Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Attacked - Hijackthis Log


  • Please log in to reply
1 reply to this topic

#1 Alexre2006

Alexre2006

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 11 June 2006 - 10:10 AM

Dear Sam,

I have a same problem as bartoli


keep getting fake security warnings popup in the bottom right of my screen.

Examples:

"Your computer is working slowly!"
"Alert! You are receiving spam!"
"Warning! Your security and privacy are at risk!"
"You computer is not protected against spyware!"
"Danger! Spyware activity detected on your computer!"
"Alert! A minimum of 7 spyware items found!"

Explorer opens to about:blank and displays a Windows Security Center (remove spyware alert) & link directs to //www.antispywarebox.com/index2.php?aff=0&wd=C:/WINDOWS

//Mod edit to modify hot link above to protect others.

Task Manager is Disabled.
Regedit is Disabled.
Msconfig is Disabled.

.....


please find below my rapport.log file and please help me to get rid of this problem.


Thanks in advance

======================================



SmitFraudFix v2.58

Rapport fait à 16:50:13,01, 11/06/2006
Executé à partir de C:\Documents and Settings\asarys\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\alexaie.dll PRESENT !
C:\WINDOWS\alxie328.dll PRESENT !
C:\WINDOWS\alxtb1.dll PRESENT !
C:\WINDOWS\bg.gif PRESENT !
C:\WINDOWS\BTGrab.dll PRESENT !
C:\WINDOWS\close-bar.gif PRESENT !
C:\WINDOWS\dlmax.dll PRESENT !
C:\WINDOWS\infected.gif PRESENT !
C:\WINDOWS\Pynix.dll PRESENT !
C:\WINDOWS\susp.exe PRESENT !
C:\WINDOWS\star.gif PRESENT !
C:\WINDOWS\warning-bar-ico.gif PRESENT !
C:\WINDOWS\ZServ.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\a.exe PRESENT !
C:\WINDOWS\system32\adobepnl.dll PRESENT !
C:\WINDOWS\system32\alxres.dll PRESENT !
C:\WINDOWS\system32\bridge.dll PRESENT !
C:\WINDOWS\system32\dailytoolbar.dll PRESENT !
C:\WINDOWS\system32\jao.dll PRESENT !
C:\WINDOWS\system32\questmod.dll PRESENT !
C:\WINDOWS\system32\runsrv32.dll PRESENT !
C:\WINDOWS\system32\runsrv32.exe PRESENT !
C:\WINDOWS\system32\tcpservice2.exe PRESENT !
C:\WINDOWS\system32\txfdb32.dll PRESENT !
C:\WINDOWS\system32\udpmod.dll PRESENT !
C:\WINDOWS\system32\users32.exe PRESENT !
C:\WINDOWS\system32\wstart.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\asarys\Application Data

C:\Documents and Settings\asarys\Local Settings\Application Data\AdwareSheriff PRESENT !
C:\Documents and Settings\asarys\Local Settings\Application Data\TitanShield PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\asarys\MENUDM~1\PROGRA~1\DMARRA~1\asheriff.lnk PRESENT !
C:\DOCUME~1\asarys\MENUDM~1\PROGRA~1\DMARRA~1\titanshield.lnk PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\asarys\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin




BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 11 June 2006 - 02:38 PM

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users