Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

> 

When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

3 Pages V   1 2 3 >  
Reply to this topicStart new topic
> Hrena & X-max.net From Google, I need help pls
ninjit
post May 11 2008, 09:31 AM
Post #1


Member
**

Group: Members
Posts: 17
Joined: 11-May 08
Member No.: 208,251



well i really need help getting rid of it
i used SmitfraudFix to see whats wrong with it and the report came out like this
SmitFraudFix v2.320

Scan done at 12:27:53.55, 11/05/2008
Run from C:\Program Files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User1


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User1\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: 834668.dll
BHO: 834668 Class - {413B556F-9483-4319-9DCA-5378529986E2}
BHO CLSID TypeLib: {E63648F7-3933-440E-AAAA-A8584DD7B7EB}
Corrected TypeLib: {E63648F7-3933-440E-B4F6-A8584DD7B7EB}
Interface: {F7D09218-46D7-4D3D-9B7F-315204CD0836}


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Teefer2 Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0B9C3DC8-B082-4AC4-B69F-3151E4805EDD}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0B9C3DC8-B082-4AC4-B69F-3151E4805EDD}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0B9C3DC8-B082-4AC4-B69F-3151E4805EDD}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

can someone help me and explain what to do and what are the risks of having them here i know they are bad though

{Mod Edit:Moved from XP forum~~boopme}

This post has been edited by boopme: May 11 2008, 11:20 AM
Go to the top of the page
 
+Quote Post
boopme
post May 11 2008, 11:41 AM
Post #2


To INSANITY and BEYOND !!
******

Group: Moderator
Posts: 24,447
Joined: 10-September 04
From: NJ USA
Member No.: 2,608



Hello ninjit, What problem were you having that required SmitfraudFix?
Have you run the Cleaning portion from Safe mode?
Also what antivirus and spyware tools are installed?


--------------------
Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Go to the top of the page
 
+Quote Post
ninjit
post May 11 2008, 11:48 AM
Post #3


Member
**

Group: Members
Posts: 17
Joined: 11-May 08
Member No.: 208,251



QUOTE(boopme @ May 11 2008, 05:41 PM) *
Hello ninjit, What problem were you having that required SmitfraudFix?
Have you run the Cleaning portion from Safe mode?
Also what antivirus and spyware tools are installed?

well before i had the malware i had this thing called virusheat i think which installed itself on my computer
inwhich i used smitfraudfix to get rid of it
and i have no idea what u mean with cleaning portion from safe mode ( im not verygood with computers)
and the antivirus i have right now is symantec endpoint protection
anyway thanks for responding to my thread
Go to the top of the page
 
+Quote Post
boopme
post May 11 2008, 11:55 AM
Post #4


To INSANITY and BEYOND !!
******

Group: Moderator
Posts: 24,447
Joined: 10-September 04
From: NJ USA
Member No.: 2,608



That's OK. Did you use the BC self help Tutorial (click link)...
How to remove VirusHeat (Removal Instructions)


--------------------
Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Go to the top of the page
 
+Quote Post
ninjit
post May 11 2008, 12:25 PM
Post #5


Member
**

Group: Members
Posts: 17
Joined: 11-May 08
Member No.: 208,251



should i do the steps on how to remove virusheat aswell although the symbol of it isnt on the toolbar but can it still be there hidden in my computer??
also when i click the program FixVH it doesnt say anything about merging the information and the program isnt doing anything
oh yh just to let u know i cant actually find all of the malwares considering i cant scan my computer because my computer has extremely low memory so it wont allow me to scan my computer

also you mind explaining to me what the malware can do so that i can avoid things like logging on myspace etc.


do u see anything abnormal or something suspicious
oh yh sory to bother u but i have another question because i have 2 computers using the internet would it infect the other computer aswell?

This post has been edited by ninjit: May 11 2008, 01:57 PM
Go to the top of the page
 
+Quote Post
boopme
post May 11 2008, 02:48 PM
Post #6


To INSANITY and BEYOND !!
******

Group: Moderator
Posts: 24,447
Joined: 10-September 04
From: NJ USA
Member No.: 2,608



Hello,OK let's figure a few things out so we're on the same page.
Is this the SmitFraudFix tool you used ?

QUOTE
i cant scan my computer because

Please go to Start > My Computer.... mouse over your Hard drive. Post back the Total and Free space.

Then from the same My computer page. On the left Blue pane under System tasks,click View System Info. In the resulting popup window click the General Tab. On that .at the bottom it will tell you how much memory (RAM) is installed.
Post that info back.


--------------------
Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Go to the top of the page
 
+Quote Post
ninjit
post May 11 2008, 03:32 PM
Post #7


Member
**

Group: Members
Posts: 17
Joined: 11-May 08
Member No.: 208,251



QUOTE(boopme @ May 11 2008, 08:48 PM) *
Hello,OK let's figure a few things out so we're on the same page.
Is this the SmitFraudFix tool you used ?

QUOTE
i cant scan my computer because

Please go to Start > My Computer.... mouse over your Hard drive. Post back the Total and Free space.

Then from the same My computer page. On the left Blue pane under System tasks,click View System Info. In the resulting popup window click the General Tab. On that .at the bottom it will tell you how much memory (RAM) is installed.
Post that info back.

my total is 3.00 gb and the amount is free space is 20.5mb
and yes that is the smitfraudfix tool i used
and 768 of ram

Go to the top of the page
 
+Quote Post
boopme
post May 11 2008, 04:19 PM
Post #8


To INSANITY and BEYOND !!
******

Group: Moderator
Posts: 24,447
Joined: 10-September 04
From: NJ USA
Member No.: 2,608



You will need to free up some space. the PC will always be very slow at that capacity. 20% Free space would be nice.
Go thru Control Panel and Uninstall any programs or games you no longer use.

Then go into Start>All Programs >System Tools >Disk Cleanup. Run Disk Cleanup.

Can you run this online scan,requires NO installing.
ESET Online Scanner



--------------------
Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Go to the top of the page
 
+Quote Post
ninjit
post May 11 2008, 04:52 PM
Post #9


Member
**

Group: Members
Posts: 17
Joined: 11-May 08
Member No.: 208,251



i cant use the scanner because it requires me to install activeX control but wen i do that the updates failed
but ive done a few scans using some other programs and it talks about the virusheat and the trojanlop thing and the x-max
and them other sites yet because the scanner is a free trial i cant delete them
also i cant free up some space considering i dont have hardly anything on it except these other stuff that were on the computer before and have no clue what would happen if i delete them

This post has been edited by ninjit: May 11 2008, 04:53 PM
Go to the top of the page
 
+Quote Post
boopme
post May 11 2008, 05:08 PM
Post #10


To INSANITY and BEYOND !!
******

Group: Moderator
Posts: 24,447
Joined: 10-September 04
From: NJ USA
Member No.: 2,608



Well it all can't be installed originally the PC is too full.
Name things and we'll tell you if if it can go.
Run the disk cleanup.
Also do this, Set a New Restore Point. This will also free up space,tho I prefer you did this after the Pc is clean but we need space. or we can't clean it.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.


--------------------
Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Go to the top of the page
 
+Quote Post
ninjit
post May 12 2008, 12:56 PM
Post #11


Member
**

Group: Members
Posts: 17
Joined: 11-May 08
Member No.: 208,251



ok i tried but i still have no difference in space
i think i fixed it now i was able to free up enough space and i used AVG and it got rid of all the malware

This post has been edited by ninjit: May 13 2008, 12:53 PM
Go to the top of the page
 
+Quote Post
boopme
post May 13 2008, 04:16 PM
Post #12


To INSANITY and BEYOND !!
******

Group: Moderator
Posts: 24,447
Joined: 10-September 04
From: NJ USA
Member No.: 2,608



Good,then run the New restore point again so you will have a clean restore POint.
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.


--------------------
Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Go to the top of the page
 
+Quote Post
ninjit
post May 13 2008, 05:13 PM
Post #13


Member
**

Group: Members
Posts: 17
Joined: 11-May 08
Member No.: 208,251



ok ive done that and now im not having problems with getting redirected with google anymore
finally i feel safe using my computer again
thank you
Go to the top of the page
 
+Quote Post
boopme
post May 13 2008, 05:20 PM
Post #14


To INSANITY and BEYOND !!
******

Group: Moderator
Posts: 24,447
Joined: 10-September 04
From: NJ USA
Member No.: 2,608



You're welcome !!
Please take a few moments to read...
How did I get infected?, With steps so it does not happen again!

Simple and easy ways to keep your computer safe and secure on the Internet

Best Practices - Internet Safety For 2008




--------------------
Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook
Go to the top of the page
 
+Quote Post
ninjit
post May 21 2008, 10:19 AM
Post #15


Member
**

Group: Members
Posts: 17
Joined: 11-May 08
Member No.: 208,251



um after a while now ive noticed that my computer is starting to be really slow and just now it restarted it self for no reason and now has 9mb left for some reason on my Drive C im just wondering can it still the spyware and trojans still be hiding in my computer somewhere and downloading more spyware on my comp
Go to the top of the page
 
+Quote Post

3 Pages V   1 2 3 >
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



Lo-Fi Version Time is now: 9th February 2010 - 11:02 AM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides

© 2003-2010 All Rights Reserved Bleeping Computer LLC.