Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with "Smart Protector"


  • Please log in to reply
9 replies to this topic

#1 kdub38

kdub38

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 10 December 2009 - 08:05 PM

SAS identifies SmartProtector as a rogue. It removes system32\srcr.dat but the virus reinstalls itself on startup.

I can't run MBAM even after renaming the application. SAS can be run after renaming it .

Every now and then some audio from a random commercial or video will play, but no window opens.

Please help -- thanks


Im running windows xp

Edited by kdub38, 10 December 2009 - 08:08 PM.


BC AdBot (Login to Remove)

 


#2 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:12:20 PM

Posted 10 December 2009 - 08:41 PM

It sounds like you may have something running which is preventing you from being able to install/run security software. What I normally do is use Rkill to stop the rootkit processes that start when the computer comes on. Then I run the Malwarebytes and SUPERAntiSpyware. Here are some DL links for the Rkill....

LINK 1
LINK 2
LINK 3
LINK 4

Save it to your desktop and then double click to launch it (With Vista you need to right click and select run as administrator). You should see a little black window open and then close. If you see that box then it worked. If you don't see the black box then delete the file and use another download link and repeat the steps.

Once it runs you should be able to run Malwarebytes.
DJ Digital Gem

I gave up on computers and now I just DJ!

#3 kdub38

kdub38
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 10 December 2009 - 09:05 PM

I did that and it installed okay. Still no MBAM (or SAS that isn't renamed).

I did it with two separate links to be sure.

Mod Edit: ComboFix log removed; not permitted in this forum.

Edited by quietman7, 12 December 2009 - 07:13 PM.


#4 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:12:20 PM

Posted 10 December 2009 - 11:19 PM

Mod Edit: Post removed due to type of content not allowed.

Edited by quietman7, 12 December 2009 - 07:12 PM.

DJ Digital Gem

I gave up on computers and now I just DJ!

#5 kdub38

kdub38
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 10 December 2009 - 11:43 PM

Please forgive me if I'm out of line here, but we haven't really tried anything else yet. I get a little nervous when you say "big gun".

#6 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:12:20 PM

Posted 11 December 2009 - 12:28 AM

When MBAM and SAS can't be run then I use ...

Mod Edit: remainder of reply removed due to type of content not allowed.

Edited by quietman7, 12 December 2009 - 07:14 PM.

DJ Digital Gem

I gave up on computers and now I just DJ!

#7 kdub38

kdub38
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 12 December 2009 - 01:08 AM

Sorry for the delay.

I can now open and run MBAM and SAS both show clean.

Edited by quietman7, 12 December 2009 - 07:09 PM.


#8 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:12:20 PM

Posted 12 December 2009 - 01:05 PM

Run your antivirus just to be on the safe side and you should be good to go! I love Combofix! LOL
DJ Digital Gem

I gave up on computers and now I just DJ!

#9 kdub38

kdub38
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 12 December 2009 - 03:30 PM

thank you mucho!

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,957 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:20 PM

Posted 12 December 2009 - 07:10 PM

Please note the message text in blue at the top of this forum.

No one should be using or recommending the use of ComboFix unless instructed to do so by a Malware Removal Expert.

Please read the pinned topics:Further, ComboFix logs are not permitted to be posted outside the HijackThis Logs and Malware Removal forum and then only when requested by a HJT Team member. Referrals are made to the HJT forum if we cannot assist you in this forum. As such, I have removed the log from this topic.

The BC Staff

Edited by quietman7, 12 December 2009 - 07:10 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users