Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please help


  • Please log in to reply
1 reply to this topic

#1 vidyaraj

vidyaraj

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 23 June 2005 - 10:11 AM

Dear frieds
,please help me and my pc from this trouble ,desk top showing a warning message on desk top "A fatal error occured at 0028:c0011E36 in VXD VMM<O0>+00010E36 E rror was caused by Trojan Spy HTML.Smitfraud.c"


I am giving below Hyjack scan result ,please tell me to do what next ,thank you for your help
rajesh....
(Moderator edit: moved log to appropriate forum. jgweed)

Logfile of HijackThis v1.99.1
Scan saved at 3:54:21 PM, on 1/1/98
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\UPDATELAVASOFT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTEMP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - (no file)
O2 - BHO: (no name) - {568795FE-3344-4F50-8053-FBF065DE463D} - C:\WINDOWS\SYSTEM\CFBI.DLL
O2 - BHO: CExtension Object - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\BS3.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Finishing Windows 98 SE Update..] rundll32 advpack.dll,LaunchINFSection D:\content\win9x\Win98SE\WSEfinish.inf,DefaultInstall,2,N
O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINDOWS\BS3.DLL,DllRun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\Run: [updatelavasoft] C:\WINDOWS\SYSTEM\updatelavasoft.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [updatelavasoft] C:\WINDOWS\SYSTEM\updatelavasoft.exe
O4 - HKCU\..\Run: [updatelavasoft] C:\WINDOWS\SYSTEM\updatelavasoft.exe
O4 - HKCU\..\RunServices: [updatelavasoft] C:\WINDOWS\SYSTEM\updatelavasoft.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Corel Network monitor worker - {3C4F8368-ECA2-495E-8E53-28D8E1E45B28} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3C4F8368-ECA2-495E-8E53-28D8E1E45B28} - C:\WINDOWS\SYSTEM\INTLMAIN.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted IP range: 213.159.117.133 (HKLM)
O18 - Filter: text/html - {0F038E9B-A7B5-4B90-A2C1-C2E364E1C783} - C:\WINDOWS\SYSTEM\CFBI.DLL
O18 - Filter: text/plain - {0F038E9B-A7B5-4B90-A2C1-C2E364E1C783} - C:\WINDOWS\SYSTEM\CFBI.DLL
O21 - SSODL: systemp - {CBFD32C7-6738-49C9-B076-F3AE1B90C482} - systemp.dll (file missing)

Edited by jgweed, 23 June 2005 - 12:11 PM.


BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 24 June 2005 - 04:48 PM

Hi vidyaraj and Welcome!

I need to see a copy of a couple of files please!

C:\WINDOWS\SYSTEM\SYSTEMP.EXE

C:\WINDOWS\SYSTEM\UPDATELAVASOFT.EXE

Create a folder and place a copy of those in it,then right click and select "Send To" then select "Compressed(Zipped)Folder"

Email that Zipped Folder here>> filesubmit@charter.net

Please Download SpSeHjfix 109 from here and unzip it to a new folder on your desktop.
http://www.derbilk.de/404.html

Close any open windows/programs.
Run SpSeHjfix and click on "Start Disinfection".
When it's finished it will reboot your machine automatically.
A log file of the fix can be found in the folder.
Once rebooted, run SpSeHjfix again.
After the second reboot, post a fresh HijackThis log and the contents of the SpSeHjfix logs.

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>OK>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates!

Post back with the reports from Panda and SpSeHjfix along with a fresh HijackThis log!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users