Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bloodhound Morphine, Smitfraud-c And Dyfuca


  • Please log in to reply
6 replies to this topic

#1 Ras_Al_Ghul

Ras_Al_Ghul

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brooklyn NY
  • Local time:03:02 PM

Posted 23 June 2006 - 12:21 PM

This morning NAV was flagging multiple copies of Trojan Horse and one incident of Bloodhound Morphine.

I ran NAV in Safe Mode with System Recovery set to 'off'.

Spybot was also flagging Smitfraud-C and DyFuCA.

I searched the Forum and followed instructions posted by Quietman7. Smitfraud-C and DyFuCA apear to have been successfully removed.

I just wanted to let you know that your instructions still seem to work:

http://www.bleepingcomputer.com/forums/t/54186/tibsvq;-smitfraud-c-on-my-spybot-search/

Thanks again.
The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents. - Nathaniel Borenstein (1957 - )

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:02 PM

Posted 24 June 2006 - 05:00 PM

Your welcome Ras_Al_Ghul and thanks for the feedback. One thing that has changed in those instructions is that Ewido 3.5 was recently updated to version 4.0 and works even better than ever. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:02 PM

Posted 24 June 2006 - 05:00 PM

Your welcome Ras_Al_Ghul and thanks for the feedback. One thing that has changed in those instructions is that Ewido 3.5 was recently updated to version 4.0 and works even better than ever. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Ras_Al_Ghul

Ras_Al_Ghul
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brooklyn NY
  • Local time:03:02 PM

Posted 25 June 2006 - 09:03 AM

Thanks, Quietman.

Interesting observation - Smitfraud-C seems to re-infect itself on our PC. Spybot always finds Smitfraud-C and something called Fastclick. It destroys Fastclick but not SmitFraud-C.

It doesn't APPEAR to cause any problems, but I would prefer it not be there be at all!

Would you recommend trying those steps again with the newer version of Ewido?

Should I post a HijackThis log?

Thanks.

Below is what Spybot finds:
==========================================================
FastClick: Tracking cookie (Internet Explorer: Daniel Campana) (Cookie, nothing done)


Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2732071641-624806248-3400032382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2732071641-624806248-3400032382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2732071641-624806248-3400032382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracktraff.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2732071641-624806248-3400032382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trackhits.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2732071641-624806248-3400032382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.tempx.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2732071641-624806248-3400032382-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=W=4


--- Spybot - Search && Destroy version: 1.3 ---
2005-04-26 Includes\Cookies.sbi
2005-07-22 Includes\Dialer.sbi
2005-07-22 Includes\Hijackers.sbi
2005-06-23 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2005-07-22 Includes\Malware.sbi
2005-07-22 Includes\PUPS.sbi
2005-04-27 Includes\Revision.sbi
2005-07-22 Includes\Security.sbi
2005-07-19 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-07-22 Includes\Trojans.sbi
The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents. - Nathaniel Borenstein (1957 - )

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:02 PM

Posted 25 June 2006 - 11:39 AM

Your Spybot log shows your using an outdated version (v1.3) of the program. You should remove it and download and scan with Spybot S&D 1.4. Be sure to update the definitions first.

As for the Smitfraud-C.: User settings (Registry change, nothing done) entries, are you using IE-Spyad? Read here.

Edited by quietman7, 25 June 2006 - 11:53 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Ras_Al_Ghul

Ras_Al_Ghul
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brooklyn NY
  • Local time:03:02 PM

Posted 25 June 2006 - 12:51 PM

Thanks, Quietman.

That seemed to do it. Smitfraud-c no longer appears on Spybot scan using the with updated version.

RE: IE-Spyad - I am not aware that anyone here uses it.

Thanks again.
The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents. - Nathaniel Borenstein (1957 - )

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:02 PM

Posted 25 June 2006 - 01:47 PM

:thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users