Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Smitfraud.cmd, Here's What It Said. Can Anyone Help?


  • This topic is locked This topic is locked
2 replies to this topic

#1 robynluttrell

robynluttrell

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 11 May 2006 - 02:06 PM

SmitFraudFix v2.43

Scan done at 12:02:41.17, Thu 05/11/2006
Run from C:\Documents and Settings\Robyn\Local Settings\Temporary Internet Files\Content.IE5\KFABO7EL\SmitfraudFix[1]\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32

C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !

C:\Documents and Settings\Robyn\Application Data


Start Menu


C:\DOCUME~1\Robyn\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://eng.dolcegabbana.it/images/main/mp_DeG_ON.gif"
"SubscribedURL"="http://eng.dolcegabbana.it/images/main/mp_DeG_ON.gif"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="http://fashion.dior.com/dior.html"
"SubscribedURL"="http://fashion.dior.com/dior.html"
"FriendlyName"="Christian Dior Couture"

Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}"="Twain"

[HKEY_CLASSES_ROOT\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}\InProcServer32]
@="C:\WINDOWS\System32\twain32.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}\InProcServer32]
@="C:\WINDOWS\System32\twain32.dll"


Scanning wininet.dll infection


End

BC AdBot (Login to Remove)

 


#2 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:09:46 AM

Posted 12 May 2006 - 01:04 AM

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.

#3 Jag11

Jag11

  • Members
  • 1,027 posts
  • OFFLINE
  •  
  • Location:127.0.0.1
  • Local time:09:46 AM

Posted 22 May 2006 - 06:38 AM

Due to the lack of feedback, this topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Regards,
Jet Ian

Posted Image
Proud member of ASAP and UNITE since 2006.
Everyone wants to go to heaven, but no one wants to die.

.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users