Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Obfuskated, Psyme, Smithfraud...god Knows What Else..

  • Please log in to reply
3 replies to this topic

#1 NWO


  • Members
  • 2 posts
  • Local time:10:25 PM

Posted 23 May 2008 - 08:26 AM

Ok well I've read the rules and I guess I should start from the beginning..

About three months ago I was receiving popups from Norton that said my subscription had ran out. Knowing zilch about computers I ignored the messages, until I started getting a security message that said I should update (I can't remember exactly what it said). These messages would pop up everytime I clicked ok. So I decided to just leave it everytime it came up. Unfortunately sometimes even when I left the message alone multiple messages came up until I'd have to eventually shut down the computer. At this point I just thought they would go away.

However a week later I logged onto the computer and once I'd clicked on my user account a message came up..something to the extent of 'gllps could not be found, reinstalling the program may fix the problem,' I clicked ok and another message came up saying the same thing for the 'search and protect' program. I again clicked ok and opened up mozilla firefox. As soon as I did, multiple windows started appearing, none of which loaded my homepage. Naturally I closed down all the windows, but when I did this, literally 50 tabs opened up all of their own accord. This had happened to me before on an old laptop I used to have so I again I shut the computer down and restarted. This happened again, until eventually I decided to reinstall firefox.

At this point I also could not open msn messenger at all and so uninstalled it. When I tried to reinstall that too, I'd get this message..(I still do)..

Posted Image

The next day I log onto the computer and my desktop display has gone and has been replaced with a blue background that said my computer was being attacked. On the desktop there was a link that led me to 'PC Cleaner' that I actually ended up downloading. However it did a scan and then said I had to pay for it. So I decided to uninstall it. I then downloaded Hijackthis, but had no idea what to do with the results. SO additionally I downloaded AVG and search and destroy. AVG detected a load of viruses and trojans including 'psyme' and 'obfuskated.downloader'..I'd press the heal button but the program continually detected the trojans. I decided instead to run the search and destroy bot which did not detect obfuskated but did detect a whole bunch of others including 'smithfraud' and 'zlob.' However everytime I go to fix the problem the programme freezes on me. EVERY DAMN TIME. I've done this about 5 times today and for the past two weeks.

Anyway after a while I managed to restore the desktop and I wasn't getting any hassle from AVG, but today the blue background came back and now I keep getting these message...

Posted Image

Posted Image

......every five seconds.

And internet explorer keeps opening up. Which is funny because just the other week everytime I opened it my homepage would load up half way and then it would close down on its own.

Frankly I have no idea what is going. I just downloaded Removeit Pro..but that seems to have been scanning for ages. And has discovered yet again a different trojan by the name of 'fakeale'..I would appreciate it if someone could help me. And no I haven't got all these viruses from porn sites. :thumbsup:


EDIT: Dammnit I knew I was missing something. I have windows XP. Thanks Ruby I'll try that.

Edited by NWO, 23 May 2008 - 09:21 AM.

BC AdBot (Login to Remove)


#2 ruby1


    a forum member

  • Members
  • 2,375 posts
  • Local time:04:25 AM

Posted 23 May 2008 - 08:59 AM

:flowers: your windows version is????

you are infected due to now running with effectively NO antivirus program on there;

remember do NOT ignore legitimate antivirus notice updates :thumbsup:

you need I suggest to remove the Norton product you have with this tool


BUT DO disable the Norton program itself before running the tool ;

reboot; fully update the avg antivirus program you have on there

then I suggest you run a scan with
Superantispyware; guide on how to install and run

If you have not already got a Downloads folder , I suggest you create a new folder in My Documents, and name it Downloads ;

Installing superantispywareSuperantispyware is found here


Download to the Downloads folder the free exe to superantispyware from here


you install superantispyware by clicking on the icon in the downloads folder ;
it will launch the installation process;
follow the instructions and I suggest you ask for a default installation ;
ensure it creates a desktop icon for you ;
once the program has been installed it should ask you if you wish to update the program ; say YES

if it does not ask you , you need TO fully update the definitions by opening the program and find the ‘check for updates ‘tab in the bottom left of the menus you see; click on it and it will do the update for you ;
I suggest you ask it to check for updates again once the first update is complete just to be sure

please then reboot your computer ; it is preferable to run the scan in your computers safe mode;

please open this program from the desktop icon
please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

go to the preferences tab on the right
on the General tab I suggest you disable the scan on start up

on the Hijack protection tab I suggest you tick BOTH items; this enables the program to give you a Hijack home page alert if your home page gets changes ; if you DO get a home page hijack, when you boot up the computer superantispyware will open and tell you the home page has changed and will ask you if this is a legitimate change;

in statistics/logs- go to the bottom and you will see two boxes asking about keeping a log of scanning results and saving empty logs?

Tick both of them

Then go back to the main screen and see the tab that says scan your computer? Do you see that ?

Click on it

A screen will open ;on the left hand side ensure your FIXED drive ( most probably the C drive) is ticked;
Also tick in there any other section that is used and attached .
On the right had side you see three scanning options?; please click the Complete scan option

OK; you are now set to scan

Please then click on the ‘next’ tab and let the scan run please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

From my experience running this program the complete full scan CAN take many hours to run depending on how much is on your computer so be patient and let it run; maybe go for a cuppa or watch a favourite program while this one runs

Once the scan IS complete you will be presented with a box telling you what the scan has found ( if anything); if harmful objects have been found click on the OK button ; on the next screen all the harmful objects should have a check mark beside them, ; click ‘next’

A notification should appear that

‘quarantine and removal is complete’

click ‘ok’
and then the Finish button to get returned to the main menu

If you have run the scan in computers safe mode you will need to reboot to computer normal mode

If you have run in computer’s normal mode I suggest you reboot to enable the ‘fix’ the program has performed to consolidate

You then need to retrieve the scan result

Open the program and return to the statistics /logs section ; locate the most recent log ; left mouse click on it to highlight it and click the ‘view log’ tab

The log should appear in maybe note pad ; you need to copy and paste that log for examination
Once you have posted the log please close the superantispyware program
I think you will need other tools too once the problems are more fully identified

#3 NWO

  • Topic Starter

  • Members
  • 2 posts
  • Local time:10:25 PM

Posted 23 May 2008 - 03:02 PM

Thanks ruby. Did you want me to post the log here?

#4 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,530 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:10:25 PM

Posted 23 May 2008 - 03:05 PM

Yes post here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users