. The below is a link to what process.exe is.

http://www.beyondlogic.org/consulting/proc...processutil.htm


IMPORTANT: Do NOT run any other options until you are asked to do so!

 

This is my second message. Make sure you have follow the first procedure before doing the below.

PLEASE READ ALL OF THESE INSTRUCTIONS FIRST BEFORE DOING ANYTHING. Ask any questions that you may have before starting.

Please print out or copy these instructions to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. Again, if there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Reboot your computer into Safe Mode per the safe directions in the READ & RUN ME.

Open the SmitfraudFix Folder of your Desktop, then double-click smitfraudfix.cmd file to start the tool.

Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

The tool will also check if wininet.dll is infected. If it is infected and a clean version is found, you will be prompted to replace the infected wininet.dll with the clean file. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. BUT Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.

Now reboot into normal mode and attach this new rapport.txt log here.

Now also attach new logs from ShowNew, GetRunKey, and HJT!