 Hrena & X-max.net From Google, I need help pls |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.
To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.
  |
 May 11 2008, 09:31 AM
Post
#1
|
|
|
Member  Group: Members Posts: 17 Joined: 11-May 08 Member No.: 208,251  |
i used SmitfraudFix to see whats wrong with it and the report came out like this SmitFraudFix v2.320 Scan done at 12:27:53.55, 11/05/2008 Run from C:\Program Files\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Mixer.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User1 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User1\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri +--------------------------------------------------+ [!] Suspicious: 834668.dll BHO: 834668 Class - {413B556F-9483-4319-9DCA-5378529986E2} BHO CLSID TypeLib: {E63648F7-3933-440E-AAAA-A8584DD7B7EB} Corrected TypeLib: {E63648F7-3933-440E-B4F6-A8584DD7B7EB} Interface: {F7D09218-46D7-4D3D-9B7F-315204CD0836} »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Teefer2 Miniport DNS Server Search Order: 192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\..\{0B9C3DC8-B082-4AC4-B69F-3151E4805EDD}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{0B9C3DC8-B082-4AC4-B69F-3151E4805EDD}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\..\{0B9C3DC8-B082-4AC4-B69F-3151E4805EDD}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End can someone help me and explain what to do and what are the risks of having them here i know they are bad though {Mod Edit:Moved from XP forum~~boopme} This post has been edited by boopme: May 11 2008, 11:20 AM |
 |
 
|
|
May 11 2008, 11:41 AM
Post
#2
|
|
 To INSANITY and BEYOND !! Group: Moderator Posts: 24,447 Joined: 10-September 04 From: NJ USA Member No.: 2,608 |
Hello ninjit, What problem were you having that required SmitfraudFix?
Have you run the Cleaning portion from Safe mode? Also what antivirus and spyware tools are installed? -------------------- Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear.... Become a BleepingComputer fan: Facebook |
|
|
|
|
May 11 2008, 11:48 AM
Post
#3
|
|
|
Member Group: Members Posts: 17 Joined: 11-May 08 Member No.: 208,251 |
QUOTE(boopme @ May 11 2008, 05:41 PM)  Hello ninjit, What problem were you having that required SmitfraudFix? Have you run the Cleaning portion from Safe mode? Also what antivirus and spyware tools are installed? well before i had the malware i had this thing called virusheat i think which installed itself on my computer inwhich i used smitfraudfix to get rid of it and i have no idea what u mean with cleaning portion from safe mode ( im not verygood with computers) and the antivirus i have right now is symantec endpoint protection anyway thanks for responding to my thread |
|
|
|
|
May 11 2008, 11:55 AM
Post
#4
|
|
|
To INSANITY and BEYOND !! Group: Moderator Posts: 24,447 Joined: 10-September 04 From: NJ USA Member No.: 2,608 |
That's OK. Did you use the BC self help Tutorial (click link)...
How to remove VirusHeat (Removal Instructions) -------------------- Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear.... Become a BleepingComputer fan: Facebook |
|
|
|
|
May 11 2008, 12:25 PM
Post
#5
|
|
|
Member Group: Members Posts: 17 Joined: 11-May 08 Member No.: 208,251 |
should i do the steps on how to remove virusheat aswell although the symbol of it isnt on the toolbar but can it still be there hidden in my computer??
also when i click the program FixVH it doesnt say anything about merging the information and the program isnt doing anything oh yh just to let u know i cant actually find all of the malwares considering i cant scan my computer because my computer has extremely low memory so it wont allow me to scan my computer also you mind explaining to me what the malware can do so that i can avoid things like logging on myspace etc. do u see anything abnormal or something suspicious oh yh sory to bother u but i have another question because i have 2 computers using the internet would it infect the other computer aswell? This post has been edited by ninjit: May 11 2008, 01:57 PM |
|
|
|
|
May 11 2008, 02:48 PM
Post
#6
|
|
|
To INSANITY and BEYOND !! Group: Moderator Posts: 24,447 Joined: 10-September 04 From: NJ USA Member No.: 2,608 |
Hello,OK let's figure a few things out so we're on the same page.
Is this the SmitFraudFix tool you used ? QUOTE i cant scan my computer because Please go to Start > My Computer.... mouse over your Hard drive. Post back the Total and Free space. Then from the same My computer page. On the left Blue pane under System tasks,click View System Info. In the resulting popup window click the General Tab. On that .at the bottom it will tell you how much memory (RAM) is installed. Post that info back. -------------------- Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear.... Become a BleepingComputer fan: Facebook |
|
|
|
|
May 11 2008, 03:32 PM
Post
#7
|
|
|
Member Group: Members Posts: 17 Joined: 11-May 08 Member No.: 208,251 |
QUOTE(boopme @ May 11 2008, 08:48 PM) Hello,OK let's figure a few things out so we're on the same page. Is this the SmitFraudFix tool you used ? QUOTE i cant scan my computer because Please go to Start > My Computer.... mouse over your Hard drive. Post back the Total and Free space. Then from the same My computer page. On the left Blue pane under System tasks,click View System Info. In the resulting popup window click the General Tab. On that .at the bottom it will tell you how much memory (RAM) is installed. Post that info back. my total is 3.00 gb and the amount is free space is 20.5mb and yes that is the smitfraudfix tool i used and 768 of ram |
|
|
|
|
May 11 2008, 04:19 PM
Post
#8
|
|
|
To INSANITY and BEYOND !! Group: Moderator Posts: 24,447 Joined: 10-September 04 From: NJ USA Member No.: 2,608 |
You will need to free up some space. the PC will always be very slow at that capacity. 20% Free space would be nice.
Go thru Control Panel and Uninstall any programs or games you no longer use. Then go into Start>All Programs >System Tools >Disk Cleanup. Run Disk Cleanup. Can you run this online scan,requires NO installing. ESET Online Scanner -------------------- Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear.... Become a BleepingComputer fan: Facebook |
|
|
|
|
May 11 2008, 04:52 PM
Post
#9
|
|
|
Member Group: Members Posts: 17 Joined: 11-May 08 Member No.: 208,251 |
i cant use the scanner because it requires me to install activeX control but wen i do that the updates failed
but ive done a few scans using some other programs and it talks about the virusheat and the trojanlop thing and the x-max and them other sites yet because the scanner is a free trial i cant delete them also i cant free up some space considering i dont have hardly anything on it except these other stuff that were on the computer before and have no clue what would happen if i delete them This post has been edited by ninjit: May 11 2008, 04:53 PM |
|
|
|
|
May 11 2008, 05:08 PM
Post
#10
|
|
|
To INSANITY and BEYOND !! Group: Moderator Posts: 24,447 Joined: 10-September 04 From: NJ USA Member No.: 2,608 |
Well it all can't be installed originally the PC is too full.
Name things and we'll tell you if if it can go. Run the disk cleanup. Also do this, Set a New Restore Point. This will also free up space,tho I prefer you did this after the Pc is clean but we need space. or we can't clean it. The easiest and safest way to do this is:
-------------------- Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear.... Become a BleepingComputer fan: Facebook |
|
|
|
|
May 12 2008, 12:56 PM
Post
#11
|
|
|
Member Group: Members Posts: 17 Joined: 11-May 08 Member No.: 208,251 |
ok i tried but i still have no difference in space
i think i fixed it now i was able to free up enough space and i used AVG and it got rid of all the malware This post has been edited by ninjit: May 13 2008, 12:53 PM |
|
|
|
|
May 13 2008, 04:16 PM
Post
#12
|
|
|
To INSANITY and BEYOND !! Group: Moderator Posts: 24,447 Joined: 10-September 04 From: NJ USA Member No.: 2,608 |
Good,then run the New restore point again so you will have a clean restore POint.
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. -------------------- Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear.... Become a BleepingComputer fan: Facebook |
|
|
|
|
May 13 2008, 05:13 PM
Post
#13
|
|
|
Member Group: Members Posts: 17 Joined: 11-May 08 Member No.: 208,251 |
ok ive done that and now im not having problems with getting redirected with google anymore
finally i feel safe using my computer again thank you |
|
|
|
|
May 13 2008, 05:20 PM
Post
#14
|
|
|
To INSANITY and BEYOND !! Group: Moderator Posts: 24,447 Joined: 10-September 04 From: NJ USA Member No.: 2,608 |
You're welcome !!
Please take a few moments to read... How did I get infected?, With steps so it does not happen again! Simple and easy ways to keep your computer safe and secure on the Internet Best Practices - Internet Safety For 2008 -------------------- Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info..
ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear.... Become a BleepingComputer fan: Facebook |
|
|
|
|
May 21 2008, 10:19 AM
Post
#15
|
|
|
Member Group: Members Posts: 17 Joined: 11-May 08 Member No.: 208,251 |
um after a while now ive noticed that my computer is starting to be really slow and just now it restarted it self for no reason and now has 9mb left for some reason on my Drive C im just wondering can it still the spyware and trojans still be hiding in my computer somewhere and downloading more spyware on my comp
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th February 2010 - 11:02 AM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.