Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


888bar And Smitfraud

  • Please log in to reply
5 replies to this topic

#1 benny269


  • Members
  • 158 posts
  • Gender:Male
  • Location:Slough
  • Local time:12:57 PM

Posted 27 November 2006 - 05:16 PM


Earlier today I stupidly accepted a file transfer over msn (.pgi file i think) it then installed itself, created a few new desktop icons including 'winstall', hijacked my homepage and gave me 888bar in IE7 before sending itself to my open contact list in msn. I have had similar problems before and tried to remove it myself using a SmitFraudFix manual from BleepingComputer followed by a scan and removal by AVG, Ad-Aware & Spybot. The files and icons I new about were deleted, I had my homepage back and the toolbar was gone. However after this my ZoneAlarm keeps showing me messages that programs such as update.exe and ipwins.exe are trying to access the internet and now the 888 toolbar has returned and on every restart my homepage is hijacked as IE7 tells me my security settings are not set to a safe standard as if something keeps lowering the level of security.

I am active online now and will follow up the disinfection process asap so if any more information is required just ask. Any help is very appreciated.

Many thanks

BC AdBot (Login to Remove)


#2 benny269

  • Topic Starter

  • Members
  • 158 posts
  • Gender:Male
  • Location:Slough
  • Local time:12:57 PM

Posted 27 November 2006 - 06:42 PM

Over the last hour I have also started getting numerous and irritating error messages as the one below:

The NTVDM CPU has encountered an illegal instruction.
CS:06f2 IP:0324 OP:6372697074 Choose 'Close' to terminate the application.

It open an MS-DOS window and displays this error with the option to close or ignore. Also I tried to open msn messenger a moment ago and windows did not recognise the program, gave it a program window icon in an error message and asked my permission to run it. This has never happened before. It seems the problem is more serious than I initially thought or it is spreading.

Please help soon. I really hope I do not need to format the pc. Thanks again.

#3 boopme


    To Insanity and Beyond

  • Global Moderator
  • 72,912 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:08:57 AM

Posted 27 November 2006 - 09:05 PM

try this first
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 tg1911


    Lord Spam Magnet

  • Members
  • 19,274 posts
  • Gender:Male
  • Location:SW Louisiana
  • Local time:06:57 AM

Posted 29 November 2006 - 12:46 AM


I moved your HJT log to the appropriate forum.
Here, is the link:
benny269's HJT log

Please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might think someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

Also, don't make any changes to your system, as that could change the results of the posted log, making it more difficult to properly clean your system.

If you have any questions, don't hesitate to PM me.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#5 grgr


  • Members
  • 3 posts
  • Local time:07:57 AM

Posted 29 November 2006 - 05:07 AM

Hi benny269,
I faced similar problem. U install "Advancd uninstaller pro". It is a shareware and u'll be able to use it for 15 days. In that there is an option "startup manager". Go to that option and see what all programs are going to start when u power oon ur PC. U can delete the unwanted. Also under "uninstall programs" u'll be able to see all the programs (including 888.) installed on ur system. U can easily remove them and find the location for the same.

Feel free to PM me.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 36,848 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:57 AM

Posted 29 November 2006 - 02:15 PM

benny269 has an HJT log in the HiJack This forum. Consequently, he shouldn't be making other changes to his system without guidance from the HJT team as this can make it more difficult for them to help.

Good luck with your log benny269

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users