We will help!
At Emsisoft, we will help you remove malware from your computer, free of charge. This can be done via our support forums, or an email to [email protected], or start by using this page. For email, keep reading here. For forums, please visit this page: https://support.emsisoft.com/announcement/2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/
Some guidelines to help the process go as smoothly and safely as possible:
- Refrain from making any changes to your computer including installing/uninstalling programs, deleting files, modifying the registry, and running scanners or tools on your own, other than as directed. Doing so could cause unexpected changes to the system, possibly prolonging the time required to finish, or even damaging the system in extreme cases.
- Let us know right away if you are being helped elsewhere for this issue, and once we start, please do not take any advice relating to this computer from any other source for the duration of the fix, as unintentionally conflicting advice can lead to even more problems.
- If you do not understand any step(s) provided, please do not hesitate to ask us before continuing. We would much rather clarify instructions or explain them differently than have something important broken.
- Even if things appear to be better, it might not mean we are finished. Please continue to follow our instructions and reply back until we give you the “all clean”. It is possible for the machine to feel fine when it is not yet, resulting in the system reinfecting itself.
- The logs that you send should be attached to your message whether using the forum or our support email system, instead of being pasted directly into the message. This is for your safety as well as convenience, as there can sometimes be personal information visible in the logs. We value your privacy, but if posted in our forums, anyone can read pasted logs. Attached logs can only be read by staff. Emailed information can only be read by staff, but please attach regardless.
- All scans should be run in normal boot mode unless we ask you to do otherwise. If we do, instructions on how to boot to safe mode can be found at: http://www.malwareteks.com/kb/SafeMode.php
- If you are unable to download the tools using the infected system, the tools can be saved using another computer, copied to a USB flash drive, and then transferred to the infected system. The logs requested can be transferred back in the same way.
Read and follow these instructions carefully:
NOTE: You may want to print these instructions for reference, since scans are best done when all web browsers are closed. This is an information gathering stage. We will begin guiding you through removing the malware once we review the contents of the logs.
Download two programs, and save them on your Desktop:
Please do not run these straight from your web browser. Save them instead, preferably to your desktop or other folder you can easily get to later on in the process.
- Emsisoft Emergency Kit: https://dl.emsisoft.com/EmsisoftEmergencyKit.exe
- Farbar Recovery Scan Tool (FRST): http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/To choose which FRST program to download, you’ll need the version compatible with your system. If you are not sure which version applies to your system download and try to run both of them. 64 bit (FRST64) is most common, so start there. Only one of them will run on your system, and that will be the right version. We’ll refer to it as FRST, whether the file downloaded is FRST or FRST64.
Let’s get started:
- Install and Run Emsisoft Emergency Kit (EEK):
- Double click EmergencyKitScanner.exe to ‘install’ EEK. It is a fully portable application that will not create an uninstall entry in Windows. Uninstall information can be found here.
- When the installation of EEK is complete the Emergency Kit scanner will run. If it does not, run the program manually by double-clicking on its main program file. By default, it will be here: C:EEKStart Emergency Kit Scanner.exe
- Click “Yes” to Update Emsisoft Emergency Kit, or click the “Update now” tile, and wait for the update to finish.
- On the scan tile, select “malware scan”. The scan will proceed automatically. When finished, click the “View report” button. Save the file somewhere convenient, such as your desktop, to be attached to your reply later.
- IMPORTANT: Do not quarantine or delete anything. We just want the scan log without anything being quarantined or deleted.
- Save the scan log somewhere that you can find it.
- Exit Emsisoft Emergency Kit.
- Run Farbar Recovery Scan Tool (FRST):
- Double-click the downloaded FRST program to run it. When the tool opens click yes to the disclaimer if you wish to continue. Allow the program to update if it needs to. When it is ready, it will say “The tool is ready to use” in the upper-left corner. Make sure it has its checkboxes configured exactly like the image below:
- Press the scan button. Please note that the ‘fix’ button won’t do anything unless an expert has created a fix script specifically for your computer. Do not run any fix script with FRST that has not been provided by an expert specifically for you – doing so can be dangerous.
- Wait for the scan to finish. Usually this takes less than five minutes, but can be longer on some systems. FRST will automatically time out if 40 minutes has passed, so please wait regardless. When the scan is nearly finished, an alert will appear telling you FRST.txt is finished. Press OK.
- Wait again. The next alert will appear telling you that Addition.txt is finished. Press OK.
- Close both Notepad windows that appear, one for FRST.txt and one for Addition.txt.
- Farbar Recovery Scan Tool will have produced the following logs by default: FRST.txt and Addition.txt, and they can be found in the same folder the FRST program is in.
- Attach the following logs to an email to [email protected], and we will reply as soon as possible:
- Emsisoft Emergency Kit Scan log, named similarly to “scan_123456-123456.txt”, which can be found in the folder C:EEKbinReports if you did not save it somewhere more convenient earlier.
- FRST.txt, which can be found in the same folder the FRST program is in.
- Addition.txt, which also can be found in the same folder the FRST program is in.