Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Computer Is Infected With A Virus, And I Need Help Getting Rid Of It.


  • Please log in to reply
4 replies to this topic

#1 chelzers044

chelzers044

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 15 March 2008 - 04:43 PM

My background has been replaced by a blue screen saying, "Your computer has several fatal errors due to spyware activity." Also, I keep getting pop ups from a supposed spyware scanner at antispywareupdates.net. I have tried several AVG scans, but I have been unable to get rid of this. Please help me.

BC AdBot (Login to Remove)

 


m

#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:24 PM

Posted 15 March 2008 - 04:49 PM

Your computer has been infected with SmitFraud.

Before we can continue, I need to ask for your system information. Please refer to this page.

Any other details would be appreciated.

#3 chelzers044

chelzers044
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 15 March 2008 - 04:58 PM

I have a Microsoft Windows XP Home Edition Version 2002 Service Pack 2.

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:24 PM

Posted 15 March 2008 - 05:12 PM

Thank you for the system information.
  • Please download SmitFraudFix and unzip the contents onto your desktop.
  • Restart and boot into Safe Mode.
  • Make sure you close any applications and run SmitFraudFix.
  • Press any key to pass the credits.
  • Type "2" (without qoutes) and hit Enter. The scanning process will begin.
  • The program will start automatically Disk Cleanup Manager after the scan.
  • Allow the program to reboot the computer.
When your computer is rebooted, a text file will open. Copy the contents of the file into your next response.

#5 chelzers044

chelzers044
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 15 March 2008 - 10:07 PM

SmitFraudFix v2.305

Scan done at 22:48:39.60, Sat 03/15/2008
Run from C:\Documents and Settings\Chelsea\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts

127.0.0.1 localhost

VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1279D6A-DF4E-4C71-9931-31B42B0BF6E3}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E1279D6A-DF4E-4C71-9931-31B42B0BF6E3}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E1279D6A-DF4E-4C71-9931-31B42B0BF6E3}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users