Results 1 to 6 of 6

Thread: "BEFORE You POST"(Please read this Procedure Before Requesting Assistance)- Updated

  1. #1
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    29,852

    Default "BEFORE You POST"(Please read this Procedure Before Requesting Assistance)- Updated




    Malware Removal Forum: volunteers with the following titles above their avatar are authorized to assist members.

    Security Team, Malware Team, Teacher, Security Expert.
    Members may not post to another user's topic.


    Analysts on the Security Team are advanced students whose responses are passed by their teachers, some of whom help here.

    You are in capable hands with any person authorized to assist members in this forum.

    That said, there is always risk involved in installing and removing any software. Even a fix that time has shown to be useful to thousands of users, can present problems to a few or be found to have a bug in development.

    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Duly noted by members, please start a topic and provide the Farbar Recovery Scan Tool (FRST) and aswMBR logs for analysis. No Malware logs are to be posted in any of our other forums.

    Before doing so, read post #2 below, Before you post the Farbar Recovery Scan Tool and aswMBR logs which also shows how to produce them.
    If the infection prevents you from running Farbar (FRST) and/or aswMBR please start a topic and make note of the situation, provide details of the computer's current symptoms and wait for a response.

    Preliminary Notes:

    • Please backup your Registry with Tweaking.com - Registry Backup, instructions in post #2 below.


    • Please do not use System Restore trying to remove an infection. Doing so would only serve to destroy a known restore point (dirty or not) and won't remove the malware. Let your helper advise you as to when a System Restore flush is called for.




    • If one has already run tools/fixes before posting please inform your helper, so that s/he is aware changes may have been made to the system and why. Running fixes before being assisted can destroy evidence in an infection, leaving the malware difficult to detect. Please do not attempt to "do it yourself" while waiting for someone to respond to your topic.


    • Note that all instructions given are customized for that member's personal computer only, the tools used may cause damage if run on a machine with different specs/infections. Please do not take fixes given to another user and apply to your own machine.


    • If someone posts instructions in their own topic, "this worked for me", it will be removed, possibly without notice. Just so you know. Please do not send similar private messages to other members.


    • Posters who start topics at multiple sites for their PC problem waste valuable volunteer resources as our analysts assist people at several forums. Reading logs and the research involved takes time.
    • Worse scenario would be to run fixes given at one site unbeknown to the person helping the same user elsewhere. If you have already requested help at another site choose where you wish to continue and advise all parties.


    • Do not pm logs or malware removal requests to volunteer helpers, assistance is provided in the forums. The forums are public, if you do not feel comfortable posting logs where they will remain visible please do not start a topic. Otherwise, please use "Preview Post" to check for any personal details such as email addresses you'd rather omit before you "Submit Reply".


    • Please do not start more than one topic for the same computer during the same period. It will either be removed, closed or merged with your original thread.


    • If you have more than one possibly infected computer in the house please let your helper know. Start a new topic for the next machine, providing new logs from Farbar Recovery Scan Tool and aswMBR when the prior thread has been successfully closed.


    • Posting additional comments or logs before a volunteer responds can push you back instead of forward, because your thread ends up with a newer date. In addition helpers would think you are already being assisted because of the post count, they look for topics with a 0 response. For that reason we may merge such posts.


    • Please do not attach or link to possibly infected files and/or URLS, if an analyst requests files s/he will give you a link to upload them.


    • If your computer shows no symptoms of infection there is no need to post a log in this forum, as in requesting a 'checkup' for no malware removal reason but only to show a log.

    The Waiting Room: Post here if waiting for help three days

    Open Topics moved to archives


    Note:
    When a volunteer posted a response to which you did not reply.

    At this time threads may now be closed three days after last post in topic at the discretion of the volunteer. Please subscribe to your topic so you know when a reply has been posted. If the topic has been archived and you still require help start a new topic and include fresh Farbar (FRST) & aswMBR logs with a link to your previous thread. Please do not post any other logs, you'd be starting fresh.

    It takes time to analyze logs and prepare a response. Volunteers help users at several sites, and take X number of new topics in order to give each member their attention and avoid burnout.

    Thank you.



    Towards the end of a cleanup please make sure you follow through with any final log requested, even if it appears to you that your computer is back to normal operation, and when asked to post back one more time please do so. As much as we like our members we would rather not see you back in a few weeks because the disinfecting wasn't finished and final instructions given.

    Along the same vein, this free service is provided by volunteers to assist in the removal of malware from personal computers and provide useful information to prevent an infection from happening again. Although "stuff happens", a helper's intention is not to repeatedly remove malware from the same member's machine/s.

    Our volunteers appreciate your letting them know if they have helped.


    ---------------------------------
    Subscriptions

    Members can keep track of their threads and choose how to be notified about updates.
    ---------------------------------
    Can I edit my own posts?

    1. In the Malware Removal Forum, members may not edit their posts.
    2. In the Spybot-S&D forum and others, there is a 15 minute time frame to edit one's post. It lessens the chance of an answer referring to things the original poster has deleted.


  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    29,852

    Default Before you post the Farbar Recovery Scan Tool and aswMBR logs

    Please back up your registry!

    Backup the Registry:
    Credit: Dakeyras

    Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

    • Please download the installer for Registry Backup from here or here and save to your desktop.
    • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
    • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
    • Once the GUI(graphical user interface) has appeared/loaded:-






    • Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-





    • Close Tweaking.com - Registry Backup

    Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

    A tutorial for Registry Backup explaining the various features be viewed HERE


    ``````````````````````````````````````````````````````
    Instruction for producing the Farbar Recovery Scan Tool (FRST) and aswMBR logs

    Farbar Log

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note:
    You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    (A simple way to check your system: Start --> Computer (right click) --> Properties
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Please make sure All Users is checked


    • Do not check
      *List BCD
      *Drivers MD5
      *Shortcut txt

    Or your logs will be too long to post.


    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please don't run the Farbar Recovery Scan Tool (FRST.txt) from your "Downloads" folder or from "Temporary Internet Files"
    • Please copy and paste log into your topic.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please attach that along with the FRST.txt into your reply.



    aswMBR Log

    Important! Please do NOT perform any fix options offered in aswMBR, we just need to see the report.

    Please download aswMBR to your desktop.


    • Double click the aswMBR icon to run it.
    • If a prompt stating: The computer supports "Virtualization Technology" appears select Yes
    • Click the Scan button to start scan.
    • If you are asked to update the Avast Virus database please allow it to do so.
    • When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your reply with the Farbar (FRST) log.



    If the infection prevents you from obtaining logs please start a topic and make note of the situation, provide details of the computer's current symptoms and wait for a response.
    Do not post other logs or use "code wrap" unless requested in that format.


    ---------------------------------------------------------------------------------------------------------------
    ---------------------------------------------------------------------------------------------------------------

    When Spybot - Search & Destroy version 1.6.2 is installed

    TeaTimer needs to be disabled so that its protection does not interfere with fixes.

    How Spybot - Search & Destroy protects against the installation of Spyware/Malware.

    TeaTimer can be re-enabled once the computer is clean.

    1. Open Spybot - Search & Destroy in Advanced Mode.
    2. If it is not already set to do this go to the "Mode" menu and select "Advanced Mode".
    3. On the left hand side, click on "Tools".
    4. Then click on the Resident Icon in the List.
    5. Uncheck "Resident TeaTimer" and OK any prompts.
    6. Restart your computer.

    A Spybot - Search & Destroy Log is Optional

    If Spybot - Search & Destroy has detected items it cannot remove, and you want to show this please produce the top of the log showing the items flagged and the version of Spybot - Search & Destroy.
    Please do not attempt to post the entire log as it won't fit into the one post and is not needed unless requested.

    • Open SpyBot.
    • Check for problems.
    • When the scan completes, right click on the results list, select "Copy results to clipboard".
    • Paste (Ctrl+V) those results into your new topic, along with your Farbar (FRST) and aswMBR logs.

    `````````````````````````````````````````
    Questions regarding Spybot - Search & Destroy support can be asked here: Spybot - Search & Destroy Forums

    Note:
    During the running of a Spybot scan ("Check for problems") the status bar in the lower left hand corner of the screen displays the products Spybot - Search & Destroy is currently searching for.

    It does not mean that these items are on your PC and is no reason to post a log based solely on the status bar.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Corporate, Government, Small Business or Institutional machines? Please see: Personal computers

    Last edited by tashi; 2015-03-30 at 21:08. Reason: Updated.
    Microsoft MVP 2006-2016
    Windows Insider MVP 2016, 2017

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    29,852

    Default On-Line Analyzers

    If you have used a machine analyzer, (not recommended), and 'fixed' items before requesting advice, please inform your human analyst so they are aware.

    Also, beware of multi-scanners that are not suggested to you by helpers, some might be utilizing other programs without permission.

    Thank you.
    Last edited by tashi; 2007-08-09 at 21:54. Reason: tweak
    Microsoft MVP 2006-2016
    Windows Insider MVP 2016, 2017

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    29,852

    Default You and Windows, a joint effort

    Note:
    We do not support the use of Pirated-Warez-Keygens-Cracked software.


    If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. In doing the crack, the 'cracker' has broken the 'End User License Agreement' (EULA) of the product.

    Aside from the legalities be aware malware authors prey on users looking to circumvent a software's protection mechanisms. There is a high risk of infection involved in downloading and running crack codes.

    In addition, we do not support the use of programs designed to inflict damage on the computers of unsuspecting users or websites.

    ------------------------------------------------------------------------------
    "IDC Study on the Dangerous World of Counterfeit and Pirated Software"
    http://www.play-it-safe.net/


    Microsoft Malware Protection Center
    http://blogs.technet.com/b/mmpc/arch...d-keygens.aspx
    ​As we first reported in the Microsoft Security Report Volume 13, Keygens have become the number one threat reported by users of Microsoft antimalware products. The research also indicates that 76 percent of users that downloaded Keygen or software cracks were also exposed to other, more dangerous malware.

    Keygens are typically not very dangerous on their own. However, malware authors are having great success using deceptive downloads that either pretend to be Keygens or contain them as well as other malware to spread their malicious payloads. Customers reporting Keygens have higher rates of additional malware infections compared to other threats. Some of these threats try to trick users into paying for software that’s distributed for free from trusted sources.
    Please have a legitimate copy of Windows.

    _____________________________________________________________

    P2P programs -Torrents

    • It is the volunteer analyst's choice to ask you to uninstall the clients before they continue providing help.

    File Sharing, otherwise known as Peer To Peer. (P2P)

    Edit: http://nakedsecurity.sophos.com/2012/09/06/honeypot-monitoring-bittorrent-downloaders/
    ----------------------------------------------------

    Note:

    Helpers in malware removal forums are unlikely to respond and try to clean an operating system that is no longer supported and therefore cannot be updated or patched.

    Further, the tools most often used for manual removals do not work on legacy systems.

    ---------------------------

    Thank you for your understanding and assisting in keeping the net a safer place for everyone.
    Last edited by tashi; 2012-09-06 at 16:47. Reason: Update.
    Microsoft MVP 2006-2016
    Windows Insider MVP 2016, 2017

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    29,852

    Default Personal computers

    The malware removal forum is set up to help those in need of assistance with their personal computers. This service is free and provided by volunteer analysts.

    When the infection is on a Company/Business/Institution/Medical Facility-Health Insurance (HIPAA Privacy Rule) machine or any computer that is or was used in or for the workplace and may contain identifying information pertinent to a company.

    The intention of this forum is not to replace a company's IT department or a private business specialist, helpers cannot anticipate alterations or configurations that may have been made to such machines, or how it will interact with the tools commonly used in the removal of malware.

    Other considerations:

    • Company information may show in the logs.
    • More than one machine could be at stake.
    • If sensitive material has been compromised by an infection, the company could be held liable.

    To prevent possible loss or corruption of company information, please inform your IT Professional or Supervisor when a workplace computer has been infected. If neither are available please consider calling in a local technician who can see the machine/network in person.

    It's not that we don't want to help, but there are too many issues that could arise with company machines and/or servers that malware forum volunteers are not experienced in dealing with.

    Thank you for your understanding.

    Note

    October 12, 2012

    "With the rise of ransomware in the recent quarter, enterprises are increasingly at risk when end-users circumvent corporate policies, especially on personal devices."

    http://www.zdnet.com/ransomware-risk...od-7000005673/

    ------------------------------------------------------
    Home Users

    "Spybot - Search & Destroy® is still free for private use but now we also have more advanced products for our home users that provide more than just protection.
    With our new range of products users can remove annoying startup programs, securely delete files to ensure confidentiality or backup up important registry settings."

    http://www.safer-networking.org/private/

    Overview for the following users, thank you.

    Spybot - Search & Destroy Corporate Edition, Technician Edition, Small Business Edition and sbNet.
    http://www.safer-networking.org/business/

    We offer a 50% rebate for schools and universities (where the number of users/machines is staff only) and other non profit organizations. At the universities staff computers need to pay for a license, those systems used for education only (the students) are free.

    For more information please send an email to
    http://forums.spybot.info/showthread...4554#post44554

    Best regards.

    -----------------------------------------------------------------------------------------------------------------------------------------------------------------
    -Stopbadware.org
    Information for Website Owners
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------
    If you are removing malware for paying customers, please don't post the logs here as our analysts are volunteers and not here to support such.
    Last edited by tashi; 2013-02-11 at 18:18. Reason: Added information.
    Microsoft MVP 2006-2016
    Windows Insider MVP 2016, 2017

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    29,852

    Default

    Nudge Up.
    Microsoft MVP 2006-2016
    Windows Insider MVP 2016, 2017

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •