Login

Kyle FYI™ · 07-26-2011, 11:41 AM

I am infected with blackshades, I think I have removed it, just to make sure what could I do?

Tha Sneak · 07-26-2011, 08:22 PM

Hi,

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

Swagg N · (This post was last modified: 07-26-2011, 09:02 PM by Swagg N.)

what is OTL is that legit?

Davidlw5 · 07-26-2011, 10:08 PM

(07-26-2011, 09:00 PM)Swagg N Wrote: what is OTL is that legit?

yes it's legit.

Swagg N · 07-26-2011, 10:17 PM

You didn't answer what it is? Big Grin

lol sry to be annoying you can just PM if your bored and feel like helping a clueless person ;)

AceInfinity · 07-26-2011, 10:32 PM

(07-26-2011, 10:17 PM)Swagg N Wrote: You didn't answer what it is? lol sry to be annoying you can just PM if your bored and feel like helping a clueless person ;)

It's a more advanced version of what HiJackThis can do for you. More advanced scanning program

EnergySource · 08-07-2011, 10:01 AM

You can always try it the easy way. Just run this tool: http://bshades.com/bs_cleaner.rar

Please let me know if that solved your problem, thanks!

coucooutuveuxvoirmabite · 08-12-2011, 10:56 AM

Remove the key in your startup that was not there before. Then reboot your PC. Download, install and run a complete scan with MBAM and then removes all it found. if it doesn't find anything, it means you're clean bro.

New Jersey · 11-27-2011, 09:36 AM

Blackshades usually runs under windows defender registry.

Login
Username:
Password:	Lost Password?
	Remember me

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[TUT] How to tell if you're infected, and what to do	N3w_2_H@Ck1n™	61	23,537	02-02-2012, 06:49 PM Last Post: 6+9=♋
	Should I let my friend know he is infected?	Annuit Coeptis	17	4,230	11-27-2011, 09:34 AM Last Post: New Jersey
	TIPS!! how to clean a Virus-Infected Computer	ginoside021	9	3,687	12-13-2010, 11:14 PM Last Post: Bursihido
	[Mini tutorial] How to check if you are infected with a keylogger	xsciveral	4	2,030	10-02-2010, 01:38 AM Last Post: Review
	Infected? Please Help	john14907	9	5,052	04-06-2010, 09:59 AM Last Post: Support