Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Smart Protection 2012 removal


  • Please log in to reply
8 replies to this topic

#1 ThePanda

ThePanda

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 19 February 2012 - 06:42 AM

Hiya,

I am trying to follow your instructions to remove Smart Protection 2012 from my computer.
I have followed the steps as far as unchecking the proxy server in LAN settings.
I'm still unable to connect to the internet - in the bottom right hand corner where the icons usually are there is only the time! My network connection icons aren't there. Not sure where to go from there (I'm currently using a different computer).

Thanks!

ThePanda :)

Edited by jgweed, 19 February 2012 - 08:55 AM.
moved to more appropriate forum.jgw


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:14 PM

Posted 19 February 2012 - 09:31 AM

Download

FSS

Checkmark

Internet Services

Click on "Scan".
Please copy and paste the log to your reply.

#3 ThePanda

ThePanda
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 19 February 2012 - 10:15 AM

Hi

Sorry if I'm being ignorant but I am unable to access the internet on the infected computer (I'm on my other computer at the moment) - how would I go about downloading 'FSS' from that link?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:14 PM

Posted 19 February 2012 - 10:21 AM

Download the tool on a working PC and transfer it to the infected one using a flash drive

good luck

#5 ThePanda

ThePanda
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 19 February 2012 - 03:17 PM

Thanks! Here is the report:

Farbar Service Scanner Version: 14-02-2012
Ran by Authorised user on 19-02-2012 at 20:15:26
Running from "E:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.

NetBt Service is not running. Checking service configuration:
The start type of NetBt service is OK.
The ImagePath of NetBt service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
The start type of IpSec service is OK.
The ImagePath of IpSec service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable

PlugPlay Service is not running. Checking service configuration:
The start type of PlugPlay service is OK.
The ImagePath of PlugPlay service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
DNE(10) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) WSIMD(9)
0x0A0000000400000001000000020000000300000008000000050000000600000007000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:14 PM

Posted 19 February 2012 - 04:03 PM

Probably you're still infected

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Restart your PC

Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.

#7 ThePanda

ThePanda
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:14 AM

Posted 20 February 2012 - 12:09 PM

Ok - when I launch TDSkiller on the infected computer I get two messages - 'Can't initialize log' and 'can't load driver' - then I can change parameters like you instructed but it won't perform a scan.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:14 PM

Posted 20 February 2012 - 01:28 PM

We need advanced tools to make sure PC is clean.May be that should solve the internet issue too

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#9 AGirlinChiTown

AGirlinChiTown

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 27 February 2012 - 10:39 PM

This worked for me today. I spent 5 hours at an internet cafe trying to figure out how to manually get rid of it myself. I gathered up all the info I could find and then was ready to go into the registy etc. and jump though hoops. But - thanks to the intelligence of my computer, this is what I did and it actually worked!! Everythings fine now. So do this FIRST at least and don't pay anybody anything or drive yourself insane with code:

* Restart computer
* While it's rebooting, Press the F8 key a bunch of times
* A black & white screen will come up. Use your up/down arrows to select "Safe Mode with Networking"
* It will start loading alot of files that fill the screen. Don't worry about it.
* Then there will be a message that says: " Are you sure you want to do this? You could go back to a restore
point instead" ( or something to that effect..)
* Click "NO" ( meaning you don't want to continue and heck yeah let's try to go back to a restore point)
* Then just follow the prompts. Very easy
* You'll be asked to Pick a date to go back to. I clicked a date (1) week ago, just to be extra sure.
* Then the computer goes through the restoration process and restarts itself eventually. Stay calm.
* At some point there will be a screen that says Administrator or User. I clicked User.
* Computer came back up free of virus




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users