Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hrena & X-max.net From Google


  • Please log in to reply
34 replies to this topic

#1 ninjit

ninjit

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 11 May 2008 - 09:31 AM

well i really need help getting rid of it
i used SmitfraudFix to see whats wrong with it and the report came out like this
SmitFraudFix v2.320

Scan done at 12:27:53.55, 11/05/2008
Run from C:\Program Files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User1


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User1\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: 834668.dll
BHO: 834668 Class - {413B556F-9483-4319-9DCA-5378529986E2}
BHO CLSID TypeLib: {E63648F7-3933-440E-AAAA-A8584DD7B7EB}
Corrected TypeLib: {E63648F7-3933-440E-B4F6-A8584DD7B7EB}
Interface: {F7D09218-46D7-4D3D-9B7F-315204CD0836}


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Teefer2 Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0B9C3DC8-B082-4AC4-B69F-3151E4805EDD}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0B9C3DC8-B082-4AC4-B69F-3151E4805EDD}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0B9C3DC8-B082-4AC4-B69F-3151E4805EDD}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

can someone help me and explain what to do and what are the risks of having them here i know they are bad though

{Mod Edit:Moved from XP forum~~boopme}

Edited by boopme, 11 May 2008 - 11:20 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:22 PM

Posted 11 May 2008 - 11:41 AM

Hello ninjit, What problem were you having that required SmitfraudFix?
Have you run the Cleaning portion from Safe mode?
Also what antivirus and spyware tools are installed?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ninjit

ninjit
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 11 May 2008 - 11:48 AM

Hello ninjit, What problem were you having that required SmitfraudFix?
Have you run the Cleaning portion from Safe mode?
Also what antivirus and spyware tools are installed?

well before i had the malware i had this thing called virusheat i think which installed itself on my computer
inwhich i used smitfraudfix to get rid of it
and i have no idea what u mean with cleaning portion from safe mode ( im not verygood with computers)
and the antivirus i have right now is symantec endpoint protection
anyway thanks for responding to my thread

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:22 PM

Posted 11 May 2008 - 11:55 AM

That's OK. Did you use the BC self help Tutorial (click link)...
How to remove VirusHeat (Removal Instructions)
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 ninjit

ninjit
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 11 May 2008 - 12:25 PM

should i do the steps on how to remove virusheat aswell although the symbol of it isnt on the toolbar but can it still be there hidden in my computer??
also when i click the program FixVH it doesnt say anything about merging the information and the program isnt doing anything
oh yh just to let u know i cant actually find all of the malwares considering i cant scan my computer because my computer has extremely low memory so it wont allow me to scan my computer

also you mind explaining to me what the malware can do so that i can avoid things like logging on myspace etc.


do u see anything abnormal or something suspicious
oh yh sory to bother u but i have another question because i have 2 computers using the internet would it infect the other computer aswell?

Edited by ninjit, 11 May 2008 - 01:57 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:22 PM

Posted 11 May 2008 - 02:48 PM

Hello,OK let's figure a few things out so we're on the same page.
Is this the SmitFraudFix tool you used ?

i cant scan my computer because

Please go to Start > My Computer.... mouse over your Hard drive. Post back the Total and Free space.

Then from the same My computer page. On the left Blue pane under System tasks,click View System Info. In the resulting popup window click the General Tab. On that .at the bottom it will tell you how much memory (RAM) is installed.
Post that info back.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 ninjit

ninjit
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 11 May 2008 - 03:32 PM

Hello,OK let's figure a few things out so we're on the same page.
Is this the SmitFraudFix tool you used ?

i cant scan my computer because

Please go to Start > My Computer.... mouse over your Hard drive. Post back the Total and Free space.

Then from the same My computer page. On the left Blue pane under System tasks,click View System Info. In the resulting popup window click the General Tab. On that .at the bottom it will tell you how much memory (RAM) is installed.
Post that info back.

my total is 3.00 gb and the amount is free space is 20.5mb
and yes that is the smitfraudfix tool i used
and 768 of ram

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:22 PM

Posted 11 May 2008 - 04:19 PM

You will need to free up some space. the PC will always be very slow at that capacity. 20% Free space would be nice.
Go thru Control Panel and Uninstall any programs or games you no longer use.

Then go into Start>All Programs >System Tools >Disk Cleanup. Run Disk Cleanup.

Can you run this online scan,requires NO installing.
ESET Online Scanner
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 ninjit

ninjit
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 11 May 2008 - 04:52 PM

i cant use the scanner because it requires me to install activeX control but wen i do that the updates failed
but ive done a few scans using some other programs and it talks about the virusheat and the trojanlop thing and the x-max
and them other sites yet because the scanner is a free trial i cant delete them
also i cant free up some space considering i dont have hardly anything on it except these other stuff that were on the computer before and have no clue what would happen if i delete them

Edited by ninjit, 11 May 2008 - 04:53 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:22 PM

Posted 11 May 2008 - 05:08 PM

Well it all can't be installed originally the PC is too full.
Name things and we'll tell you if if it can go.
Run the disk cleanup.
Also do this, Set a New Restore Point. This will also free up space,tho I prefer you did this after the Pc is clean but we need space. or we can't clean it.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 ninjit

ninjit
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 12 May 2008 - 12:56 PM

ok i tried but i still have no difference in space
i think i fixed it now i was able to free up enough space and i used AVG and it got rid of all the malware

Edited by ninjit, 13 May 2008 - 12:53 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:22 PM

Posted 13 May 2008 - 04:16 PM

Good,then run the New restore point again so you will have a clean restore POint.
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 ninjit

ninjit
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 13 May 2008 - 05:13 PM

ok ive done that and now im not having problems with getting redirected with google anymore
finally i feel safe using my computer again
thank you

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:22 PM

Posted 13 May 2008 - 05:20 PM

You're welcome !!
Please take a few moments to read...
How did I get infected?, With steps so it does not happen again!

Simple and easy ways to keep your computer safe and secure on the Internet

Best Practices - Internet Safety For 2008

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 ninjit

ninjit
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 21 May 2008 - 10:19 AM

um after a while now ive noticed that my computer is starting to be really slow and just now it restarted it self for no reason and now has 9mb left for some reason on my Drive C im just wondering can it still the spyware and trojans still be hiding in my computer somewhere and downloading more spyware on my comp




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users