Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant Seem To Remove With Smitfraudfix


  • Please log in to reply
3 replies to this topic

#1 steve330

steve330

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 13 September 2007 - 09:57 PM

I have tried to remove one of the fake alert issues from my computer and cant seem to get it off. I have ran the smitfraudfix solution and no luck. What should I do next? Where do I turn and how do I find out which one it is so I can search for the correct removal tool?

~Mod Edit: Moved topic to more appropriate forum~ TMacK

Edited by TMacK, 14 September 2007 - 12:28 AM.


BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 14 September 2007 - 02:56 AM

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1, and press Enter.
A text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 steve330

steve330
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 14 September 2007 - 10:36 PM

I have followed what you asked me to do and it is below. I want to address a few issue and give you some background on what I have done and tried so far. and what seems to still linger. I need to be clear that I am trying to avoid doing a HD reformat. I will as a last resort but the good news is I have backed up my things. so If needed I can go that route but would like to avoid that as I don't want to have to reinstall programs.

First let me start with this, It seems that I cant access my Task manager! Big issue!. The pop-ups in the system tray have seemed to go away and and My the Desktop Background on my second user profile where this all started as seemed to stay and not change to the one that tells me I have someone trying to get into my computer.
The thing that seems to be odd to me is that I have been notified at least five times in the last two days that there are Automatic updates for me to install. So I am wondering if there is some issue that is bringing this stuff in via that route?

I had this issue a year ago with the fake virus alert stuff, at the time I did not know what it was but was able to fin the smitfraudfix and take care of it at that time. I have since fixed it on a friend of mines machine. But this one has seemed to kick my a_ _! I have also found the site Major Geeks and have looked on there for help as well. On that site they recommended a tool to clean up the computer, CCleaner. I have used that along with removing a bunch of programs. to help things speed up and to eliminate waste. With that said I have used that tool to work on my Start up folder and clean things up. well with the start up folder I had it down to lets say 10 items that would start up. then after what I think was an install of automatic updates (issue as stated above) then when I restated that computer there where at least 18-20 items in that folder.

I also have used a program that is called SDfix.exe which I got from Major geeks to try and help restore my Task manager issue. I cant find the report on that one, but I can either rerun it or search for it if you want it.

To close I have run the Smitfraudfix at least ten times along with other fixes I have come across to try and fix this issue. It does seem to be getting better but I don't have comfort that it is fixed until I can access my task manager and keep the start up menu clear. Also if you can recommend things I need to do to prevent this issue.



This is the one following Option 1 search.

SmitFraudFix v2.223

Scan done at 21:56:00.75, Fri 09/14/2007
Run from L:\Virus Cleanup folder\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Administrator


C:\Documents and Settings\Administrator\Application Data


Start Menu


C:\DOCUME~1\ADMINI~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Rustock



DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8DFE7441-D09C-4E3F-AF3D-0DC6C8231B38}: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8DFE7441-D09C-4E3F-AF3D-0DC6C8231B38}: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.15.1


Scanning for wininet.dll infection


End



This is the one after option 2 clean!
SmitFraudFix v2.223

Scan done at 21:56:00.75, Fri 09/14/2007
Run from L:\Virus Cleanup folder\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Administrator


C:\Documents and Settings\Administrator\Application Data


Start Menu


C:\DOCUME~1\ADMINI~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Rustock



DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8DFE7441-D09C-4E3F-AF3D-0DC6C8231B38}: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8DFE7441-D09C-4E3F-AF3D-0DC6C8231B38}: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.15.1


Scanning for wininet.dll infection


End

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 15 September 2007 - 03:40 PM

Please follow our Preparation Guide For Use Before Posting a HijackThis Log; running all of the scans before posting your HijackThis log. Do not post your log here, but instead use our HijackThis Logs and Analysis Forum.
After posting a log you should NOT make further changes to your computer except those that are advised by a member of the HijackThis Team; doing so can cause system changes that may not be visible in your log. Please be patient whilst waiting for a response, our HJT Team is currently very busy, and as we try to deal with logs on a "first come first served" basis, you may have to wait a short while.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users