Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistant Reinfection: Smitfraud Tool Seems To Be Confounded


  • This topic is locked This topic is locked
3 replies to this topic

#1 amoebasinger

amoebasinger

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 08 June 2007 - 08:28 AM

Hi! First post.
I am fixing up a work friend's computer.
WinXP Home.
He has two users: A and C. He claims he doesn't know where C came from but that's the one he uses. (I Doubt his story).
I finally got A and Administrator to run OK.
I have removed piles of trojans, viruses, etc. etc.

Should I have him just get rid of the C user?

I have run practically every tool on this forum.
Spybot keeps showing Smitfraud-C.Toolbar888 on each of the users.

I finally ran the Smitfraud removal tool in safe mode.
Does not appear to run normally.
The cleanup wizard which gets invoked seems to go about halfway through and unceremoniously disappears.
One time I glimpsed at its status line it was "Cleaning: " a couple non-alphabetic characters. Then it vanished.

The red restart window at the end I have never seen, but it oddly pops up with the initial "You are running in safe mode..." dialog.

This PC has had a myriad bad behaviors.
It probably needs to be wiped and start over. -- Too much effort.
Can I get this thing uninfected and hand it back to my buddy with the caveat that it may be flaky but clean?

J
*Ran Spybot
*Adaware
*AVG
*Housecall, Panda, and BitDefender
*Mcafee Stinger
*Installed Zonealarm
*All MS Updates
*Removed some obvious things w Hijackthis. I am posting the log on the appropriate forum.

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,096 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:12 AM

Posted 08 June 2007 - 11:00 AM

Hijack This is not intended for use by the average, untrained user. You could easily remove something that would damage your computer.

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
--------------------------------------------------------------------------------
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 amoebasinger

amoebasinger
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 09 June 2007 - 06:23 PM

The log is at:
http://www.bleepingcomputer.com/forums/ind...mp;#entry541114

Aaflac has been helping me.

Thanks!

J

#4 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:01:12 AM

Posted 09 June 2007 - 06:29 PM

As you have now posted a HJT log, please now follow only the advice given by the HJT team member who takes your log. You are in good hands!

Take care

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users