Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran SmitfraudFix


  • Please log in to reply
1 reply to this topic

#1 RodinKz

RodinKz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 14 April 2008 - 12:38 PM

Got the same problem as the lady here. Have followed the instructions sent (smitfraudfix.exe) and would like to paste my rapport from that search in the hopes that I can get some help.

Thanks much,

Rod

SmitFraudFix v2.313

Scan done at 12:16:31.37, Mon 04/14/2008
Run from C:\Documents and Settings\Rod\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\itkpcbap\ghyxkbqr.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Boingo\GoBoingo\GoBoingo.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Plus\Dancer\Dancer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\elahqpcb.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sony\Click to DVD 2\ctdatsvr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Rod


C:\Documents and Settings\Rod\Application Data


Start Menu


C:\DOCUME~1\Rod\FAVORI~1

C:\DOCUME~1\Rod\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\Rod\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\Rod\FAVORI~1\Spyware?Malware Protection.url FOUND !

Desktop


C:\Program Files

C:\Program Files\Helper\ FOUND !
C:\Program Files\Sotfone\ FOUND !

Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"=""
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: nslbvxpgrno.dll
BHO: DVA Storm - {C796500F-4B97-4F2B-B886-11FA6B72F13F}
TypeLib: {9CF95780-FF87-4919-8C31-F92877BA8E5E}
Interface: {158B088D-385D-4441-A115-100DF89D3D5A}
Interface: {E39717FC-F85A-49F4-9C87-2D56AFD1F19D}

[!] Suspicious: dsktbwfe.dll
SSODL: dsktbwfe - {9C8BAC13-F669-4E93-87D4-FC7D4DFE3C1D}

[!] Suspicious: ogxtsepr.dll
SSODL: ogxtsepr - {17CDCC46-A6D1-4E1A-BB5C-66D90D2BCBD9}


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


Rustock



DNS

Description: Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 208.180.42.100
DNS Server Search Order: 208.180.42.68

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B4601F68-7B62-46DD-B197-56CED4ED4D71}: DhcpNameServer=10.0.1.99
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1D82647-0092-4B7F-AFE4-826027644FD5}: DhcpNameServer=208.180.42.100 208.180.42.68
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B4601F68-7B62-46DD-B197-56CED4ED4D71}: DhcpNameServer=10.0.1.99
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E1D82647-0092-4B7F-AFE4-826027644FD5}: DhcpNameServer=208.180.42.100 208.180.42.68
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B4601F68-7B62-46DD-B197-56CED4ED4D71}: DhcpNameServer=10.0.1.99
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E1D82647-0092-4B7F-AFE4-826027644FD5}: DhcpNameServer=208.180.42.100 208.180.42.68
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=208.180.42.100 208.180.42.68
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=208.180.42.100 208.180.42.68
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=208.180.42.100 208.180.42.68


Scanning for wininet.dll infection


End

BC AdBot (Login to Remove)

 


#2 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:12:45 AM

Posted 14 April 2008 - 05:44 PM

Hello and welcome Rod

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users