Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worm.win32.netbooster -- Smitfraud


  • Please log in to reply
9 replies to this topic

#1 debit1351

debit1351

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 15 April 2008 - 07:01 PM

We got a worm, or whatever this stupid thing is, I looked it up on google and said this was one of the best sites to help us get rid of it. This "Smitfraud" says that a worm (wor.win32netbooster) has infected my computer. I keep getting pop-ups telling me to go to their site to get rid of it.

I was told to come here to bleepingcomputer.com and download "http://siri.urz.free.fr/Fix/SmitfraudFix_En.php"but I can't find it. Can someone please help me.
Thank

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:05 AM

Posted 15 April 2008 - 08:46 PM

Hi and welcome.
Please follow the instructions here ( you may want to print them first). Please post the report after the fix.
The report can be found at the root of the system drive, usually at C:\rapport.txt
SmitFraudFix by S!Ri

Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opers browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please ask any needed questions,post 2 logs and Let us know how the PC is running now. ********
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,143 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:05 AM

Posted 16 April 2008 - 09:12 AM

If you're using Windows 2000/XP, you should also do this:

Please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix".
-- When using this tool, you must use the Administrator's account or an account with "Administrative rights"
-- Disconnect from the Internet and temporarily disable your anti-virus and any anti-malware real time protection before performing a scan.

When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply. Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 debit1351

debit1351
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 16 April 2008 - 07:15 PM

I am using a different computer right now.

Okay, I have entered the safe Mode, but do not see the ATF-Cleaner.exe on the desk top nor in the programs list.

please help, I will keep this computer on line while I work to fix the other.

Debi

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:05 AM

Posted 16 April 2008 - 08:34 PM

Can you do the SDFix?
Sometimes it helps to put the Icons you will need into the upper left corner of screen while in normal mod. Then because of the large safe mode screen you will see them.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 debit1351

debit1351
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 16 April 2008 - 08:53 PM

I have completed the steps in the first e-mail here is the log from SuperAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/15/2008 at 08:11 PM

Application Version : 4.0.1154

Core Rules Database Version : 3438
Trace Rules Database Version: 1430

Scan type : Quick Scan
Total Scan Time : 00:03:09

Memory items scanned : 537
Memory threats detected : 10
Registry items scanned : 293
Registry threats detected : 128
File items scanned : 1694
File threats detected : 62

Trojan.Vundo-Variant/F
C:\WINDOWS\SYSTEM32\XXYWURRJ.DLL
C:\WINDOWS\SYSTEM32\XXYWURRJ.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE}
HKCR\CLSID\{C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE}
HKCR\CLSID\{C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE}\InprocServer32
HKCR\CLSID\{C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\xxywurRj

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\TUVWNHHX.DLL
C:\WINDOWS\SYSTEM32\TUVWNHHX.DLL

Trojan.Net-QGX/NMC
C:\WINDOWS\DSKTBWFE.DLL
C:\WINDOWS\DSKTBWFE.DLL
C:\WINDOWS\OGXTSEPR.DLL
C:\WINDOWS\OGXTSEPR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#dsktbwfe [ {82291D54-1580-48BD-AF11-55FCF5787AC9} ]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#ogxtsepr [ {4888E0FD-9384-4E95-8F5F-4EFEF39A38FF} ]

Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\JIFXTSDE.DLL
C:\WINDOWS\SYSTEM32\JIFXTSDE.DLL

Trojan.Unclassified/Multi-Dropper (Packed)
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\PUXWPUZA\BELITEBO.EXE
[hWvR900Ofb] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\PUXWPUZA\BELITEBO.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\PUXWPUZA\BELITEBO.EXE

Rogue.PC-Antispyware
C:\PROGRAM FILES\PC-ANTISPYWARE\PC-ANTISPYWARE.EXE
C:\PROGRAM FILES\PC-ANTISPYWARE\PC-ANTISPYWARE.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}
HKCR\CLSID\{10F0C2A9-8E38-43E3-204D-45524C494E20}
HKCR\CLSID\{10F0C2A9-8E38-43E3-204D-45524C494E20}
HKCR\CLSID\{10F0C2A9-8E38-43E3-204D-45524C494E20}\InProcServer32
HKCR\CLSID\{10F0C2A9-8E38-43E3-204D-45524C494E20}\InProcServer32#ThreadingModel
C:\PROGRAM FILES\PC-ANTISPYWARE\IEEXTENSION.DLL
HKU\S-1-5-21-823518204-1532298954-682003330-1003\Software\PC-Antispyware
HKLM\Software\PC-Antispyware
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCA-FIREWALL
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCA-FIREWALL#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCA-FIREWALL\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCA-FIREWALL\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCA-FIREWALL\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCA-FIREWALL\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCA-FIREWALL\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCA-FIREWALL\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCA-FIREWALL\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCA-FIREWALL\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCA-FIREWALL\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCA-FIREWALL\0000\Control#ActiveService
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC-Antispyware
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC-Antispyware#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC-Antispyware#UninstallString
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall#Type
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall#Start
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall#Tag
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall#Group
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain001
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain001#Active
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain001#Rule001
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain002
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain002#Active
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain002#Rule001
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain003
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain003#Active
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain003#Rule001
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain004
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain004#Active
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain004#Rule001
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain005
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain005#Active
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain005#Rule001
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain006
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain006#Active
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain006#Rule001
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain007
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain007#Active
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain007#Rule001
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain008
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain008#Active
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain008#Rule001
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain009
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain009#Active
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain009#Rule001
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain010
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain010#Active
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain010#Rule001
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain011
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain011#Active
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain011#Rule001
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain012
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain012#Active
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain012#Rule001
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain013
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain013#Active
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain013#Rule001
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain014
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain014#Active
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Parameters\Chain014#Rule001
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Security
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Enum
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\pca-firewall\Enum#NextInstance
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#PC-Antispyware [ "C:\Program Files\PC-Antispyware\PC-Antispyware.exe" hide ]
C:\Program Files\PC-Antispyware\PC-Antispyware.db
C:\Program Files\PC-Antispyware\pcantispyware.pkg
C:\Program Files\PC-Antispyware\PopupBlocker.dll
C:\Program Files\PC-Antispyware\program.info
C:\Program Files\PC-Antispyware\Uninstall.exe
C:\Program Files\PC-Antispyware
C:\Documents and Settings\Scott\Application Data\PC-Antispyware\config.xml
C:\Documents and Settings\Scott\Application Data\PC-Antispyware\logs\1208031606.log
C:\Documents and Settings\Scott\Application Data\PC-Antispyware\logs\1208031913.log
C:\Documents and Settings\Scott\Application Data\PC-Antispyware\logs\1208032169.log
C:\Documents and Settings\Scott\Application Data\PC-Antispyware\logs
C:\Documents and Settings\Scott\Application Data\PC-Antispyware\Sites.bl
C:\Documents and Settings\Scott\Application Data\PC-Antispyware\startup
C:\Documents and Settings\Scott\Application Data\PC-Antispyware
C:\Documents and Settings\All Users\Start Menu\Programs\PC-Antispyware\PC-Antispyware Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\PC-Antispyware\PC-Antispyware.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\PC-Antispyware
C:\WINDOWS\system32\drivers\pca-firewall.sys

Trojan.Unclassified/Multi-Dropper
C:\WINDOWS\SYSTEM32\ZMFUXAZO.EXE
C:\WINDOWS\SYSTEM32\ZMFUXAZO.EXE
[sumkjimi] C:\WINDOWS\SYSTEM32\ZMFUXAZO.EXE

Trojan.Unclassified/GTS
C:\WINDOWS\SGOBLXTM.DLL
C:\WINDOWS\SGOBLXTM.DLL
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{1F8A048D-9A0B-4565-A3D0-2A2E6B44592A}
HKCR\CLSID\{1F8A048D-9A0B-4565-A3D0-2A2E6B44592A}
HKCR\CLSID\{1F8A048D-9A0B-4565-A3D0-2A2E6B44592A}
HKCR\CLSID\{1F8A048D-9A0B-4565-A3D0-2A2E6B44592A}\InprocServer32
HKCR\CLSID\{1F8A048D-9A0B-4565-A3D0-2A2E6B44592A}\InprocServer32#ThreadingModel
HKCR\CLSID\{1F8A048D-9A0B-4565-A3D0-2A2E6B44592A}\ProgID
HKCR\CLSID\{1F8A048D-9A0B-4565-A3D0-2A2E6B44592A}\Programmable
HKCR\CLSID\{1F8A048D-9A0B-4565-A3D0-2A2E6B44592A}\TypeLib
HKCR\CLSID\{1F8A048D-9A0B-4565-A3D0-2A2E6B44592A}\VersionIndependentProgID
HKCR\sgoblxtm.1
HKCR\sgoblxtm
HKCR\TypeLib\{7ABB2F2F-8108-4813-BDEC-4C82B0D16992}
HKCR\TypeLib\{7ABB2F2F-8108-4813-BDEC-4C82B0D16992}\1.0
HKCR\TypeLib\{7ABB2F2F-8108-4813-BDEC-4C82B0D16992}\1.0\0
HKCR\TypeLib\{7ABB2F2F-8108-4813-BDEC-4C82B0D16992}\1.0\0\win32
HKCR\TypeLib\{7ABB2F2F-8108-4813-BDEC-4C82B0D16992}\1.0\FLAGS
HKCR\TypeLib\{7ABB2F2F-8108-4813-BDEC-4C82B0D16992}\1.0\HELPDIR

Adware.SXGAdvisor-A
C:\WINDOWS\NSLBVXPGBFT.DLL
C:\WINDOWS\NSLBVXPGBFT.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A17BFB4-E5BE-4EE1-8ADF-01424F567754}
HKCR\CLSID\{9A17BFB4-E5BE-4EE1-8ADF-01424F567754}
HKCR\CLSID\{9A17BFB4-E5BE-4EE1-8ADF-01424F567754}
HKCR\CLSID\{9A17BFB4-E5BE-4EE1-8ADF-01424F567754}\InprocServer32
HKCR\CLSID\{9A17BFB4-E5BE-4EE1-8ADF-01424F567754}\InprocServer32#ThreadingModel
HKCR\CLSID\{9A17BFB4-E5BE-4EE1-8ADF-01424F567754}\ProgID
HKCR\CLSID\{9A17BFB4-E5BE-4EE1-8ADF-01424F567754}\Programmable
HKCR\CLSID\{9A17BFB4-E5BE-4EE1-8ADF-01424F567754}\TypeLib
HKCR\CLSID\{9A17BFB4-E5BE-4EE1-8ADF-01424F567754}\VersionIndependentProgID

Adware.Vundo-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{138A72A3-CAC0-456C-9702-339808F75265}
HKCR\CLSID\{138A72A3-CAC0-456C-9702-339808F75265}
HKCR\CLSID\{138A72A3-CAC0-456C-9702-339808F75265}\InprocServer32
HKCR\CLSID\{138A72A3-CAC0-456C-9702-339808F75265}\InprocServer32#ThreadingModel

Adware.Tracking Cookie
C:\Documents and Settings\Scott\Cookies\scott@doubleclick[1].txt
C:\Documents and Settings\Scott\Cookies\scott@ad.yieldmanager[1].txt
C:\Documents and Settings\Scott\Cookies\scott@adopt.specificclick[1].txt
C:\Documents and Settings\Scott\Cookies\scott@angleinteractive.directtrack[2].txt
C:\Documents and Settings\Scott\Cookies\scott@www.system-defender[1].txt
C:\Documents and Settings\Scott\Cookies\scott@tradedoubler[2].txt
C:\Documents and Settings\Scott\Cookies\scott@aff.primaryads[1].txt
C:\Documents and Settings\Scott\Cookies\scott@interclick[2].txt
C:\Documents and Settings\Scott\Cookies\scott@media.adrevolver[1].txt
C:\Documents and Settings\Scott\Cookies\scott@cpvfeed[1].txt
C:\Documents and Settings\Scott\Cookies\scott@hitbox[2].txt
C:\Documents and Settings\Scott\Cookies\scott@ehg-pcsecurityshield.hitbox[1].txt
C:\Documents and Settings\Scott\Cookies\scott@media6degrees[1].txt
C:\Documents and Settings\Scott\Cookies\scott@trafficmp[1].txt
C:\Documents and Settings\Scott\Cookies\scott@advertising[1].txt
C:\Documents and Settings\Scott\Cookies\scott@mediaplex[1].txt
C:\Documents and Settings\Scott\Cookies\scott@ehg-kasperskylab.hitbox[1].txt
C:\Documents and Settings\Scott\Cookies\scott@directtrack[1].txt
C:\Documents and Settings\Scott\Cookies\scott@specificclick[2].txt
C:\Documents and Settings\Scott\Cookies\scott@clickbank[1].txt

Unclassified.Unknown Origin
HKCR\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}

Adware.Casino Games (Golden Palace Casino)
HKU\S-1-5-21-823518204-1532298954-682003330-1003\Software\Golden Palace Casino PT

Trojan.Net-MSV/VPS
HKCR\MSVPS.MSVPSApp
HKCR\MSVPS.MSVPSApp\CLSID
HKCR\MSVPS.MSVPSApp\CurVer

Desktop Hijacker.AboutYourPrivacy
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\images
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\privacy_danger
C:\Documents and Settings\Scott\Desktop\Error Cleaner.url
C:\Documents and Settings\Scott\Desktop\Privacy Protector.url
C:\Documents and Settings\Scott\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Scott\Favorites\Error Cleaner.url
C:\Documents and Settings\Scott\Favorites\Privacy Protector.url
C:\Documents and Settings\Scott\Favorites\Spyware&Malware Protection.url

Trojan.Net-MU/Gen
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString

But I do not see the other report that was mentioned at the begining of the 1st reply. Also when I try CNTL-ALT-DEL I still get that it has been disabled by the administrator.

Debi

#7 debit1351

debit1351
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 16 April 2008 - 08:55 PM

Do I still have issues going on with this computer? I have the disk to reformat the drive, but would rather not do that unless I have no other choice.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,143 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:05 AM

Posted 17 April 2008 - 06:48 AM

Please follow my instructions in Post #3 for using SDFix and copy/paste Report.txt in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 soccerguy

soccerguy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 25 April 2008 - 08:05 AM

:thumbsup: Whoever boopme is, I owe you a beer. It took a few hours, but once I got the Super spyware running in Safe mode, it found 77 file and registry errors. I don't know what any of that stuff is, but all I know is my computer works fine now. If you want me to post the log, etc. let me know and I'll throw it up here.

One question...in my earlier troubleshooting I bought a one-year subscription to PCTools Spyware Doctor. I ran a full scan with it, but it did not fix the problem. Now that I have the free programs that you recommended on my machine, as well as Spyware Doctor (and McAfee), how do I keep the anti virus/anti spyware programs from fighting each other? I've heard that having more than one anti virus program running is not a good thing.

Thanks.

Edited by soccerguy, 25 April 2008 - 12:02 PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,143 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:05 AM

Posted 25 April 2008 - 08:44 AM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

I've heard that having more than one anti virus program running is not a good thing.

Correct. The primary concern with using more than one anti-virus program is due to conflicts that can arise when both are running in real-time mode simultaneously. Anti-virus software components insert themselves into the operating systems core and using more than one can cause instability, crash your computer, slow performance and waste system resources. When actively running in the background while connected to the Internet, they both may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

Each anti-virus will often interpret the activity of the other as a virus and there is a greater chance of them alerting you to a "False Positive". If one finds a virus and then the other also finds the same virus, both programs will be competing over exclusive rights on dealing with that virus. Each anti-virus will attempt to remove the offending file and quarantine it. If one finds and quarantines the file before the other one does, then you encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a virus has been found when that is not the case.

Anti-virus scanners use virus definitions to check for viruses and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, most anti-virus programs encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. However, some anti-virus vendors do not encrypt their definitions and will trigger false alarms if used while another resident anti-virus program is active.

In contrast, using more than one anti-spyware program with or without real-time protection increases your protection coverage without causing the same kind of conflicts or affecting the stability of your system that can occur when using more than one anti-virus. Even if your anti-spyware programs are not running in real-time, the overlap of protection from using different signature databases will aid in detection and removal of more threats when scanning your system for malware.

No single product is 100% foolproof and can detect and remove all threats at any given time. The security community is in a constant state of change as new infections appear. Each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense and safe surfing habits provides the most complete protection.

However, you can overkill your system with resource heavy security programs that will drain your resources and slow down performance. Sometimes you just have to experiment to get the right combo for your particular system as there is no universal solution that works for everyone.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users