Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud-c.toolbar888


  • This topic is locked This topic is locked
1 reply to this topic

#1 Calum Mac

Calum Mac

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 11 May 2007 - 06:28 PM

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\anksbwvm

*******************

Script file located at: \??\C:\Program Files\cxlnpuuc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\nnnmp.bak2 deleted successfully.
File C:\WINDOWS\system32\nnnmp.bak1 deleted successfully.
File C:\DOCUME~1\CATHER~1\APPLIC~1\sysprotectscannerinstall[1].exe deleted successfully.
Folder C:\Program Files\Common Files\DriveCleaner Free deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 11 May 2007 - 06:34 PM

Please reply into the topic below,don't start any more new topics,it just confuses the issue.This makes me think what you said earlier about Falu asking you to rename Hijackthis.exe,it sounds like you've done this before.
http://www.bleepingcomputer.com/forums/t/91764/smitfraud-ctoolbar888/

This particular topic is closed.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users