Carry out these instructions at your own risk, see Rule 2
This is still good information (as of 2012)
Follow the three rules of Using Computers
1) Don't Panic! Backup and make sure you have anything precious backed up
2) If you don't know what you are doing. Don't do it! Use Escape, Exit, click the X (kiss it goodbye) Do not hit enter, Return, Ok, Accept etc If all else fails switch it off at the wall
3) Look and READ positively READ what is on the screen including the edges.
1) In safe mode (press the f 8 key as the system goes from the initial display screen to the next one), boot the system search for 'temp' Empty the Temp Directories in all accounts of all the things there, highlight all and delete to the recycle bin. Do not empty the recycled bin, you can retrieve things from here if required.
2) Clear the Internet Cache in all accounts.
3) Type regedit and goto Hkey Local Machine \SoftWare\Microsoft\Current Version\Run and Run Once and Run Services and check for any strange numberalpha string file names copy and paste the entries to Notepad (goto run, type notepad click ok) back up the registry use export from 'file' and then delete them. They will look something like c:\windows\system32\sfbwlkz.sys
4) Go to Tools in explorer folder Options> View select to show hidden files an folders, Unhide File extensions, Unhide protected system files. Goto C:\windows\system32 goto view details then sort the files by date, click on the column headings date modified to get the latest date file at the top. The date from which you became aware of some infection . i.e sfbwlkz.sys 3/10/08 eys48jsf.dll 3/10/08
5) Look for the same numeric alpha named files as found in Hkey Local Machine \SoftWare\Microsoft\Current Version\Run. etc i.e sfbwlkz.sys 3/10/08 eys48jsf.dll 3/10/08 Do not delete wpa.dbl
6) Look or search for the files using the search find files and folders with the advanced options all ticked. Rename the files as you find them or delete if you can
7) If this doesn’t work come back here and contact me for more instructions Hijack RSIT instructions to follow!
Where we are in Wiltshire
Spring is arriving A new year starts