Bleepingcomputer has an excellent step by step instruction for removing the malware.. It includes running "rkill", Malwarebytes and an Unhide.exe file after everything is cleaned off.. Follow the instructions to the letter.. If you can't download the files mentioned on the infected computer, then find a clean computer, download the files and copy them to a CD or flash drive, then transfer them to the problem machine.
Hope this helps.
This happened 2 weeks ago. I immediately did a system restore but that did nothing. Since then i shut it down and only use my laptop.
Foolish me, i had not updated my "Avast" (it is NOW of course) and the virus got in. I am now ready to REMOVE that garbage(created by human VERMIN) and of course,
Avast would not detect it once its inside. To make matters worse, my desktop has been in need of reformating due to what LITTLE memory it has had left(another thing i had put off) . It was already slow but now it crawls. Also, I can no longer open documents nor save them on disk,,which is why i need to remove the virus first before reformating. Is there a particular spyware scanner reccomended here? I also want to remove it manually. I am not PC savy in all things related to dealing with the registry etc etc. Im willing to learn step by step. I came across Wiki-Security
At the bottom it has this>>
" Remove System Fix manually Another method to remove System Fix is to manually delete System Fix files in your system. Detect and remove the following System Fix files":
Processes 6DSS92c31Apgjk.exe %AllUsersProfile%\[RANDOM CHARACTERS].exe Other Files %Desktop%\System Fix.lnk %Temp%\smtmp\ %Temp%\smtmp\1 %Temp%\smtmp\2 %Temp%\smtmp\3 %Temp%\smtmp\4 %StartMenu%\Programs\System Fix\ %StartMenu%\Programs\System Fix\System Fix.lnk %StartMenu%\Programs\System Fix\Uninstall System Fix.lnk %AppData%\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk Registry Keys HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes' HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0' HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0' HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;' HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1' HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1' HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1' HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1' HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1' HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no' HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0' HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0' HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "<[RANDOM CHARACTERS]"
Any advice as how to do this, as if i were 9 years old??? Pretty PLEASE