BleepingComputer.com: Hrena & X-max.net From Google

well i really need help getting rid of it
i used SmitfraudFix to see whats wrong with it and the report came out like this
SmitFraudFix v2.320

Scan done at 12:27:53.55, 11/05/2008
Run from C:\Program Files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User1


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User1\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: 834668.dll
BHO: 834668 Class - {413B556F-9483-4319-9DCA-5378529986E2}
BHO CLSID TypeLib: {E63648F7-3933-440E-AAAA-A8584DD7B7EB}
Corrected TypeLib: {E63648F7-3933-440E-B4F6-A8584DD7B7EB}
Interface: {F7D09218-46D7-4D3D-9B7F-315204CD0836}


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Teefer2 Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0B9C3DC8-B082-4AC4-B69F-3151E4805EDD}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0B9C3DC8-B082-4AC4-B69F-3151E4805EDD}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0B9C3DC8-B082-4AC4-B69F-3151E4805EDD}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

can someone help me and explain what to do and what are the risks of having them here i know they are bad though

{Mod Edit:Moved from XP forum~~boopme}

Hello ninjit, What problem were you having that required SmitfraudFix?
Have you run the Cleaning portion from Safe mode?
Also what antivirus and spyware tools are installed?

boopme, on May 11 2008, 05:41 PM, said:

well before i had the malware i had this thing called virusheat i think which installed itself on my computer
inwhich i used smitfraudfix to get rid of it
and i have no idea what u mean with cleaning portion from safe mode ( im not verygood with computers)
and the antivirus i have right now is symantec endpoint protection
anyway thanks for responding to my thread

That's OK. Did you use the BC self help Tutorial (click link)...
How to remove VirusHeat (Removal Instructions)

should i do the steps on how to remove virusheat aswell although the symbol of it isnt on the toolbar but can it still be there hidden in my computer??
also when i click the program FixVH it doesnt say anything about merging the information and the program isnt doing anything
oh yh just to let u know i cant actually find all of the malwares considering i cant scan my computer because my computer has extremely low memory so it wont allow me to scan my computer

also you mind explaining to me what the malware can do so that i can avoid things like logging on myspace etc.


do u see anything abnormal or something suspicious
oh yh sory to bother u but i have another question because i have 2 computers using the internet would it infect the other computer aswell?

Hello,OK let's figure a few things out so we're on the same page.
Is this the SmitFraudFix tool you used ?

Quote

Please go to Start > My Computer.... mouse over your Hard drive. Post back the Total and Free space.

Then from the same My computer page. On the left Blue pane under System tasks,click View System Info. In the resulting popup window click the General Tab. On that .at the bottom it will tell you how much memory (RAM) is installed.
Post that info back.

boopme, on May 11 2008, 08:48 PM, said:

my total is 3.00 gb and the amount is free space is 20.5mb
and yes that is the smitfraudfix tool i used
and 768 of ram

You will need to free up some space. the PC will always be very slow at that capacity. 20% Free space would be nice.
Go thru Control Panel and Uninstall any programs or games you no longer use.

Then go into Start>All Programs >System Tools >Disk Cleanup. Run Disk Cleanup.

Can you run this online scan,requires NO installing.
ESET Online Scanner

i cant use the scanner because it requires me to install activeX control but wen i do that the updates failed
but ive done a few scans using some other programs and it talks about the virusheat and the trojanlop thing and the x-max
and them other sites yet because the scanner is a free trial i cant delete them
also i cant free up some space considering i dont have hardly anything on it except these other stuff that were on the computer before and have no clue what would happen if i delete them

Well it all can't be installed originally the PC is too full.
Name things and we'll tell you if if it can go.
Run the disk cleanup.
Also do this, Set a New Restore Point. This will also free up space,tho I prefer you did this after the Pc is clean but we need space. or we can't clean it.

The easiest and safest way to do this is:

• Go to Start > Programs > Accessories > System Tools and click "System Restore".
  
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  
• Then go to Start > Run and type: Cleanmgr
  
• Click "OK".
  
• Click the "More Options" Tab.
  
• Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

ok i tried but i still have no difference in space
i think i fixed it now i was able to free up enough space and i used AVG and it got rid of all the malware

Good,then run the New restore point again so you will have a clean restore POint.
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

ok ive done that and now im not having problems with getting redirected with google anymore
finally i feel safe using my computer again
thank you

You're welcome !!
Please take a few moments to read...
How did I get infected?, With steps so it does not happen again!

Simple and easy ways to keep your computer safe and secure on the Internet

Best Practices - Internet Safety For 2008

um after a while now ive noticed that my computer is starting to be really slow and just now it restarted it self for no reason and now has 9mb left for some reason on my Drive C im just wondering can it still the spyware and trojans still be hiding in my computer somewhere and downloading more spyware on my comp