Trojan problem

Please follow the steps below:

- download Nail/Bolder/Aurora Remover 0.3.1 Beta and save it to its own folder like c:\ABIremover

- Now extract the abiremover.exe file from the ZIP file into the folder you created but do not run the EXE yet. We will run it later.

- Now reboot into safe mode, run the abiremover.exe but make sure you are physically disconnected from the internet (unplug your cable to be sure). Just click install, wait (explorer window will disapear)

- When abiremover finishes just reboot into normal and continue with the below steps.



Also download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program

After doing ALL of the above you still have a problem make sure you have booted to normal mode and follow the steps below exactly:


- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

You're welcome.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).


Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O4 - Global Startup: Reboot.exe

After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to rename the reboot.exe file (see below):

While in safe mode look in both locations below for the reboot.exe file and rename it to reboot.xxx if found. Note: replace username by whatever your user account name actually is.

c:documents and settings\username\start menu\programs\Reboot.exe <--- rename to reboot.xxx
c:documents and settings\username\start menu\programs\startup\Reboot.exe <--- rename to reboot.xxx

Please tell me exactly where you find it.

Now reboot in normal mode and post a new HJT log. And tell me how things are working.

 

Why are you now running HijackThis incorrectly from:
C:\DOCUME~1\TRACEY\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

Your previous log showed it running properly.

The HSremove line should not come back unless you ran HSremove again. Did you?
Fix the R0 line again.

Your log shows no signs of an about:blank hijacker.

 

Okay now your log is clean. To help keep you clean, you should complete the steps in the below:

How to Protect yourself from malware!