+- Support Forums (https://www.supportforums.net)
+-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87)
+--- Forum: Virus Protection, Removals, and HJT Team (https://www.supportforums.net/forumdisplay.php?fid=56)
+---- Forum: Computer Security, Firewalls, and Antivirus (https://www.supportforums.net/forumdisplay.php?fid=10)
+---- Thread: I am infected with blackshades. (/showthread.php?tid=20841)
I am infected with blackshades. - Kyle FYI™ - 07-26-2011
I am infected with blackshades, I think I have removed it, just to make sure what could I do?
RE: I am infected with blackshades. - Tha Sneak - 07-26-2011
Hi,
Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Note: in the event that OTL fails to run, please use alternate download links to try again:
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
RE: I am infected with blackshades. - Swagg N - 07-26-2011
what is OTL is that legit?
RE: I am infected with blackshades. - Davidlw5 - 07-26-2011
(07-26-2011, 09:00 PM)Swagg N Wrote: what is OTL is that legit?
yes it's legit.
RE: I am infected with blackshades. - Swagg N - 07-26-2011
You didn't answer what it is?
lol sry to be annoying you can just PM if your bored and feel like helping a clueless person ;)
RE: I am infected with blackshades. - AceInfinity - 07-26-2011
(07-26-2011, 10:17 PM)Swagg N Wrote: You didn't answer what it is?
It's a more advanced version of what HiJackThis can do for you. More advanced scanning program
RE: I am infected with blackshades. - EnergySource - 08-07-2011
You can always try it the easy way. Just run this tool: http://bshades.com/bs_cleaner.rar
Please let me know if that solved your problem, thanks!
RE: I am infected with blackshades. - coucooutuveuxvoirmabite - 08-12-2011
Remove the key in your startup that was not there before. Then reboot your PC. Download, install and run a complete scan with MBAM and then removes all it found. if it doesn't find anything, it means you're clean bro.
RE: I am infected with blackshades. - New Jersey - 11-27-2011
Blackshades usually runs under windows defender registry.