Related:
- I need help removing WHITESMOKE PUP
- Removing redirect virus - Guide
- Ps3 update pup - Guide
- Removing malware from chrome - Guide
- Removing tabs on android - Guide
- Removing write protection from usb - Guide
2 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Aug 30, 2011 at 04:36 PM
Aug 30, 2011 at 04:36 PM
Hello Cindy
I believe your machine got infected.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
https://support.kaspersky.com/5350
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.
*Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
*If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
*Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
right-click and select Run As Administrator.
*When the program opens, click the Start Scan button.
*Do not use the computer during the scan
*If the scan completes with nothing found, click Close to exit.
*If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
*Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.<- Important!!
Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
*A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
*Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
Next run MBAM (MalwareBytes):
Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
*Make sure you are connected to the Internet.
*Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
*When the installation begins, follow the prompts and do not make any changes to default settings.
*When installation has finished, make sure you leave both of these checked:
?Update Malwarebytes' Anti-Malware
?Launch Malwarebytes' Anti-Malware
*Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
*If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
*If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
*Make sure the "Perform Quick Scan" option is selected.
*Then click on the Scan button.
*If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
*The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
*When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
*Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
*Click on the Show Results button to see a list of any malware that was found.
*Make sure that everything is checked, and click Remove Selected.
*When removal is completed, a log report will open in Notepad.
*The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
*Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
*Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Good luck
I believe your machine got infected.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
https://support.kaspersky.com/5350
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.
*Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
*If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
*Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
right-click and select Run As Administrator.
*When the program opens, click the Start Scan button.
*Do not use the computer during the scan
*If the scan completes with nothing found, click Close to exit.
*If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
*Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.<- Important!!
Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
*A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
*Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
Next run MBAM (MalwareBytes):
Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
*Make sure you are connected to the Internet.
*Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
*When the installation begins, follow the prompts and do not make any changes to default settings.
*When installation has finished, make sure you leave both of these checked:
?Update Malwarebytes' Anti-Malware
?Launch Malwarebytes' Anti-Malware
*Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
*If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
*If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
*Make sure the "Perform Quick Scan" option is selected.
*Then click on the Scan button.
*If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
*The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
*When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
*Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
*Click on the Show Results button to see a list of any malware that was found.
*Make sure that everything is checked, and click Remove Selected.
*When removal is completed, a log report will open in Notepad.
*The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
*Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
*Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Good luck
Anonymous User
Aug 30, 2011 at 05:14 PM
Aug 30, 2011 at 05:14 PM
Follow the steps given by ambucias to remove pup white smoke infection
Next is Uninstalling PUP White smoke
Eventhough MBAM removes it ,sometime it becomes hard to uninstall PUP white smoke
So here are the steps you can follow
Step 1:
Does your add or remove programs still show PUP white smoke?
Make sure that PUP white smoke is removed.
Now go to C:/Program files and remove PUP white smoke folder
search for whitesmoke and remove every folder and file that points to White smoke
Reset your browsers to default.
Step 2:
https://www.softpedia.com/get/Tweak/Uninstallers/Revo-Uninstaller.shtml
Install revo uninstaller,uninstall pup white smoke if revo uninstaller still detects it
Step 3:
Go to run and type
Regedit
Now select ctrl+F and search for white
that should show you entries of white smoke in registry.Remove everything that points to whitesmoke
Next is Uninstalling PUP White smoke
Eventhough MBAM removes it ,sometime it becomes hard to uninstall PUP white smoke
So here are the steps you can follow
Step 1:
Does your add or remove programs still show PUP white smoke?
Make sure that PUP white smoke is removed.
Now go to C:/Program files and remove PUP white smoke folder
search for whitesmoke and remove every folder and file that points to White smoke
Reset your browsers to default.
Step 2:
https://www.softpedia.com/get/Tweak/Uninstallers/Revo-Uninstaller.shtml
Install revo uninstaller,uninstall pup white smoke if revo uninstaller still detects it
Step 3:
Go to run and type
Regedit
Now select ctrl+F and search for white
that should show you entries of white smoke in registry.Remove everything that points to whitesmoke