Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud Virus Help


  • Please log in to reply
24 replies to this topic

#1 tsmitty

tsmitty

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 14 July 2008 - 02:46 PM

Ok, I got a virus that falls under the smitfraud variety. And I went to http://siri.urz.free.fr/Fix/SmitfraudFix.zip and downloaded onto the computer but when I try to run the file nothing happens. Is there any other way to get rid of this thing or would be easier just to pay for anti virus software the virus keeps directing me to.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:58 AM

Posted 14 July 2008 - 04:08 PM

Hello can you try this one. Is this an XP PC?

S!Ri's SmitfraudFix
Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

NEXT:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 tsmitty

tsmitty
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 14 July 2008 - 05:20 PM

It is an xp media comp. I'll try that one tonight from home.

thanks

#4 tsmitty

tsmitty
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 14 July 2008 - 07:55 PM

boop, I got the smitfraudfix to work using the link you provided, it ran fine. Then I tried running superantispyware and I've tried twice to run it and each time it gives me a blue screen error message that windows has to shut down.

#5 tsmitty

tsmitty
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 14 July 2008 - 08:45 PM

Also, when I re-ran smitfraudfix it encountered a error scanning VacFix..not sure if that's important or not

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:58 AM

Posted 14 July 2008 - 10:05 PM

Can you post the Smitfraud report .. Should be a t C:\rapport.txt

How about the MBAM scan? Did that work?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 tsmitty

tsmitty
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 15 July 2008 - 08:52 AM

Can you post the Smitfraud report .. Should be a t C:\rapport.txt

How about the MBAM scan? Did that work?


I couldn't get the MBAM to download and run last night. I'll look for the report today.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:58 AM

Posted 15 July 2008 - 09:00 AM

If you cannnot download MBAM from your pc, try downloading from another computer, saving to a flash (usb, pen, thumb, jump) drive or CD and then transferring them to the infected machine.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 tsmitty

tsmitty
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 15 July 2008 - 09:07 AM

If you cannnot download MBAM from your pc, try downloading from another computer, saving to a flash (usb, pen, thumb, jump) drive or CD and then transferring them to the infected machine.



That's what I tried last night but it still wouldn't work. Smitfraudfix took a couple tries to get it downloaded correctly.


Here's some information in case it's helpful. I ran Smitfraudfix in safe mode and my start menu went back to showing everything it was supposed to. But once I rebooted in normal mode it went right back to being jacked up.

I have gotten all the important files off of my computer and I'm wondering if it wouldn't be better to just format the hard drive and start over. The only problem is that I don't believe Dell gave me a Windows disk to reinstall.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:58 AM

Posted 15 July 2008 - 10:34 AM

There are no shortcuts or guarantees when it comes to malware removal. Sometimes it takes several efforts with different or the same tools to do the job. Even then, with some types of malware infections, the task can be arduous.

If your using a Dell machine, you may not have an original XP CD Disk.

By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific recovery disk or recovery partition for performing a clean factory restore.

A Recovery Disk is a CD-ROM or DVD data disc that contains a complete copy/image of the entire contents of the hard drive that will restore the system to its factory default state at a certain time. Essentially, it will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. You will lose all data and have to reinstall all programs that you added afterwards. This includes all security updates from Microsoft so you will need to download/install them again.

Some factory restore CDs give you all the options of a full Microsoft Windows CD, but with better instructions and the convenience of having all the right hardware drivers. Others can do nothing except reformat your hard drive and restore it to the condition it was in when you bought the computer. Before using a factory recovery disk make sure you back up all your data, photos, etc to another source such as a CD or external hard drive. If you do a Google Search, you will find links to topics on how to obtain a replacement recovery disk from various vendors.

A Recovery Partition is used by some OEM manufacturers (Dell, HP, IBM, Gateway) instead of a recovery disk to store a complete copy of the hard disk's factory default contents for easy restoration. This consists of a hidden bootable partition containing various system recovery tools, including full recovery of the preinstalled Windows XP partition that will allow you to restore the computer to the state it was in when you first purchased it. The recovery software will then re-hide its own partition after creating a new partition and installing the software to it. You will lose all data and have to reinstall all programs that you added afterwards. Before using a recovery partition make sure you back up all your data, photos, etc to another source such as a CD or external hard drive.

Recovery partitions may only work with a start-up floppy disk or the user may be prompted immediately after the "Out Of Box Experience" (OOBE) to create backup CD-R disks for the software on the hard drive image for future use. Once the CD's are made, the Operating System, Drivers, or Applications can be reinstalled using the files on the hard drive or the backup CDs.

Some built in recovery partitions can be accessed by hitting Ctrl+F11, just F11 or F10 during bios startup. Others like those used by IBM Thinkpads will display a message at bootup instructing you to press F11 to boot from the recovery partition. For more information, see Understanding Partition recovery.

Again, if you do a Google search on recovery partitions, you can find information specifically related to the manufacturer of your machine.

For a Dell computer, see:
PC Restore.
Inside the Dell PC Restore Partition: DSR.
Restoring Your Computer's Software to the Factory Settings.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 tsmitty

tsmitty
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 15 July 2008 - 11:08 AM

So, assuming i have all the files that I need off of the computer, would it be better to try to PC Restore/Reinstall?

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:58 AM

Posted 15 July 2008 - 12:15 PM

If you are using a Recovery Disk or Recovery Partition they should allow you to restore the computer to the state it was in when you first purchased it. This would be similar to a clean install if you had an XP CD vice doing a repair install. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired even if you were able to do a repair install with an XP CD. However, since you will be using the recovery tools from Dell that would not be a factor.

Right now, it is uncertain exactly what type of infection you are dealing with and its still possible your system can be cleaned without having to resort to the Recovery Tools. From your previous posting it is unclear why MBAM did not work. Would it not run and if so what happened when you tried to run it?

If you don't mind waiting I can refer you to the Hijackthis forum for additional investigation by the HJT Team but they are very busy and it may take a few days to get a reply. Or we could continue here and try doing an online scan or using some other tools.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 tsmitty

tsmitty
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 15 July 2008 - 01:37 PM

If you are using a Recovery Disk or Recovery Partition they should allow you to restore the computer to the state it was in when you first purchased it. This would be similar to a clean install if you had an XP CD vice doing a repair install. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired even if you were able to do a repair install with an XP CD. However, since you will be using the recovery tools from Dell that would not be a factor.

Right now, it is uncertain exactly what type of infection you are dealing with and its still possible your system can be cleaned without having to resort to the Recovery Tools. From your previous posting it is unclear why MBAM did not work. Would it not run and if so what happened when you tried to run it?

If you don't mind waiting I can refer you to the Hijackthis forum for additional investigation by the HJT Team but they are very busy and it may take a few days to get a reply. Or we could continue here and try doing an online scan or using some other tools.



I tried it out at lunch, and it looks like the Ctrl F11 will work, at least the options still show up.

MBAM- (I was running in safe mode when I did all this) I downloaded it to the infected comp via a memory stick but when I clicked on the file nothing happens, at least nothing that I see.

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:58 AM

Posted 15 July 2008 - 09:29 PM

Try running a Quick scan in normal mode. Scanning in safe or normal mode will work but removal functions are not as powerful in safe mode. MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact it loses some effectiveness for detection & removal when used in safe mode.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 tsmitty

tsmitty
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 15 July 2008 - 10:16 PM

Try running a Quick scan in normal mode. Scanning in safe or normal mode will work but removal functions are not as powerful in safe mode. MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact it loses some effectiveness for detection & removal when used in safe mode.



thanks man, i appreciate the help. I'll try that in the morning




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users