Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm Infected! Please Help Me.!


  • Please log in to reply
24 replies to this topic

#1 sugarfree

sugarfree

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 21 December 2007 - 05:23 AM

I've been getting slow computer. I've defrag my C: and D: drive. Didnt help.

I've also done a scan and remove the problems by using SpyBot Search & Destroy.

Sometimes the all my icons and shortcuts will all the sudden disappear, left only the desktop wallpaper on the screen, no matter what i do my icons and shortcuts wouldnt reappear! Not even a mouse cursor so i cant even go to the "Start" menu to shut down the laptop, i had to pull the plug!

I'm using Window XP, my internet explorer has been getting your-internet-explorer-need-to-be-closed-down pop-ups from Dr Watson Postmortem Debugger(says at the top of the pop-up window), I think one time i didnt read it properly, i thought it was just a normal need-to-be-close-down pop-up from Windows XP so i clicked "send report" and now my computer is slower!

Also i've been getting pop-up from Crush Calculator, which i obviously didnt subscribe.

My security center balloon (the red circle with a cross) said that Spyware Threats Detected, but when i click the balloon to fix, it wouldnt do anything.

My Norton Antivirus is expired!

A friend told me i should download avg75iswt_516a1225, so i did, but i cant get it running.! I clicked "run" but it wouldnt do anything.!

Please tell me what to do and what not to do? is it possible that other people would be able to see my files in my computer? how bad is it? should i stop connecting my infected laptop to the internet?

Any help or advise will be very much appreciated.!!

Edited by sugarfree, 21 December 2007 - 05:34 AM.


BC AdBot (Login to Remove)

 


m

#2 xXAlphaXx

xXAlphaXx

  • Members
  • 867 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carlona
  • Local time:10:34 PM

Posted 21 December 2007 - 01:08 PM

I would have recomended AVG my self but....

Try rebooting and running anti-virus scans and such in safe mode.

(Press F8 on bootup)
If I am helping you and I do not respond within 24 hours, please send me a PM. :)

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,564 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:34 PM

Posted 21 December 2007 - 03:14 PM

My Norton Antivirus is expired!

Then you either need to renew your subscription, or remove and replace it with another anti-virus program immediately.

See BC's Freeware Replacements For Common Commercial Apps and List of Virus & Malware Resources for an alternative free anti-virus.

If you choose to remove Norton and uninstalling via Add/Remove Programs does not work properly, then download and run the Norton Removal Tool (SymNRT) for your version of Windows. (skip step 3 if your not going to reinstall your Norton product). An alternate download link is also available here.

Run a full system scan with your anti-virus in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

When done, please do this:

Download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 sugarfree

sugarfree
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 23 December 2007 - 06:04 AM

Thank you so much for the reply.! I really appreciate this!! :thumbsup:

It's my first time using SuperAntiSpyware, is it normal that everytime i double-click on the icon trying to run the program, it's installing itself again.. so far i've install it approx 5 times.. I thought we usually only install once but this program seems different.. Everytime i click it, i have no other options but to go thru the installation process again before i get to the main menu, just wondering if this is normal...

Here's my scan log. (my SuperAntiSpyware scan ended up taking 2 hours!)

______________________________________________
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/23/2007 at 11:34 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 02:03:19

Memory items scanned : 451
Memory threats detected : 2
Registry items scanned : 4426
Registry threats detected : 19
File items scanned : 43909
File threats detected : 4

Trojan.Unknown Origin/System
C:\WINDOWS\SYSTEM32\WINHDN32.DLL
C:\WINDOWS\SYSTEM32\WINHDN32.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\winhdn32

Trojan.WinFixer
C:\WINDOWS\SYSTEM32\AWTQR.DLL
C:\WINDOWS\SYSTEM32\AWTQR.DLL
HKLM\Software\Classes\CLSID\{02EE28D1-F36E-4071-A14F-986025FF6899}
HKCR\CLSID\{02EE28D1-F36E-4071-A14F-986025FF6899}
HKCR\CLSID\{02EE28D1-F36E-4071-A14F-986025FF6899}\InprocServer32
HKCR\CLSID\{02EE28D1-F36E-4071-A14F-986025FF6899}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02EE28D1-F36E-4071-A14F-986025FF6899}

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
HKLM\SOFTWARE\Microsoft\MSSMGR#PID
HKLM\SOFTWARE\Microsoft\MSSMGR#Rid

Adware.Tracking Cookie
C:\Documents and Settings\Brenda\Local Settings\Temp\Cookies\brenda@ads.xtra.co[1].txt
C:\Documents and Settings\Brenda\Local Settings\Temp\Cookies\brenda@ads.xtramsn.co[1].txt
_______________________________________________

At the moment, i have the following programme installed:
1. Ad-aware SE Personal
2. Super Anti Spyware
3. SpywareBlaster (havent update for long time)
4. ATF Cleaner
5. Spybot search & Destroy
6. AVG (that didnt work)

Please advise what i should do next..!! thanks so much!

Have a Merry Christmas!

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,564 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:34 PM

Posted 23 December 2007 - 07:13 AM

Please follow the the instructions for using Vundofix in BC's self-help tutorial: "How To Remove Vundo/Winfixer Infection".

After running VundoFix, a text file named vundofix.txt will have automatically been saved to the root of the system drive, usually at C:\vundofix.txt. Please copy & paste the contents of that text file into your next reply.

Then do a full system scan with your anti-virus and left me know what it found. If it cannot remove something, please provide the specific file name of the threat and where is it located (full file path) at on your system,
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,564 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:34 PM

Posted 23 December 2007 - 10:09 AM

I forgot to address SAS.

What you describe is not normal behavior for SAS. Try using the Windows Installer CleanUp Utility - (it will list all programs that use Windows Installer)..
  • Double-click on msicuu2.exe and click "Next".
  • Accept the license agreement, click "Next", then click "Next" again.
  • Click "Finish" when done.
  • Go to Start > Programs and click on Windows Install CleanUp to launch the program.
  • In the list of Install Products, check to see if the program is present.
  • If so, highlight that entry, then click on the "Remove" button.
  • Reboot when done.

Dr. Watson for Windows is a program error debugger that gathers information about your computer when an error (or user-mode fault) occurs with a program. Technical support groups can use the information that Dr. Watson obtains and logs to diagnose a program error. When an error is detected, Dr. Watson creates a text file (Drwtsn32.log) that can be delivered to support personnel by the method they prefer. You also have the option of creating a crash dump file, which is a binary file that a programmer can load into a debugger...

Description of the Dr. Watson for Windows

"Memory Dumps in XP".
"Overview of memory dump file options for Windows 2000/XP/2003".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 sugarfree

sugarfree
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 24 December 2007 - 05:44 AM

THanks so much for the prompt reply, i think i clicked the wrong icon of the SAS, instead of the shortcut i clicked the installation shortcut, sorry. that was my mistake. all these times i was thinking something was wrong with my SAS..! sorry! thanks so the advise!

After i ran the VundoFix, i scanned with SAS, this is what i found:
- Adware.VundoVariant (1 item)
- Trojan.Winfixer (7 items).

I quarantined and remove item, and also rebooted it.

When i reboot the computer, this window came up:
RUN DLL (the top blue tab)
Error loading C:\WINDOWS\system32\wygwnwtp.dll
The speficied module could not be found.

Then i scanned with VirtumundoBeGone, the RUN DLL still came up right after i rebooted the computer.

This is my VBG log.

_________________________________________________________

[12/24/2007, 22:13:57] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Brenda\Desktop\VirtumundoBeGone.exe" )
[12/24/2007, 22:14:04] - Detected System Information:
[12/24/2007, 22:14:04] - Windows Version: 5.1.2600, Service Pack 2
[12/24/2007, 22:14:04] - Current Username: Brenda (Admin)
[12/24/2007, 22:14:04] - Windows is in SAFE mode with Networking.
[12/24/2007, 22:14:04] - Searching for Browser Helper Objects:
[12/24/2007, 22:14:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/24/2007, 22:14:04] - BHO 2: {1515B906-999A-48F3-8BF4-B7EC61BF5B38} ()
[12/24/2007, 22:14:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/24/2007, 22:14:04] - Checking for HKLM\...\Winlogon\Notify\tuvvtqn
[12/24/2007, 22:14:04] - Key not found: HKLM\...\Winlogon\Notify\tuvvtqn, continuing.
[12/24/2007, 22:14:04] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[12/24/2007, 22:14:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/24/2007, 22:14:04] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[12/24/2007, 22:14:04] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[12/24/2007, 22:14:04] - BHO 4: {76F262CF-0308-0FB4-F7A3-043266F3A47C} ()
[12/24/2007, 22:14:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/24/2007, 22:14:04] - Checking for HKLM\...\Winlogon\Notify\csihivau
[12/24/2007, 22:14:04] - Key not found: HKLM\...\Winlogon\Notify\csihivau, continuing.
[12/24/2007, 22:14:04] - BHO 5: {8388088e-eda3-4b1a-b44a-918f8f0d7f02} ()
[12/24/2007, 22:14:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/24/2007, 22:14:04] - Checking for HKLM\...\Winlogon\Notify\mupyukav
[12/24/2007, 22:14:04] - Key not found: HKLM\...\Winlogon\Notify\mupyukav, continuing.
[12/24/2007, 22:14:04] - BHO 6: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[12/24/2007, 22:14:04] - BHO 7: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[12/24/2007, 22:14:04] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/24/2007, 22:14:04] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[12/24/2007, 22:14:04] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[12/24/2007, 22:14:04] - BHO 11: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[12/24/2007, 22:14:04] - Finished Searching Browser Helper Objects
[12/24/2007, 22:14:04] - Finishing up...
[12/24/2007, 22:14:04] - Nothing found! Exiting...

[12/24/2007, 22:17:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Brenda\Desktop\VirtumundoBeGone.exe" )
[12/24/2007, 22:17:55] - Detected System Information:
[12/24/2007, 22:17:55] - Windows Version: 5.1.2600, Service Pack 2
[12/24/2007, 22:17:55] - Current Username: Brenda (Admin)
[12/24/2007, 22:17:55] - Windows is in SAFE mode with Networking.
[12/24/2007, 22:17:55] - Searching for Browser Helper Objects:
[12/24/2007, 22:17:55] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/24/2007, 22:17:55] - BHO 2: {1515B906-999A-48F3-8BF4-B7EC61BF5B38} ()
[12/24/2007, 22:17:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/24/2007, 22:17:55] - Checking for HKLM\...\Winlogon\Notify\tuvvtqn
[12/24/2007, 22:17:55] - Key not found: HKLM\...\Winlogon\Notify\tuvvtqn, continuing.
[12/24/2007, 22:17:55] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[12/24/2007, 22:17:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/24/2007, 22:17:55] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[12/24/2007, 22:17:55] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[12/24/2007, 22:17:55] - BHO 4: {76F262CF-0308-0FB4-F7A3-043266F3A47C} ()
[12/24/2007, 22:17:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/24/2007, 22:17:55] - Checking for HKLM\...\Winlogon\Notify\csihivau
[12/24/2007, 22:17:55] - Key not found: HKLM\...\Winlogon\Notify\csihivau, continuing.
[12/24/2007, 22:17:55] - BHO 5: {8388088e-eda3-4b1a-b44a-918f8f0d7f02} ()
[12/24/2007, 22:17:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/24/2007, 22:17:55] - Checking for HKLM\...\Winlogon\Notify\mupyukav
[12/24/2007, 22:17:55] - Key not found: HKLM\...\Winlogon\Notify\mupyukav, continuing.
[12/24/2007, 22:17:55] - BHO 6: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[12/24/2007, 22:17:55] - BHO 7: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[12/24/2007, 22:17:55] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[12/24/2007, 22:17:55] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[12/24/2007, 22:17:55] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[12/24/2007, 22:17:55] - BHO 11: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[12/24/2007, 22:17:55] - Finished Searching Browser Helper Objects
[12/24/2007, 22:17:55] - Finishing up...
[12/24/2007, 22:17:55] - Nothing found! Exiting...

________________________________________

My security center balloon still tells me "Spyware Threats Detected".. i think im still infected!

Please further advise! :thumbsup: Thanks so much!

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,564 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:34 PM

Posted 24 December 2007 - 08:54 AM

RunDLL32.exe is a legit Windows file that loads .dll files which too can be legit or malware related. The "Cannot find..." or "Error loading..." message usually occurs when the associated .dll has been removed and it then becomes an orphaned entry in the registry. The file may have been removed during an anti-virus or anti-malware scan or use of a specialized fix tool. However, the associated registry entry remains and is telling Windows to load the file when you boot up. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download and run Autoruns, search for the related entry and then delete it.
  • Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if your not sure how to do this.)
  • Open the folder and double-click on autoruns.exe to launch it.
  • Please be patient as it scans and populates the entries.
  • When done scanning, it will say Ready at the bottom.
  • Scroll through the list and look for a startup entry related to the file in the error message.
  • Right-click on the entry and choose delete.
  • Reboot your computer and see if the startup error returns.
Print out and follow the generic instructions for using "SmitfraudFix".
(If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated!)
-- If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive (usually C:\), and run it from there.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 sugarfree

sugarfree
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 24 December 2007 - 07:10 PM

Thanks for the advise.

My red security center balloon still keep telling me "Spyware Threats Detected", while i was downloading Autoruns.zip, and also when i've disconnected and ran & deleted the related entry from Autoruns. (there was Autoruns and Autorunsc, i chose the Autoruns)

The error loading pop-up is no longer coming up, thanks so much! :thumbsup:

While running SmitFraudFix, the Norton Antivirus keep telling me "Malicicious script detected", and shows "Stop this script (recommended", but i was afraid it will interfere with the SmitfraudFix, so i scrolled down and pick "Authorise this script"
instead.

**** Do u need to read my rapport? I have two from SmitfraudFix, one before i scan, and one after i remove.

My computer seems faster now. Does that means my computer is cleared now and no longer infected?

Should i uninstall Norton Antivirus? since it still keep telling me "spyware detected"...

Now a new pop-up has appeared while i was posting this, it says:
Your Privacy may be at risk
5 problems found
Your internet history files, Chat sessions' logs and personal Emails are at reach of anyone's hand etc etc....
1. Clean Internet Explorer Cache
2. Some application save your privacy data.
3. Delete cookies avoiding anyone to know what sites you've been visitng.
4. Remove Windows XP recent run programs.
5. Clean Microsoft Windows Explorer History.
and follows with a "repair" button at the end.

I dare not click the "repair" button because i dont know where this pop-up come from, i have never come across this.

please advise.

Edited by sugarfree, 24 December 2007 - 07:25 PM.


#10 sugarfree

sugarfree
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 24 December 2007 - 07:16 PM

I thought i'll upload it anyway... I might not check this website til hours later...

Rapport 1
______________________________

SmitFraudFix v2.274

Scan done at 12:18:26.51, Tue 25/12/2007
Run from C:\Documents and Settings\Brenda\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost

Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\WINDOWS\mgrs.exe Deleted

IEDFix

IEDFix.exe by S!Ri


DNS



Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

________________________________________________

#11 sugarfree

sugarfree
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 24 December 2007 - 07:18 PM

Rapport 2
_________________________

SmitFraudFix v2.274

Scan done at 12:18:26.51, Tue 25/12/2007
Run from C:\Documents and Settings\Brenda\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost

Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files

C:\WINDOWS\mgrs.exe Deleted

IEDFix

IEDFix.exe by S!Ri


DNS



Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,564 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:34 PM

Posted 25 December 2007 - 09:46 AM

Your Privacy may be at risk was related to a SmitFraud infection. SmitFraud is a generic description for a family of rogue applications/trojans such as Win32.Zlob that uses misleading advertising, downloads rogue security products, changes (hijacks) the Windows Desktop and drops additional malware infected files. Some variants of smitfraud may even drop a rootkit. The Trojan uses bogus security warnings and fake alerts to indicate that your computer is infected with spyware or has critical errors. SmitFraud is responsible for downloading and installing programs that purport to scan for spyware and then uses false scan reports as a scare tactic to goad you into purchasing one of several rogue programs to fix it. Your log shows smitfraudfix found bad files and removed them.

How is your computer running now? Any more alerts from Norton Antivirus? Did you renew your subscription/license?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 sugarfree

sugarfree
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 26 December 2007 - 12:33 AM

Hope u had a Happy christmas. My computer is running so much better now, thanks so much for helping me! :thumbsup:

But unfortunately, the Security Center Balloon (the red circle with a white cross sign) still shows "spyware threats detected" from time to time.. what should i do?

also the "your privacy might be at risk" pop ups, is that from the Security Center Balloon as well? or from somewhere else? I didnt start getting this until sometime after i finished VundoFix or SMitFraudFix.. will it have anything to do with it? Because i only used to get "spyware threats detected" but not "your privacy might be at risk"..

I havent renew my Norton Antivirus yet, i cant afford it.. is there any other free & reliable Antivirus software available. I downloaded SpywareBlaster last year, is that the same function?

Also, i used to go websites to look for serial number for Macromedia Freehand 11.0.2. I havent been going to those website cos i know i dont have a Antivirus software at the moment.. Do u know any website that has serial key for software yet still safe to go to?

Please advise. and thanks again.

Edited by sugarfree, 26 December 2007 - 12:43 AM.


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,564 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:34 PM

Posted 26 December 2007 - 09:24 AM

the Security Center Balloon (the red circle with a white cross sign) still shows "spyware threats detected" from time to time.. what should i do?

You need to be more specific.
1. What Security Center Ballon? Some types of malware will provide such alerts so you need to tell me what exactly is providing these ballon alerts.
2. Is there a specific file name associated with the detected threat and where is it located (full file path) on your system?
3. What operating system are you using (Win 2000, XP, XP SP1, XP SP2)?

i used to go websites to look for serial number for Macromedia Freehand 11.0.2. I havent been going to those website cos i know i dont have a Antivirus software at the moment.. Do u know any website that has serial key for software yet still safe to go to?

BC does not assist with crack or keygen tools. Not only is that practice a security risk, it is considered illegal activity and a violation of our BC Discussion/Message Boards Rules

No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user.


If you use those kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen and pirated software sites. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling Windows.

We are willing to assist with malware removal using legit tools.

I havent renew my Norton Antivirus yet, i cant afford it.. is there any other free & reliable Antivirus software available. I downloaded SpywareBlaster last year, is that the same function?

SpywareBlaster is a program that blocks spyware tracking cookies in Internet Explorer and Mozilla/Firefox. It also restricts the actions of potentially dangerous sites in Internet Explorer by adding a list of sites and domains associated with known spyware, advertisers and marketers to Internet Explorer's Restricted Sites Zone. It is not the same as an anti-virus program.

If uninstalling Norton via Add/Remove Programs does not work properly, then download and run the Norton Removal Tool (SymNRT) for your version of Windows.

Free Antivirus programs: (choose and install only one)
AVG Anti-Virus Free - AVG Anti-Virus Free User Manual
avast! 4 Home Edition - How to Install, Configure, and Use
AntiVir PersonalEdition Classic

After removing Norton and installing your new anti-virus, run a full system scan and let me know the results. Also answer ALL questions I asked above.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 sugarfree

sugarfree
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 26 December 2007 - 05:29 PM

Answers:
When the "spyware is detected" pops up and i click it, (it always pop up from my bottom right of the screen, it's in my blue bar where the time & other shortcuts located), it takes me to a bigger window Personal Security Center, which im not sure it's from somewhere else or Norton Antivirus. In the window it shows Ultimate Defender OFF, Ultimate Cleaner OFF.

I'm using Windows XP.

Is there like a Grab tool in Windows somewhere that i can use to take a screenshot to show you what exactly im on about.? Because it's only so much i can describe about things like this.

Sorry about mentioning the serial key, im a student n sometimes that's what u had to do out of desperation. I do apologise for that.
___________________________________

Add/Remove Programs:
When i go to Control Panel for Add/Remove Programs, my list doesnt show Norton Antivirus. But i do have a "Norton Internet Security 2005 (Symantec Corporation)", is it the same thing? Just wanted to make sure before i delete something that i shouldnt of.
___________________________________

AVG:
My first post mentioned that my AVG didnt work, I wasnt sure I downloaded right so i I right-clicked it for the Properties menu, and it did show 37.1MB, so i guess i did downloaded the whole thing. And i also clicked the "Unblock" button, cos it says "it might be damaging my computer".

But i havent tried whether it's working or not after i clicked the "unblock" button, I thought i should wait til after i fully remove Norton Antivirus?

But the strange thing is, AVG shows on my desktop, but it doesnt in the "Add/Remove Programs" list in Control Panel, nor my programs list in my "Start" menu. What does that mean?

___________________________________

Now my "your privacy might be at risk"pop up changed to "Unnecessary registry entries found". This one also pop ups from bottom right of my screen, where the time located. Only this one hasnt got a shortcut (for i.e. the "spyware detected" has a shortcut u can click on that looks like a red circle with a cross).
___________________________________

I tried to be as specific as i can this time. Please advise. Appreciating your time.

Edited by sugarfree, 26 December 2007 - 05:42 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users