Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Doctor/antispy Spider/smitfraud


  • Please log in to reply
1 reply to this topic

#1 Vanedil

Vanedil

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 20 May 2008 - 05:23 PM

First of all, some background information: I am not a computer savvy person, but at the workplace, it is pretty much "on the land of the blind, the one-eye is king" situation, with myself being the most knowledgeable on computer related matters where everyone else isn't.


Background information of the infected computer: Windows XP Service Pack 3


So here is the deal, a co-worker thought her computer was infected with a virus, after she checked her e-mail, and the desktop got switched with a red wallpaper claiming that the computer needed security, because there were possible security violations, and regular pop-ups saying that the computer was open for attacks, to click to download security (task manager had become blocked).


After things got worse, she asked me for help. I ran Spybot Search and Destroy, which detected 6 SmitFraud entries (but it was incapable to nullifying them).


So, I researched about SmitFraud which took me to the following link:
http://www.bleepingcomputer.com/forums/t/17258/how-to-remove-the-smitfraud-generic-zlob-quicknavigate-virtual-maid/


After using SmitFraudFix.exe (following steps 1-12), the computer was somewhat better, because invasive unwanted pop-ups subsided, task manager was reinstated, but the problems were far from over.


A day later, the computer was unworkable. No programs would open as normal (not even in Safe- Mode), a window requesting with what program would I want to open x or y program surfaced. Can't access any windows within the control panel, can't install any new downloads such as hijackthis, AdwareAway, AVG Anti-Rootkit.

Kaspersky Internet Security (trial-version), continuously detects the following programs, but only for a while because afterwards it displays a not-found message (is it because the infections rewrite their registry?):

Trojan program Rootkit.Win32.Podnuha.cf
adware not-a-virus: Adware.Win32.BHO.awz
riskware not-a-virus: FraudTool.Win32. Antispy spider.b
RiskTool.Win32.Hide Windows (file, which after research, supposedly is involved with a backdoor KillWind that HP installs on its computers, even though the machine of my co-worker is a DELL).


Hopefully this information will be enough in order to get the help necessary to eliminate the problems. Thanks beforehand.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:24 PM

Posted 20 May 2008 - 10:03 PM

Hello and welcome to BC.
Since you hava rootkit the security of your {C should be considered as compromised.

A Rootkit is software that cloaks the presence of files and data to evade detection, while allowing an attacker to take control of the machine without the user's knowledge. Rootkits are typically used by malware including viruses, spyware, trojans, and backdoors, to conceal themselves from the user as well as from malware detection software such as anti-virus and anti-spyware applications. Rootkits are also used by some adware applications and DRM (Digital Rights Management) programs to thwart the removal of that unwanted software by users.
High risks are typically installed without user interaction through security exploits, and can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer.

SunBelt

The tools and advice for this malware are best handled by our HiJackThis team.
Please follow the instructions in this Guide.. Preparation Guide for use before posting about your potential Malware problem
ONce you've prepared the log post that into this forum, HijackThis Logs and Malware Removal, NOT HERE.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users