Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Smitfraud - Big Problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby knoxville » January 12th, 2006, 6:41 pm

Ok thanks. I will let it scan :)
knoxville
Regular Member
 
Posts: 17
Joined: January 12th, 2006, 1:54 pm
Advertisement
Register to Remove

Unread postby knoxville » January 12th, 2006, 6:45 pm

Sorted the show desktop thing :) Thanks to you and google :D
knoxville
Regular Member
 
Posts: 17
Joined: January 12th, 2006, 1:54 pm

Unread postby amateur » January 12th, 2006, 6:47 pm

:thumbright:
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby knoxville » January 12th, 2006, 6:49 pm

Lets talk while we're waiting!!!!!!!! It's only on 65% :roll:
I see you live in Rhode Island, whats America like? I live in crappy England!! :(:(
knoxville
Regular Member
 
Posts: 17
Joined: January 12th, 2006, 1:54 pm

Unread postby knoxville » January 12th, 2006, 7:41 pm

Update: It's now on 90% It's found 9 viruses and 34 infected files.

Im going to bed soon, so what do I do about the laptop?
Also, what are we gonna do about these viruses?
knoxville
Regular Member
 
Posts: 17
Joined: January 12th, 2006, 1:54 pm

Unread postby amateur » January 12th, 2006, 7:55 pm

Hi Knoxville,

Yes, I guess it's quite late there now, but the scan is almost complete. When it's finished, just save the report and post it later whenever you can.
Have a good night. :)
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby knoxville » January 12th, 2006, 8:04 pm

Here is the log for anti virus scan:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, January 13, 2006 00:03:21
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 12/01/2006
Kaspersky Anti-Virus database records: 170803
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 78509
Number of viruses found: 9
Number of infected objects: 34
Number of suspicious objects: 0
Duration of the scan process: 8309 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Katie\.housecall\Quarantine\mssearchnet.exe.bac_a03592 Infected: Trojan-Downloader.Win32.Zlob.cm
C:\Documents and Settings\Katie\.housecall\Quarantine\nvctrl.exe.bac_a03592 Infected: Trojan-Downloader.Win32.Zlob.co
C:\Documents and Settings\Katie\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\B3A655BC-B424-4C0C-BC29-8B8328\F6E3EABB-9343-4AA2-922D-8C20D8 Infected: not-a-virus:Server-Proxy.Win32.MarketScore.p
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP219\A0293714.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.p
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP219\A0293716.dll Infected: not-a-virus:AdWare.Win32.Chiem.a
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP219\A0294857.tlb Infected: Trojan-Downloader.Win32.Zlob.br
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP219\A0294920.exe Infected: Trojan-Downloader.Win32.Zlob.cl
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP219\A0294921.exe Infected: Trojan-Downloader.Win32.Zlob.br
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP220\A0295023.exe Infected: Trojan-Downloader.Win32.Zlob.cl
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP220\A0295405.exe Infected: Trojan-Downloader.Win32.Zlob.cl
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP220\A0295407.tlb Infected: Trojan-Downloader.Win32.Zlob.br
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP220\A0295411.exe Infected: Trojan-Downloader.Win32.Zlob.br
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP221\A0295612.exe Infected: Trojan-Downloader.Win32.Zlob.cl
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP223\A0297194.exe Infected: Trojan-Downloader.Win32.Zlob.cl
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP223\A0297445.exe Infected: Trojan-Downloader.Win32.Zlob.br
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP223\A0297446.tlb Infected: Trojan-Downloader.Win32.Zlob.br
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP224\A0298463.exe Infected: Trojan-Downloader.Win32.Zlob.co
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP225\A0298507.exe Infected: Trojan-Downloader.Win32.Zlob.cl
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP225\A0298513.tlb Infected: Trojan-Downloader.Win32.Zlob.co
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP225\A0298796.exe Infected: Trojan-Downloader.Win32.Zlob.cm
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP225\A0298824.tlb Infected: Trojan-Downloader.Win32.Zlob.co
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP225\A0299750.tlb Infected: Trojan-Downloader.Win32.Zlob.co
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP225\A0299813.exe Infected: Trojan-Downloader.Win32.Zlob.cm
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP225\A0299814.exe Infected: Trojan-Downloader.Win32.Zlob.co
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP225\A0299916.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP227\A0300682.exe Infected: Trojan-Downloader.Win32.Zlob.cm
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP227\A0300683.exe Infected: Trojan-Downloader.Win32.Zlob.co
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP228\A0301312.tlb Infected: Trojan-Downloader.Win32.Zlob.co
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP228\A0302643.exe Infected: Trojan-Downloader.Win32.Zlob.co
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP228\A0302647.dll Infected: not-a-virus:AdWare.Win32.RK.d
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP228\A0302658.tlb Infected: Trojan-Downloader.Win32.Zlob.co
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP228\A0302659.exe Infected: Trojan-Downloader.Win32.Zlob.cm
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP228\A0302661.exe Infected: Trojan-Downloader.Win32.Zlob.co
C:\System Volume Information\_restore{0E89CC39-94A7-4880-BEBC-35C89F55B971}\RP228\A0302662.exe Infected: Trojan-Downloader.Win32.Zlob.cj

Scan process completed.
knoxville
Regular Member
 
Posts: 17
Joined: January 12th, 2006, 1:54 pm

Unread postby amateur » January 12th, 2006, 9:10 pm

Hi Knoxville, :)

Good job. :thumbright: The log is clean. :D The Kaspersky scan is clean too. The viruses Kaspersky online scan reported are in the quarantine. They won't harm you as long as they are there, but we are going to clean them out too. I am going to ask you now to press the Windows key and the E key at the same to bring up the Windows Explorer. Then, click to expand the C:/ drive, navigate to and delete everything inside the following folders in bold, not the folders themselves:

C:\Documents and Settings\Katie\.housecall\Quarantine\
C:\Documents and Settings\Katie\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\

Now, let's do some cleaning.

Cleaning up Temporary Files

Close all open windows

Right Click on the Internet Explorer Icon on your Desktop
and select Properties> General Tab

Select Delete Cookies Then OK
Select Delete Files Then OK (Place a check in Delete all offline content)

Drive Cleanup
Now Go to Start> Run and type in
cleanmgr
then ok

Then, use Windows Explorer to clean out ALL the other temp folders on your system (navigate to these folders, use Edit > Select All, press Delete, click Yes): Note: Do not Delete the Folder itself

* C:\Documents and Settings\Your Profile\Local Settings\Temp\
* C:\Documents and Settings\Any other users Profile\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\Any other users Profile\Local Settings\Temp\

* Empty your "Recycle Bin.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure.

Disable and Enable System Restore If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point. Because Windows regularly sets restorepoints, it's very possible that the malware, you have removed, is still present in the System Restore. If you put Windows back to such a restorepoint, this malware will be put back, as well.

This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)
1. Right-click My Computer, and then click Properties.
2. On the System Restore tab, put a check mark in the 'Turn Off System Restore' check box.
3. Click OK, and then click Yes.

4. Restart the computer.
5. Repeat steps 1 - 2, this time clearing the box beside 'Turn Off System Restore', click 'OK'.

Reboot normally.

You can also find instructions on how to disable and re enable system restore here:
Windows XP System Restore Guide

And that's all. But to help protect you against further infections, and also to help prevent criminals using your computer to infect other people's computers on the web, I recommend the following: (You may already have some of the items)

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Avoid illegal sites, because that's where most malware is present.

* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Keep your antivirus-program up-to-date and do regular scans with it. Please make sure that you have only one active antivirus program on your system.
If you haven't got a antivirus, you can download and install one of the following free ones: Make sure that you have only ONE antivirus running on your computer as more than one would cause conflict and render the computer vulnerable.

AntiVir here
AVG Free here
Avast here

It is essential to keep the anti-virus program fully updated. New virus infections are being produced all the time, and unless the program downloads the latest 'definitions', it cannot protect you against the newer versions. If you want to check for updates manually I'd recommended doing so at least once a week. However, a better option is to set the program to download and install updates automatically every time you are connected to the Internet. The first time you use it, please set it to perform a full system scan.
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site <http://windowsupdate.microsoft.com/> to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site <http://office.microsoft.com/officeupdate/maincatalog.aspx?lc=en-us> and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Keep your pestware-scanners up-to-date and do regular scans with them.

To keep your computer free of Spyware, Adware, Hijackers etc., download and install the following free pestware-scanners (if you haven't installed them allready):
AdAware here
Spybot here Remember to "immunize" after each update
Microsoft Antispyware here

Install realtime pestware-scanners and keep them up-to-date.

The following free realtime pestscanners prevent a number of malware-variants from entering your computer, in the first place:

SpywareBlaster here Remember to "enable all protection" after each update.
SpywareGuard here

If you haven't got one, already, install a firewall and keep it up-to-date. Please make sure that you have only one active firewall on your system.

A firewall will prevent unauthorized contact between your computer and internet.
If there is no firewall installed on your computer, you can download and install one of the following free firewalls:
ZoneAlarm here
Sygate here
Kerio Personal Firewall (Will be discontinued as from the end of 2005) here
Outposthere
Important: (Windows XP only) If you install a firewall, be sure to turn off the WinXP-firewall!

Test your firewall here to make sure that it's working properly

Install these programs, to make surfing with Internet Explorer safer:

A popup-blocker, f.e. Google Toolbar here: A popup-blocker prevents popup-windows from opening, when you come along a websites that uses them, during internet-surfing.

IE-SPYAD here: This utility adds a long list of known bad sites to Internet Explorer's Restricted Sites zone. This prevents those sites from executing their malicious programs on your computer.

SiteHound by Firetrust
here:

Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer. (Users of Firefox - a version for you is coming soon.) SiteHound's comprehensive database gathers the knowledge from other users and respected experts from the online security community to tell you which sites are real and which are bogus.

SiteHound will alert you when you enter a site which is known to contain:
· Fraudulent claims or scams
· Offensive material
· Security vulnerabilities
· Spyware or Adware
· Spam related material
· or other content deemed to be unsafe
Specifically, SiteHound blocks these categories:

• Adult • Spyware • Spam Advertising • Phishing • Possible scam or fraud • Misleading or False Advertising
• Pharming • Rogue or Suspect Product • Adware • Malware or Virus

System Requirements:
Internet Explorer 5.5+ and Windows 95/98/NT 4/ME/2000/XP

Install and use an alternative browser to surf on the internet.

Because Internet Explorer is the most-used browser on the planet, most of the hijackers, adware and spyware are made to abuse your computer thru Internet Explorer.
Here are some good alternative browsers:
Mozilla Suite here
Mozilla Firefox here
Opera here
Netscape here
Important: You can not uninstall Internet Explorer.
First of all, it's part of Windows and you'll need it to download and install Windows Updates.
Secondly, There are some sites that are only accessable with Internet Explorer, fe. most of the Online Malware-scanners.

But above all, keep all your software UP-TO-DATE at all time!!

Also, I would recommend reading the excellent advice by Tony Klein: So how did I get infected in the first place

Happy and safe surfing. ;)
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby knoxville » January 13th, 2006, 4:41 am

Thanks!!!! You have been great help :):) I might hang around here and try and help other people with problems :)
I will sort it out later as I have got to go out but will keep you updated. Also, Why does Spybot bring up Smitfraud?

Thanks for everything...I will do another HJT log just to be sure later :)

Thanks again!

Knoxville :)
knoxville
Regular Member
 
Posts: 17
Joined: January 12th, 2006, 1:54 pm

Unread postby amateur » January 13th, 2006, 9:48 am

You're welcome. :) If you are interested in helping other people, this is an excellent place to start learning how. Join the Malware Removal University to become a malware fighter.
I would suggest that you run Spybot again and see if it still flags Smitfraud.c. If it does, I would like to know where it reports it. Please copy and paste it here.
Thanks :)
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby knoxville » January 13th, 2006, 12:31 pm

Hi :) I have done as you say and now doing a Spybot scan.
A minute ago, I had a call from NTL asking if my dads in. NTL is our ISP. Could they be ringing up to say that someone from our computer is sending malware out? Or if the spyware is accessing dodgy sites, could they be ringing us up? :( BTW Dad isnt in at the moment.

Thanks, Knoxville
knoxville
Regular Member
 
Posts: 17
Joined: January 12th, 2006, 1:54 pm

Unread postby knoxville » January 13th, 2006, 1:30 pm

Hi, Spybot found these and wondered what they are..

Windows Security Center.AntiVirusOverride: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

Windows.ActiveDesktop: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1482476501-1993962763-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1

Im pretty sure I deleted something like this yesterday.

Thanks, Knoxville :)
knoxville
Regular Member
 
Posts: 17
Joined: January 12th, 2006, 1:54 pm

Unread postby amateur » January 13th, 2006, 5:11 pm

Hi Knoxville,

A minute ago, I had a call from NTL asking if my dads in. NTL is our ISP. Could they be ringing up to say that someone from our computer is sending malware out? Or if the spyware is accessing dodgy sites, could they be ringing us up?

Based on your latest logs, your computer is clean and cannot be sending any malware, especially if you followed my advice on how to keep your computer clean and safe guidelines.

Windows Security Center.AntiVirusOverride: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0


It's about Windows Seurity System. Setting them to 1 turns off the notifications when your AV software or firewall is not enabled.

Windows.ActiveDesktop: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1482476501-1993962763-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1


It looks like you have tried to make some changes to your desktop wallpaper. It was not changed.

If your initial problems are solved, please let me know so that we can close this thread.

Happy and safe surfing. :)
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby knoxville » January 14th, 2006, 4:18 pm

One more thing....Avast found a virus in system32 :(
It quarantined it but am I safe?
Computers running nice and fast.. There was only one problem last night...It couldnt find a graphics driver and everything went like in safe mode and had to restart :(

Knoxville :)
knoxville
Regular Member
 
Posts: 17
Joined: January 12th, 2006, 1:54 pm

Unread postby NonSuch » January 15th, 2006, 3:55 am

Since avast! quarantined the virus, yes you should be safe. Follow the steps recommended above by amateur and all should be well. :)

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread. If you should develop a new, unrelated issue, please start a new topic.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 12 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware