Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Detected On Your Computer


  • Please log in to reply
4 replies to this topic

#1 hollya02

hollya02

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 08 April 2008 - 02:18 PM

I have been getting numerous pop-ups and spyware problems, so I downloaded Ad-Aware and Spybot to fix it. It has been getting worse. Recently, my desktop background changed and now says: Warning. Spyware detected on your computer. Install an antivirus or spyware remover to clean your computer. I tried following some previous posts to install a scanner, but when I try to open anything on my computer if asks what I want to open it with. Also, my desktop properties are inaccessable. Spybot has detected Smitfraud on my computer. Any help fixing these problems would be appreciated!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:09 PM

Posted 08 April 2008 - 03:20 PM

Hi and welcome,please run this tool and post back the report and tell us how the PC is now.
Also tell us is this an XP computer?
SmitFraudFix by S!Ri
The report can be found at the root of the system drive, usually at C:\rapport.txt
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 hollya02

hollya02
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 08 April 2008 - 04:45 PM

Yes I am using XP. I downloaded the tool to my desktop, but when I try to run it, I am asked what I want to open it with, so I have not been able to run it yet. Nothing under recommended programs has worked. Could you tell me which program I should choose to run the tool under.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:09 PM

Posted 08 April 2008 - 11:06 PM

Not all smitfraud detections by Spybot are actually smitfraud so its important to tell us exactly what was found and where. When inquiring about Spybot scans, you should always post a complete log of the actual detections received.

Some malware infections target .exe files and without repairing that file association ALL .exe files will lose functionality.

If you are unable to run any .exe applications, the first thing to try is to check your file association for .exe files. Open the "File Types" dialog box in Windows Explorer or My Computer. Go to Tools > Folder Options > File Types tab. Scroll down to where .EXE would be in the alphabetical order and make certain .EXE is not there. If it is, then edit it there by changing the association to Application. Select the New button, type in EXE for the extension and select the Advanced button. From the list pick "Application."

If that does not help, then see:
"Unable to Start a Program with an .exe File Extension"
"Fix or Restore Broken .EXE .LNK .COM Association Caused by Virus"
Note: Some of these steps involve making changes in the registry. Always back up your registry before making any changes. If you are not familiar with working in the registry, then you should NOT attempt to make any changes on your own. Improper changes to the registry could adversely affect your computer and render it inoperable.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 hollya02

hollya02
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 09 April 2008 - 09:27 AM

I got the SmitFraudFix to run. This is the report found in rapport.txt:
I haven't done the next step, to reboot in safe mode and clean the infected files. Is that what I need to do next?

SmitFraudFix v2.309

Scan done at 9:20:26.93, Wed 04/09/2008
Run from C:\Documents and Settings\Holly Marie\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\WINDOWS\system32\cmd.exe

hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Holly Marie


C:\Documents and Settings\Holly Marie\Application Data


Start Menu


C:\DOCUME~1\HOLLYM~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


Rustock



DNS

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C9087DA0-4E38-4B28-BCA3-3E1CA08AE162}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C9087DA0-4E38-4B28-BCA3-3E1CA08AE162}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


Scanning for wininet.dll infection


End




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users