Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Smitfraudfix.exe But I Don't Think The Virus Is Gone!


  • Please log in to reply
7 replies to this topic

#1 joesmama4

joesmama4

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 05 May 2008 - 06:58 PM

Hi everyone! I followed the instructions on this site RE: removal of the Awola virus. I downloaded the SmitFraudFix. I never got the "red screen" with a reboot prompt that the instructions said I should get, so I just restarted my PC. When it finished loading, my desktop that used to be a photo, was blue. So, I did a system restore to a few days before.

I thought I was clean, but I noticed today that all of my Internet Security settings are changing by themselves. I actually changed my firewall back to enable and WATCHED it switch itself back to disabled. I ran a check on my AV software (McAfee Security Suite) and all was OK.

I then ran a full system scan through McAfee and it said that my PC was clean. Since this is the software that allowed the virus in in the first place, I downloaded and ran Kaspersky. It says that I have one virus and 4 infected files.

What should I do next?? Is the virus still there? I don't want to use my PC for ANYTHING until this is gone. Thank God for my husbands' laptop!!

Thanks for your help!!

BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 05 May 2008 - 07:23 PM

is this yours too?

http://www.bleepingcomputer.com/forums/t/145381/issues-with-mcafee-system-guard/

then ran a full system scan through McAfee and it said that my PC was clean. Since this is the software that allowed the virus in in the first place, I downloaded and ran Kaspersky. It says that I have one virus and 4 infected files.

can you clarify is you have BOTH these antivirus programs installed ?

do you have a report from either or both?

and your windows version is .......???

#3 joesmama4

joesmama4
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 07 May 2008 - 08:11 PM

Thanks for responding. Yes, that is my post as well. I meant to delete it, because I thought it fit more appropriately in this forum, but don't know how!

Originally, I only had McAfee Security Suite. After browsing the other threads, I did the free scan from Kaspersky and got the report, but did NOT download the paid version. I uninstalled the program after the scan. My understanding is that if you have more than one AV, it can actually be worse for your computer.

I have a Kaspersky report and I can access the logs from McAfee if need be.

I'm running Windows XP.

Thanks again!

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:57 PM

Posted 07 May 2008 - 08:26 PM

would you post the kasp report?
Chewy

No. Try not. Do... or do not. There is no try.

#5 joesmama4

joesmama4
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 10 May 2008 - 12:06 PM

Hi again....

I reran Kasp. the other day. I read on a few other posts that I should turn off my other AV and empty my temporary files. I did those things and now no virus or infections are showing up. But, I've posted the log for you to look over just in case. Again, thanks for the help!!


Thursday, May 08, 2008 7:09:10 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/05/2008
Kaspersky Anti-Virus database records: 746691


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 109306
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 01:25:42

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\EasyNet\MHNData Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{2C8E2DDD-4884-4A96-AE04-06F6E7DAE46B}.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{DEC6E9C8-8475-41F0-9CE4-D1A6E52C7F0C}.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped

C:\Documents and Settings\Katie\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped

C:\Documents and Settings\Katie\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped

C:\Documents and Settings\Katie\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped

C:\Documents and Settings\Katie\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped

C:\Documents and Settings\Katie\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped

C:\Documents and Settings\Katie\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Katie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Katie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Katie\Local Settings\Application Data\SupportSoft\DellSupportCenter\Katie\state\logs\sprtcmd.log Object is locked skipped

C:\Documents and Settings\Katie\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Katie\Local Settings\Temp\sqlite_o6u9XyzsoCHOnrY Object is locked skipped

C:\Documents and Settings\Katie\Local Settings\Temp\~DF5D7.tmp Object is locked skipped

C:\Documents and Settings\Katie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Katie\ntuser.dat Object is locked skipped

C:\Documents and Settings\Katie\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1473\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edbtmp.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\mcafee_MrPvewDlUliUfa1 Object is locked skipped

C:\WINDOWS\Temp\mcmsc_5z4hl3KXJQJfH97 Object is locked skipped

C:\WINDOWS\Temp\mcmsc_8rJIIrNg4OyTXC1 Object is locked skipped

C:\WINDOWS\Temp\mcmsc_GchwjDyd6da6GP7 Object is locked skipped

C:\WINDOWS\Temp\mcmsc_UpuMD4chJNEfRCS Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_24c.dat Object is locked skipped

C:\WINDOWS\Temp\sqlite_yEmiZDNGvNILg0l Object is locked skipped

C:\WINDOWS\Temp\sqlite_zCCP16JkYw6gsWL Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:07:57 PM

Posted 10 May 2008 - 12:17 PM

that's clean

http://www.bleepingcomputer.com/forums/ind...mp;#entry811062

I would suggest you do another scan with this program and use it as a regular scanner to detect malware, I put it on every computer I work on and it's safe as it doen't load anything that could conflict with any other protection.

If you did decide to use the pro version post back, there are complimentary resident protections

McAfee turns off windows firewall when it has it's own installed
Chewy

No. Try not. Do... or do not. There is no try.

#7 joesmama4

joesmama4
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 10 May 2008 - 12:38 PM

Thank you so much!! I don't know what I would have done if I hadn't found this site! Have a great weekend.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:57 PM

Posted 10 May 2008 - 10:18 PM

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users