Save it to your Desktop->>Rt Click->>Extract all->> and extract it to your desktop Open the Smitfraudfix folder Double-click smitfraudfix.cmd Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Open that file, Ctrl+A to copy, and post a copy of that log as a reply to this thread
Scan done at 18:06:48.45, Thu 10/05/2006
Run from C:\Documents and Settings\Todd Wannarka\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode
C:\Program Files\iMediaCodec\ FOUND !
C:\Program Files\MalwareWipe\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
You may want to print out these instructions as part of this fix will be in Safe Mode
Go
here and Download
AVG Anti-Spyware (
30 day free trial version) Save it to Your Desktop
Double Click
AVG Anti-Spyware-setup (It will create its own folder)
Once the program starts You will be at the
Status menu
Under "Your computers Security" Click change status on Resident shield to inactive Click Update now (next to last update) After the update loads Under Automatic updates Uncheck download and install updates automatically(recommended) (you can always select maual updates the next day)
At the top toolbar Click
Scanner Then the
settings tab
Under How to act? Set default action for detected malwareTo Quarantine Under how to scan All boxes should be checked Under Possibly unwanted software All boxes should be checked Under reports Select Automatically generate report after every scan Uncheck Only if threats were found Under what to scan Scan every file should be highlited
Exit AVG(
But do not run it yet)
Reboot into
Safe Mode This can be done by
Restart your PC, and after it starts, but before you see the Windows Splash screen Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices) Use your arrow keys and select Safe Mode and then Enter
Open the
SmitfraudFix Folder, then double-click
smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : " Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if your computer does not restart automatically please do it yourself manually. Reboot in
Safe Mode.
The tool will create a log named
rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Run AVG Anti-Spyware
Click scanner Select Complete system scan
Once the scan finishes
Select Apply all actions (The items found will be quarantined) Click save report as (Another window will open) Save it to your desktop (By default It will be saved in the AVG folder as) C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports
Exit AVG
Reboot your PC in
Normal Mode->>Re run Hijackthis and post a fresh Hijackthis log.
Double click the report-scan txt. you saved to your desktop It will open in Notepad Copy and paste that report as a reply to this thread
Your reply should include
a fresh Hijackthis log your report_scan.txt log from AVG your rapport.txt log from Smitfraudfix
You may have to post your reply in more than one reply
bamajim
10.4K Posts
0
October 5th, 2006 19:00
And Download SmitFraudFix by S!ri
Save it to your Desktop->>Rt Click->>Extract all->> and extract it to your desktop
Open the Smitfraudfix folder
Double-click smitfraudfix.cmd
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
Open that file, Ctrl+A to copy, and post a copy of that log as a reply to this thread
Do Not run option 2 until instructed to do so
DevilLover
2 Posts
0
October 5th, 2006 22:00
Run from C:\Documents and Settings\Todd Wannarka\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Todd Wannarka
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Todd Wannarka\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TODDWA~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\MalwareWipe\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
!!!Attention, following keys are not inevitably infected!!!
Search SharedTaskScheduler's .dll
"{7be183d2-a42d-4915-bf60-ec86fbf002cf}"="horologium"
@="C:\WINDOWS\system32\httge.dll"
@="C:\WINDOWS\system32\httge.dll"
!!!Attention, following keys are not inevitably infected!!!
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
bamajim
10.4K Posts
0
October 5th, 2006 23:00
You may want to print out these instructions as part of this fix will be in Safe Mode
Go here and Download AVG Anti-Spyware
( 30 day free trial version) Save it to Your Desktop
Double Click AVG Anti-Spyware-setup
(It will create its own folder)
Once the program starts You will be at the Status menu
Click change status on Resident shield to inactive
Click Update now (next to last update)
After the update loads
Under Automatic updates Uncheck download and install updates automatically(recommended)
(you can always select maual updates the next day)
At the top toolbar Click Scanner Then the settings tab
- Under How to act? Set default action for detected malwareTo Quarantine
Exit AVG( But do not run it yet)Under how to scan All boxes should be checked
Under Possibly unwanted software All boxes should be checked
Under reports Select Automatically generate report after every scan
Uncheck Only if threats were found
Under what to scan Scan every file should be highlited
Reboot into Safe Mode
This can be done by
- Restart your PC, and after it starts, but before you see the Windows Splash screen
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.Begin tapping the F8 key twice a second untill you reach another menu screen (black background with white menu choices)
Use your arrow keys and select Safe Mode and then Enter
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : " Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if your computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Run AVG Anti-Spyware
- Click scanner
Once the scan finishesSelect Complete system scan
- Select Apply all actions (The items found will be quarantined)
Exit AVGClick save report as (Another window will open)
Save it to your desktop
(By default It will be saved in the AVG folder as)
C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports
Reboot your PC in Normal Mode->>Re run Hijackthis and post a fresh Hijackthis log.
- Double click the report-scan txt. you saved to your desktop
Your reply should includeIt will open in Notepad
Copy and paste that report as a reply to this thread
your report_scan.txt log from AVG
your rapport.txt log from Smitfraudfix
You may have to post your reply in more than one reply