BleepingComputer.com: Bloodhound Morphine, Smitfraud-c And Dyfuca

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Bloodhound Morphine, Smitfraud-c And Dyfuca

#1 User is offline   Ras_Al_Ghul 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 26
  • Joined: 14-December 05
  • Gender:Male
  • Location:Brooklyn NY

Posted 23 June 2006 - 12:21 PM

This morning NAV was flagging multiple copies of Trojan Horse and one incident of Bloodhound Morphine.

I ran NAV in Safe Mode with System Recovery set to 'off'.

Spybot was also flagging Smitfraud-C and DyFuCA.

I searched the Forum and followed instructions posted by Quietman7. Smitfraud-C and DyFuCA apear to have been successfully removed.

I just wanted to let you know that your instructions still seem to work:

http://www.bleepingcomputer.com/forums/topic54186.html

Thanks again.
The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents. - Nathaniel Borenstein (1957 - )

#2 User is offline   quietman7 

  • Bleepin' Janitor
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Global Moderator
  • Posts: 25,078
  • Joined: 09-July 05
  • Location:Virginia, USA

Posted 24 June 2006 - 05:00 PM

Your welcome Ras_Al_Ghul and thanks for the feedback. One thing that has changed in those instructions is that Ewido 3.5 was recently updated to version 4.0 and works even better than ever. :thumbsup:
Microsoft MVP - Consumer Security 2007-2012 Posted Image
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#3 User is offline   quietman7 

  • Bleepin' Janitor
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Global Moderator
  • Posts: 25,078
  • Joined: 09-July 05
  • Location:Virginia, USA

Posted 24 June 2006 - 05:00 PM

Your welcome Ras_Al_Ghul and thanks for the feedback. One thing that has changed in those instructions is that Ewido 3.5 was recently updated to version 4.0 and works even better than ever. :thumbsup:
Microsoft MVP - Consumer Security 2007-2012 Posted Image
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#4 User is offline   Ras_Al_Ghul 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 26
  • Joined: 14-December 05
  • Gender:Male
  • Location:Brooklyn NY

Posted 25 June 2006 - 09:03 AM

Thanks, Quietman.

Interesting observation - Smitfraud-C seems to re-infect itself on our PC. Spybot always finds Smitfraud-C and something called Fastclick. It destroys Fastclick but not SmitFraud-C.

It doesn't APPEAR to cause any problems, but I would prefer it not be there be at all!

Would you recommend trying those steps again with the newer version of Ewido?

Should I post a HijackThis log?

Thanks.

Below is what Spybot finds:
==========================================================
FastClick: Tracking cookie (Internet Explorer: Daniel Campana) (Cookie, nothing done)


Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2732071641-624806248-3400032382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2732071641-624806248-3400032382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2732071641-624806248-3400032382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracktraff.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2732071641-624806248-3400032382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trackhits.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2732071641-624806248-3400032382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.tempx.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2732071641-624806248-3400032382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=W=4


--- Spybot - Search && Destroy version: 1.3 ---
2005-04-26 Includes\Cookies.sbi
2005-07-22 Includes\Dialer.sbi
2005-07-22 Includes\Hijackers.sbi
2005-06-23 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2005-07-22 Includes\Malware.sbi
2005-07-22 Includes\PUPS.sbi
2005-04-27 Includes\Revision.sbi
2005-07-22 Includes\Security.sbi
2005-07-19 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-07-22 Includes\Trojans.sbi
The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents. - Nathaniel Borenstein (1957 - )

#5 User is offline   quietman7 

  • Bleepin' Janitor
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Global Moderator
  • Posts: 25,078
  • Joined: 09-July 05
  • Location:Virginia, USA

Posted 25 June 2006 - 11:39 AM

Your Spybot log shows your using an outdated version (v1.3) of the program. You should remove it and download and scan with Spybot S&D 1.4. Be sure to update the definitions first.

As for the Smitfraud-C.: User settings (Registry change, nothing done) entries, are you using IE-Spyad? Read here.

This post has been edited by quietman7: 25 June 2006 - 11:53 AM

Microsoft MVP - Consumer Security 2007-2012 Posted Image
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#6 User is offline   Ras_Al_Ghul 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 26
  • Joined: 14-December 05
  • Gender:Male
  • Location:Brooklyn NY

  Posted 25 June 2006 - 12:51 PM

Thanks, Quietman.

That seemed to do it. Smitfraud-c no longer appears on Spybot scan using the with updated version.

RE: IE-Spyad - I am not aware that anyone here uses it.

Thanks again.
The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents. - Nathaniel Borenstein (1957 - )

#7 User is offline   quietman7 

  • Bleepin' Janitor
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Global Moderator
  • Posts: 25,078
  • Joined: 09-July 05
  • Location:Virginia, USA

Posted 25 June 2006 - 01:47 PM

:thumbsup:
Microsoft MVP - Consumer Security 2007-2012 Posted Image
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users