Having multiple svchost.exe files running is normal. However, the other files are not, so we will look for them and their "friends" first. After that, we will clean them following our next reply.
If possible, please disable your Prevx Malicious Scripts scanner so it does not interfere with the script that we will be running. Do not enable it until we have confirmed that your system is clean. If you cannot find out to disable that, just let it run and we will keep our fingers crossed.
Please download
SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip or from here: http://siri.geekstogo.com/SmitfraudFix.zip
Extract all the files to your Desktop. A folder named
SmitfraudFix will be created on your Desktop.
______________________________
When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
The program will prompt you to update. Click the Ok button.
The program will now go to the main screen.
You will need to update Ewido to the latest definition files.
On the left-hand side of the main screen click the Update Button.
Click on Start.
The update will start and a progress bar will show the updates being installed.If you are having problems with the updater, you can use this link to manually update Ewido.
http://download.ewido.net/ewido-signatures-full-current.exe
Once finished updating, close Ewido.
Make sure to close Ewido before installing the update.
______________________________
Open the SmitfraudFix folder and double-click
smitfraudfix.cmd Select option
#1 - Search by typing
1 and press
Enter This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named
rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Note :
process.exe
is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool";. It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
IMPORTANT: Do NOT run any other options until you are asked to do so!
Your copy of Hijackthis has not been extracted. Please delete your first HijackThis and download an extractable one. Click
HERE to download a self-extractable version of HijackThis.
Double click on hijackthis.exe to extract hijackthis to folder c:\hijackthis.
It will extract it to that folder and open the folder for you.
It will also create a shortcut on your desktop to HijackThis.
It will scan and the log should open in notepad.Click on "Edit > Select
All" then click on "Edit > Copy" to copy the entire contents of the
log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Please post the report from SmitfraudFix (rapport.txt) and a fresh HijackThis log. Thanks.
Bugbatter
3 Apprentice
•
20.5K Posts
0
May 28th, 2006 23:00
Welcome :)
Having multiple svchost.exe files running is normal. However, the other files are not, so we will look for them and their "friends" first. After that, we will clean them following our next reply.
If possible, please disable your Prevx Malicious Scripts scanner so it does not interfere with the script that we will be running. Do not enable it until we have confirmed that your system is clean. If you cannot find out to disable that, just let it run and we will keep our fingers crossed.
Please download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
or from here: http://siri.geekstogo.com/SmitfraudFix.zip
Extract all the files to your Desktop. A folder named SmitfraudFix will be created on your Desktop.
______________________________
Please download the trial version of Ewido Anti-malware 3.5 from here:
http://www.ewido.net/en/download/
- Install Ewido Anti-malware.
- When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
- When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
- The program will prompt you to update. Click the Ok button.
- The program will now go to the main screen.
You will need to update Ewido to the latest definition files.- On the left-hand side of the main screen click the Update Button.
- Click on Start.
The update will start and a progress bar will show the updates being installed.If you are having problems with the updater, you can use this link to manually update Ewido.http://download.ewido.net/ewido-signatures-full-current.exe
Once finished updating, close Ewido.
Make sure to close Ewido before installing the update.
______________________________
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool";. It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
IMPORTANT: Do NOT run any other options until you are asked to do so!
Your copy of Hijackthis has not been extracted. Please delete your first HijackThis and download an extractable one. Click HERE to download a self-extractable version of HijackThis.
- Double click on hijackthis.exe to extract hijackthis to folder c:\hijackthis.
- It will extract it to that folder and open the folder for you.
- It will also create a shortcut on your desktop to HijackThis.
- It will scan and the log should open in notepad.Click on "Edit > Select
- All" then click on "Edit > Copy" to copy the entire contents of the
- log.
Come back here to this thread and Paste the log in your next reply.DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Please post the report from SmitfraudFix (rapport.txt) and a fresh HijackThis log. Thanks.