Bloodhound Morphine, Smitfraud-c And Dyfuca

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Important Announcement: We have two terrific contests running on the site that I wanted all our members and guests to know about.

The first contest is the HP Magic Giveaway, which is underway as of November 28th. More information can be found at this topic, which will be updated very soon with further information.

The second contests, is for the chance to win two Seagate FreeAgent external hard drives. More information about this contest can be found here.

These are both amazing contests and I suggest everyone submit an entry for them.

- BleepingComputer Management

BleepingComputer.com > Security > Am I infected? What do I do?

When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

Bloodhound Morphine, Smitfraud-c And Dyfuca

Options

Ras_Al_Ghul View Member Profile	Jun 23 2006, 12:21 PM Post #1
Member Group: Members Posts: 23 Joined: 14-December 05 Member No.: 44,667	This morning NAV was flagging multiple copies of Trojan Horse and one incident of Bloodhound Morphine. I ran NAV in Safe Mode with System Recovery set to 'off'. Spybot was also flagging Smitfraud-C and DyFuCA. I searched the Forum and followed instructions posted by Quietman7. Smitfraud-C and DyFuCA apear to have been successfully removed. I just wanted to let you know that your instructions still seem to work: http://www.bleepingcomputer.com/forums/topic54186.html Thanks again. -------------------- [color=#6600CC][b][b][color=#3366FF]

quietman7 View Member Profile	Jun 24 2006, 05:00 PM Post #2
Bleepin' Janitor Group: Global Moderator Posts: 13,529 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	Your welcome Ras_Al_Ghul and thanks for the feedback. One thing that has changed in those instructions is that Ewido 3.5 was recently updated to version 4.0 and works even better than ever. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2008

quietman7 View Member Profile	Jun 24 2006, 05:00 PM Post #3
Bleepin' Janitor Group: Global Moderator Posts: 13,529 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	Your welcome Ras_Al_Ghul and thanks for the feedback. One thing that has changed in those instructions is that Ewido 3.5 was recently updated to version 4.0 and works even better than ever. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2008

Ras_Al_Ghul View Member Profile	Jun 25 2006, 09:03 AM Post #4
Member Group: Members Posts: 23 Joined: 14-December 05 Member No.: 44,667	Thanks, Quietman. Interesting observation - Smitfraud-C seems to re-infect itself on our PC. Spybot always finds Smitfraud-C and something called Fastclick. It destroys Fastclick but not SmitFraud-C. It doesn't APPEAR to cause any problems, but I would prefer it not be there be at all! Would you recommend trying those steps again with the newer version of Ewido? Should I post a HijackThis log? Thanks. Below is what Spybot finds: ========================================================== FastClick: Tracking cookie (Internet Explorer: Daniel Campana) (Cookie, nothing done) Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-2732071641-624806248-3400032382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-2732071641-624806248-3400032382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-2732071641-624806248-3400032382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracktraff.cc\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-2732071641-624806248-3400032382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trackhits.cc\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-2732071641-624806248-3400032382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.tempx.cc\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-2732071641-624806248-3400032382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\!=W=4 --- Spybot - Search && Destroy version: 1.3 --- 2005-04-26 Includes\Cookies.sbi 2005-07-22 Includes\Dialer.sbi 2005-07-22 Includes\Hijackers.sbi 2005-06-23 Includes\Keyloggers.sbi 2004-05-12 Includes\LSP.sbi 2005-07-22 Includes\Malware.sbi 2005-07-22 Includes\PUPS.sbi 2005-04-27 Includes\Revision.sbi 2005-07-22 Includes\Security.sbi 2005-07-19 Includes\Spybots.sbi 2005-02-17 Includes\Tracks.uti 2005-07-22 Includes\Trojans.sbi -------------------- [color=#6600CC][b][b][color=#3366FF]

quietman7 View Member Profile	Jun 25 2006, 11:39 AM Post #5
Bleepin' Janitor Group: Global Moderator Posts: 13,529 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	Your Spybot log shows your using an outdated version (v1.3) of the program. You should remove it and download and scan with Spybot S&D 1.4. Be sure to update the definitions first. As for the Smitfraud-C.: User settings (Registry change, nothing done) entries, are you using IE-Spyad? Read here. This post has been edited by quietman7: Jun 25 2006, 11:53 AM -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2008

Ras_Al_Ghul View Member Profile	Jun 25 2006, 12:51 PM Post #6
Member Group: Members Posts: 23 Joined: 14-December 05 Member No.: 44,667	Thanks, Quietman. That seemed to do it. Smitfraud-c no longer appears on Spybot scan using the with updated version. RE: IE-Spyad - I am not aware that anyone here uses it. Thanks again. -------------------- [color=#6600CC][b][b][color=#3366FF]

quietman7 View Member Profile	Jun 25 2006, 01:47 PM Post #7
Bleepin' Janitor Group: Global Moderator Posts: 13,529 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	-------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2008

« Next Oldest · Am I infected? What do I do? · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 4th December 2008 - 04:02 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides