Hello there and welcome to Bleeping Computer's security forum.
My name is David
, I will be helping you with your log today.
It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask
Please download SmitfraudFix
Open the file and it will extract the contents (a folder named SmitfraudFix) to your Desktop.
Now reboot into Safe Mode
This can be done tapping the F8
key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Once in Safe Mode, open the SmitfraudFix
Select option #2 - Clean
by typing 2
and press "Enter
" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y
and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll
is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y
and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txtWarning
: running option #2 on a non infected computer will remove your Desktop background.
Also post a new Hijackthis log.
Oh yes, and in future, no need to attach the logs, you can simply post them directly on the topic.
Edited by D-Trojanator, 01 November 2007 - 06:34 PM.