Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple infections, not sure what to do?


  • Please log in to reply
3 replies to this topic

#1 ajlpenguin

ajlpenguin

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 12 January 2009 - 10:15 PM

Hello,

After working with a friend on a school project, I learned that my USB drive was harboring resycle/autorun/boot.com files. I followed directions he gave me (deleting the hidden files and scanning the registry on my USB drive and laptop) - but I didn't find any more hidden files.

Later that night, IE popups began appearing on my computer (Vista) when I wasn't using IE. I ran SpyBot, which detected but could not remove Smitfraud, Smitfraud-C, Virtumonde, Virtumonde.prx. Shortly after, SpyBot dialog boxes began appearing asking me to Allow/Deny system changes (things were being added). I ran SpyBot again and apparently removed Smitfraud-Core-something, so I allowed the next two system changes (removal of some run32dll files). Sometime after a reboot, my desktop wallpaper was replaced with a blue screen.

I ran Smitfraudfix in Safe Mode to no avail, but as of today, Spybot does not report any instance of Smitfraud or Virtumonde. However, my computer does not start properly (desktop doesn't load) and cogad.exe is running as a background process. I don't think my computer is completely clean and I would like help fixing this!


Thanks for your help,
ajlpenguin

Edited by ajlpenguin, 12 January 2009 - 10:21 PM.


BC AdBot (Login to Remove)

 


#2 Josher

Josher

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 12 January 2009 - 11:24 PM

A Google of cogad.exe shows that it's some type of trojan. Have you run some sort of virus scan as well as Spybot? I'm not an expert in this by any means, but I know with viruses and malware you often need several programs to thoroughly take care of things. You might try AVG free to scan for viruses or possibly ending the cogad.exe process and then doing a search to find the file. Once found, delete it and empty your recycle bin. You'll have to change your background back to what it originally was on your own.

#3 Josher

Josher

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 12 January 2009 - 11:26 PM

You might also try this http://siri.geekstogo.com/SmitfraudFix.php free program to scan and make sure smitfraud is gone from your system. Has anyone else here ever used this?

#4 ajlpenguin

ajlpenguin
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 14 January 2009 - 10:40 PM

I took your advice and ran a virus scan (Avast). It picked up several things, including cogad.exe and some trojans on my USB drive and SD cards. My computer has been starting properly and nothing fishy is running in the background that I know of, so I'm just going to be more vigilant with SpyBot and Avast.

Based on what I read about Smitfraud and Virtumonde, I didn't think I'd have any luck with virus scans. I'm glad I was mistaken.

Thanks,
ajlpenguin




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users