Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Starts Ok But Other Possible Registry Problems Since Using Smitfraudfix


  • Please log in to reply
11 replies to this topic

#1 Cindylu

Cindylu

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 03 December 2007 - 10:35 AM

To be brief, I had reason to believe I was infected with MalwareAlarm and after finding a topic for it here I followed the instructions for removal using Smitfraudfix. URL of topic is here Topic 105302
I downloaded the version of Smitfraudfix that I used from there and followed the instructions. After that I was unable to view some web pages. All I got was words and links but no ads or images. It appears that possibly the address in the system registry pertaining to stylesheets may be corrupted or missing. Also when I tried to do a Windows Update all the updates for the past week failed.

Would the fix that is here for the issue of computers not starting do anything for my problem? I hate to do anything more to my pc than necessary but it's really not usable at this point. I'd really like to avoid reformatting my hard drive if possible.

Any info would be greatly appreciated. I am using Windows XP and up until now I have kept it up to date with all patches, etc. I have also scanned my pc to within an inch of its life and although it indicated MalwareAlarm (a pop-up) I have not been able to get it confirmed that it was ever there by Norton, AVG, Spybot, or AdAware. Just that silly pop-up saying I should download it and when I "x'd" out of the window (so I wouldn't download it) it acted like it was doing some sort of online scan anyway, so I closed my browser and began trying to fix it which is how I ended up using Smitfraud.

So now I think maybe I don't have MalwareAlarm, but I do seem to have a very messed up registry or something.

Anyway, thanks in advance for your help.

Cindylu

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:17 AM

Posted 03 December 2007 - 10:57 AM

Try this. Log on as an administrator.
Go to Start > Run and type: cmd
Type: ipconfig /flushdns
Type: netsh winsock reset
You will receive the message: "Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset." Close the command box and reboot your computer.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:17 PM

Posted 03 December 2007 - 11:05 AM

Would the fix that is here for the issue of computers not starting do anything for my problem?

No. That fix was for a problem with an older version of the tool.

When you ran the tool, did it find/remove any malware files? A text file named rapport.txt will have appeared onscreen with results from the cleaning process. The file is automatically saved to the root of the system drive, usually at C:\rapport.txt.

unable to view some web pages. All I got was words and links but no ads or images

Did you check your browser settings to verify that the "Show Pictures" option has not been turned off.

Pictures are not displayed on Web sites in Internet Explorer
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Cindylu

Cindylu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 03 December 2007 - 12:23 PM

sorry.....I'm deleting this lengthy post because I thought it hadn't posted and I submitted a shortened one.

Edited by Cindylu, 03 December 2007 - 12:33 PM.


#5 Cindylu

Cindylu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 03 December 2007 - 12:30 PM

Budapest-I tried what you said but it didn't work. Thanks for trying!

quietman7-The multimedia settings in my browser are all checked so that doesn't appear to be the problem.

I actually have the problem using BOTH Internet Explorer AND Firefox so that is why it seems that it is a problem outside either of my browsers. I can see many web pages fine but some (which I know use css extensively) are missing background images and all other images. Words are overlapping and all in the wrong place like all down the center of the page or way over to one side. The browsers are not reading the pages correctly.

I do have the rapport.txt file (I saved it to my desktop for easy access). Here it is (in my slightly edited version):

SmitFraudFix v2.256

Scan done at 11:14:08.32, Sun 12/02/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost


127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com

and a bazillion more which I won't list because it's WAY TOO LONG down to

127.0.0.1 www.tutogratis.it
127.0.0.1 tutorial-hq.com
127.0.0.1 www.tutorial-hq.com
127.0.0.1 tutrogratis.it
127.0.0.1 www.tutrogratis.it


Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


DNS



Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

That's it. I couldn't find where it listed anything it deleted. But this problem didn't seem to occur until after using it so I just assumed it might have deleted something from the registry. Another thing I read somewhere said it could be the stylesheet and when I looked in regedit I saw that there is NO registry key for stylesheet at all. But I'm not knowledgable enough to know how to add a registry or even if every registry needs a stylesheet key or value. When I go to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main I find no.........what they call "string value" for stylesheets. Now, lest you think I know what that is.........I really just know it's not there where I guess it's supposed to be.

Okay........I hope you can make sense out of all this. I SO appreciate your help. I've been at this for 2 days and am getting weary.

Thanks.

Cindylu

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:17 PM

Posted 03 December 2007 - 01:07 PM

The issue you describe does not sound malware related. Try clearning your Web browser cache. As you browse web pages, the browser stores a copy of the pages you view on your local hard drive; this is called caching. Clearing the cache forces the browser to load the latest versions of Web pages and programs you visit.

To do this with Internet Explorer, Empty the Internet Explorer cache.
To do this with Firefox, Clear Cache, Cookies and History.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Cindylu

Cindylu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 03 December 2007 - 01:47 PM

Why didn't I think of that? Even after flushing the winsock it wouldn't matter if I didn't clear my cache! I guess I'm just so exhausted from all this cleaning and flushing I can't think straight. Besides I just cleared my cache yesterday!

Anyway, I cleared the cache of both browsers using ATF-Cleaner (love that!) and lo and behold

IT WORKS! At least it works in Firefox and that's all I really care about anyway.

So now I'm just hoping I'm clean of MalwareAlarm. I guess if nothing detects it I'll just assume I closed the browser window before it actually infected me. It seemed like it was doing an online scan anyway so maybe it wasn't actually on my PC.

Thank you SO much! I am forever grateful to both of you for helping me!

Cindylu

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:17 PM

Posted 03 December 2007 - 02:37 PM

Your welcome.

Now you should Create a New Restore Point to enable your computer to "roll-back" to a clean working state. Then use Disk Cleanup to remove all but the most recently created Restore Point.

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"The Ten Most Dangerous Things Users Do Online".
"The 10 Biggest Security Risks".
"Hardening Windows Security - Part 1" and "Hardening Windows Security - Part 2".

Edited by quietman7, 03 December 2007 - 02:37 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Cindylu

Cindylu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 03 December 2007 - 05:15 PM

I will create a new restore point. But first, I have this one little issue that I can't seem to update the latest Windows update because it appears I can't get my BITS to start. Updates worked fine up until a few days ago and now this. Sheesh.

I go to start, run, services.msc, ok, highlight BITS, click Properties, make sure it says Automatic and then I TRY to click Start because it says it's stopped and I get an Error 126 saying the specified module cannot be found. So now I'm trying to find a BIT fix. I guess I need to reinstall the module?

Seems like it's just one thing after another here.

Anyway, as SOON as I get this all straightened out I will create a restore point.

Now I need to make dinner or my family is going to mutiny.

Thanks again.

Cindylu

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:17 PM

Posted 03 December 2007 - 06:35 PM

You should be able to see the error by looking in the Event Log. Read "How To Use the Event Viewer Applet".

Try Dial-a-fix. This tool is a collection of 'known fixes' that address some serious Windows problems. It tackles issues with SSL/Cryptography, Windows Update, Microsoft Installer, Restrictive polices/Registry issues and miscellaneous shell problems.
  • Launch the program and place a check in the box: "Fix Windows Update".
  • Click GO and make sure you press: "[b}Flush SoftwareDistribution[/b]".
  • Restart your computer when done.
  • There is a "check all" button which is useful as a last resort effort, or when you cannot determine where a particular problem is coming from..

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Cindylu

Cindylu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 06 December 2007 - 07:14 AM

I did what you said and was able to run Windows Update.

Thank you!

Cindylu

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:17 PM

Posted 06 December 2007 - 08:16 AM

Your welcome. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users