Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Post Smitfraud problems: windows update, windows explorer, WMI and DCOM


  • Please log in to reply
3 replies to this topic

#1 rmccaleb

rmccaleb

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 15 December 2008 - 06:12 PM

In a nutshell, my computer was infected with Smitfraud, which is truly nasty. I had the popups, the red X in the system tray, and the random files all over the computer like kheijnle.dll. I finally found SuperAntispyware free edition, which was able to find and remove the virus (trojan?). Unfortunately, it had damaged enough system files that I had to repair my XP installation (twice) and reinstall SP3 (twice). Many applications had to be reinstalled or repaired, and in one case, I had tech support at Blackberry walk me through fixing their management software. During the process of disabling all startup items (which they had me do) I may have lost some functions.

Here's my current situation. Windows Update won't run, telling me components are missing and need to be reregistered, which I've done. WMI isn't working and I've tried WMIdiags which reports numerous DCOM errors. I have erased the WBEM folder and had that rebuilt, then restored it from the install disk.

When I click the dropdown box on Windows Explorer, the system goes away for a minute or so (really) before the box appears. Same thing when I click on My Computer (I get to watch the sweeping flashlight for a full minute). I have no mapped drives to restore.

Other than overall slowness, all else is working adequately, except the explorer problems affect every program that uses a file open box or file save etc. If I type the entire pathname it works ok, but browsing is almost impossible.

Oh, one more thing. In services, the service alg.exe (application layer gateway) has been given what looks like a smitfraud description, namely "Abmsyrtsrqn".

Searching for Abmsyrtsrqn in the registry gives me a dozen or so occurances. alg.exe service is set to manual and not started.

In all my years of computing I have never encountered so destructive a problem, though it's quite possible that I made matters worse by trying to repair things in my haphazard way.

BC AdBot (Login to Remove)

 


#2 Zllio

Zllio

  • Members
  • 1,107 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 16 December 2008 - 06:40 AM

Hi rmccaleb,

It sounds like a lot of files were damaged before you tried removing the malware and your computer may also still be infected. Do you have any of the orginal logs from SmitFraud Fix and from SuperAntiSpyware? Have you gone through the malware removal procedures at this site or did you do everything on your own? There are a number of tools you did not use which may still be of value if your computer is still infected, but they require the help of someone who is trained for this. Is backing up your data and doing a clean install an option for you?

Zllio

#3 rmccaleb

rmccaleb
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 16 December 2008 - 10:35 AM

Thanks for your response. I'll see what logs there are. I do recall that smitfraud infects and renames a bunch of files in system32 and these were all removed or fixed. I hoped repairing windows would fix them. I also ran system file compare.

Ultimately I will have to reformat and reinstall, but I know it will be days of reinstalling software and getting things back to the way I like them. For now, if I could just get the file browsing problem fixed I'd be happy.

I downloaded combofix, but following the dire warnings on this site, I haven't run it. I do have all my data backed up.

Hi rmccaleb,

It sounds like a lot of files were damaged before you tried removing the malware and your computer may also still be infected. Do you have any of the orginal logs from SmitFraud Fix and from SuperAntiSpyware? Have you gone through the malware removal procedures at this site or did you do everything on your own? There are a number of tools you did not use which may still be of value if your computer is still infected, but they require the help of someone who is trained for this. Is backing up your data and doing a clean install an option for you?

Zllio



#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:15 PM

Posted 16 December 2008 - 10:37 AM

Since you're contemplating using ComboFix (and have wisely decided to wait) - I'm going to transfer this over to the Am I Infected forum to see if they've got any suggestions.

If this doesn't pan out, just PM me and I'll move it back here to the XP forum.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users