Posted 07 November 2011 - 09:59 PM
I am using Windows 7 64-bit Home Edition. I noticed last night that when I used IE and did google searches, sometimes it would send me to wrong webpages. I thought perhaps I had some spyware, so I used Spybot Search & Destroy, and besides the normal cookies that popped up, this time it showed there was a file. It says this is Smitfraud-C.gp. I tried to google it to figure out how to get rid of it, and it seems many links lead to this website. I saw someone recommend tdsskiller.exe, so I downloaded that and ran it, and it said I had Rootkit.Boot.Pihar.b, it selected cure, and restarted my computer, and scanned again, and nothing had changed, it still said the rootkit was there. Also this time, the cmd prompt console kept opening and closing on my screen very fast. I opened up Process Explorer to look at why that was happening, and apparently conhost.exe was opening and closing over and over and over. Also an svchost.exe was opening and closing over and over. I tried to run the tdsskiller.exe one more time and restarted my computer again. Still nothing changed, still said it had the rootkit. This time in process explorer rather than conhost.exe opening over and over, there was just 7 instances of it open. Also, in my taskbar there is what looks like an open program, it has no icon, if you hover over it the title of it is L, and if I right click it, it says it is winsrcmde. Now I am flustered and decided to create this post, and here we are. I know we arent supposed to post logs in this forum until asked, so I won't post the TDSSKiller log just yet.
This is what the Spybot S&D log said.
Smitfraud-C.gp: [SBI $8E7F06B8] Executable (File, nothing done)
Please help me! I will be eternally grateful!
Thank you for your time and assistance,