Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot scan posting?


  • Please log in to reply
4 replies to this topic

#1 cctexun

cctexun

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 26 August 2005 - 10:46 AM

I hope I am placing this question in the correct forum. If not your directions will be appreciated.

I have been having a time trying to copy and post the results of a spybot scan that shows the presence of "Smitfraud-C". Spy-bot can't remove or clean the 30 lines , files I am not sure how to refer to it. Spy-bot identifies them as "registry change" so I am guessing they are a bad thing.

Anyway I would appreciate some instruction on how to proceed, so I can show somebody that knows how to help me fix this possible problem, just edzackerywhat is found in the scan.

I got a feelin there is a very simple way to accomplish the capture and paste. I simply don't know how to proceed. Thanks for your patience and assistance.

D

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:07:21 PM

Posted 26 August 2005 - 11:51 AM

1. Run Spybot and have it check for problems. Click on Search and Destroy, then "check for problems."
2. Click on "show more information'" so the box below the is open. When the scan is finished, be sure to expand all the "folders" on the screen.
3. Place your cursor anywhere in the report box. Right click to get a drop down box; use "save results to file" and choose a location you can easily find.
4. This will produce a text file that you can edit so only the problems Spybot found are listed. You may want to either "clean up" the text file in a word processor first, or clean it up after you copy and paste from the file to the post box here at BC.

Hope this helps,
John

Edited by jgweed, 26 August 2005 - 11:59 AM.

Whereof one cannot speak, thereof one should be silent.

#3 cctexun

cctexun
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 27 August 2005 - 04:36 AM

jg

Thanks for your simple to follow instructions.

Could you look at this and tell me if smitfraud is something I should clean out and how to do so.





Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adulthell.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bin.wordsx.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crl.thawte.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\datingforlove.org\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dl.ad-ware.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\e-finder.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ewizard.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bleep-bleep.org\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ga31.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greg-tut.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\love-catalog.net\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\makechoice.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\meetyourfriend.biz\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\new.8ad.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rf104.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.remove.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s2.kav.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\terra.hcworld.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracking.allposters.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\v-224.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\veryeasysearch.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\visitfriend.net\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webpidor.biz\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.6o9.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1644491937-1563985344-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.niger.ru\*!=W=4


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-06-15 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-08-19 Includes\Dialer.sbi (*)
2005-08-19 Includes\Hijackers.sbi (*)
2005-08-16 Includes\Keyloggers.sbi (*)
2005-08-19 Includes\Malware.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-08-19 Includes\Security.sbi (*)
2005-08-16 Includes\Spybots.sbi (*)
2005-08-19 Includes\Trojans.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-08-12 Includes\PUPS.sbi (*)

#4 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:07:21 PM

Posted 27 August 2005 - 05:40 AM

Hi cctexun

Smitfraud is a very difficult infection to clean and requires some experience with this as well as some specialized tools. Your best option is to post a Hijack This log for our team to review.

See How to submit a Hijackthis Log. Our team will reply as soon as they can get to you.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#5 cctexun

cctexun
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 27 August 2005 - 02:34 PM

Jgweed and Leurgy

Thanks for your help.

I am off on my quest "For the Holy Grail". May the Gods smile as you pass thru the gate. I pray the devil not hear, till you claim your spot inside.

"Its Great to be alive and in South Texas"

D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users