Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The White X


  • Please log in to reply
4 replies to this topic

#1 spliftkilla

spliftkilla

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 28 February 2008 - 07:12 PM

its at the bottem of the screen and keeps poppin up tellin me to dl ultamait defender, now i did read some other post and tried some stuff but i assume ur gonna need that log file so here it is............


SmitFraudFix v2.298

Scan done at 18:52:11.39, Thu 02/28/2008
Run from C:\Documents and Settings\April Cole\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield .exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aim6 .exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS

C:\WINDOWS\.protected FOUND !

C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\April Cole


C:\Documents and Settings\April Cole\Application Data


Start Menu

C:\DOCUME~1\APRILC~1\STARTM~1\Programs\Startup\.protected FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected FOUND !

C:\DOCUME~1\APRILC~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=dword:00000001
"AppInit_DLLs"="cru629.dat"


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Rustock



DNS

Description: Broadcom 802.11b/g WLAN - Packet Scheduler Miniport
DNS Server Search Order: 204.186.0.201
DNS Server Search Order: 207.44.96.129
DNS Server Search Order: 24.229.54.212

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FC0724EE-04F8-4E19-9608-9E196B243867}: DhcpNameServer=204.186.0.201 207.44.96.129 24.229.54.212
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FC0724EE-04F8-4E19-9608-9E196B243867}: DhcpNameServer=204.186.0.201 207.44.96.129 24.229.54.212
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FC0724EE-04F8-4E19-9608-9E196B243867}: DhcpNameServer=204.186.0.201 207.44.96.129 24.229.54.212
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=204.186.0.201 207.44.96.129 24.229.54.212
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=204.186.0.201 207.44.96.129 24.229.54.212
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=204.186.0.201 207.44.96.129 24.229.54.212


Scanning for wininet.dll infection


End
if theres anything else please let me know i allready did the atf-cleaner thing and will do again before any cleaning is done. thank you for ur time

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:59 PM

Posted 28 February 2008 - 10:27 PM

Hello spliftkilla

Welcome to BleepingComputer.
=====================
Please download Hijackthis and post a log in this forum Here

You can download Hijackthis from Here

Edited by kahdah, 28 February 2008 - 10:32 PM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 spliftkilla

spliftkilla
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 29 February 2008 - 07:18 PM

ok well i did what u said and all it does is goto the install screen i click install it dissapears and put a shortcut on my desktop and when i click on the shortcut nothing happens???

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:59 PM

Posted 21 March 2008 - 08:29 PM

Ok please post a topic in the Malware removal forum as stated in my previous post please thank you.

Edited by kahdah, 21 March 2008 - 08:31 PM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:59 PM

Posted 17 April 2008 - 11:59 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users