Smitfraud-C. Help [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Smitfraud-C. Help [RESOLVED], Smitrem,AVG,SS&D,Microsoft,Kerio,Ewido

Options

Ginga_Wolf View Member Profile	Aug 3 2005, 02:09 PM Post #1
Member Posts: 14 OS: XP	Hi, Ive been running my antispyware and virus programs for the past two days trying to clean off this smitfraud problem, I have even used Smitrem and that cant seem to find it either. I have ran Ewido, SS&D and Smitrem all in Safe mode to try and remove these problems the only program picking up on the problem is SS&D and that says there are 45entries but cant remove any of them even on start up. I need help removing this as I have my suspicions its causing BF2 to play faulty. Help would be greatly appreciated as I ave trid all in my knowledge and also looked at some of the posts here but nothing is helping. Ill post the SS&D log to show this: Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.niger.ru\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.6o9.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webpidor.biz\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vv7.al.57e.net\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\visitfriend.net\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\veryeasysearch.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\v-224.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u48.cc\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u47.cc\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u46.cx\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\u45.cx\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracktraff.cc\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracking.allposters.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trackhits.cc\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\toprefsys.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\terra.hcworld.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t34rulit.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s2.kav.cc\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.tempx.cc\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.remove.cc\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rf104.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\new.8ad.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\meetyourfriend.biz\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\makechoice.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\love-catalog.net\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greg-tut.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ga31.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\[bleep]-[bleep].org\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ewizard.cc\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\e-finder.cc\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dl.ad-ware.cc\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\datingforlove.org\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crl.thawte.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bin.wordsx.cc\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\awmdabest.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adulthell.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\75tz.com\!=W=4 Smitfraud-C.: User settings (Registry change, nothing done) HKEY_USERS\S-1-5-21-606747145-838170752-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\20x2p.com\*!=W=4 --- Spybot - Search && Destroy version: 1.3 --- 2005-04-26 Includes\Cookies.sbi 2005-07-22 Includes\Dialer.sbi 2005-07-22 Includes\Hijackers.sbi 2005-06-23 Includes\Keyloggers.sbi 2004-11-29 Includes\LSP.sbi 2005-07-22 Includes\Malware.sbi 2005-07-22 Includes\PUPS.sbi 2005-04-27 Includes\Revision.sbi 2005-07-22 Includes\Security.sbi 2005-07-19 Includes\Spybots.sbi 2005-02-17 Includes\Tracks.uti 2005-07-22 Includes\Trojans.sbi Hijack this doesnt seem to find it anyway but I will post its log: Logfile of HijackThis v1.99.1 Scan saved at 13:55:57, on 03/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\asuskbservice.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe F:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe F:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "f:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Xfire.lnk = F:\Program Files\Xfire\Xfire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Microsoft AntiSpyware helper - {794BA9E7-1774-4087-B4AF-1FBC777B16F7} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {794BA9E7-1774-4087-B4AF-1FBC777B16F7} - (no file) (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - F:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Posts in this topic

Ginga_Wolf Smitfraud-C. Help [RESOLVED] Aug 3 2005, 02:09 PM

coachwife6 tampabelle just cleaned you up a few weeks ago. h... Aug 8 2005, 10:08 AM

Ginga_Wolf Smitfraud happened. And there doesnt seem to be a... Aug 8 2005, 12:10 PM

tampabelle Hi Gina, Lets try this - Download smitRem.exe a... Aug 9 2005, 07:27 AM

Ginga_Wolf I have done everything you have said. Apart from p... Aug 9 2005, 01:02 PM

tampabelle Please do a scan with Spybot S&D and let me kn... Aug 9 2005, 01:38 PM

Ginga_Wolf There is a SS&D scan in there with all the oth... Aug 9 2005, 04:45 PM

tampabelle Hi Gina, What is your PC's configuration ?? Aug 9 2005, 04:58 PM

Ginga_Wolf What do u mean by configuration my specs? *Note* ... Aug 9 2005, 07:15 PM

tampabelle Hi Ginga, Yes the specs, like the processor, hard... Aug 10 2005, 05:15 AM

Ginga_Wolf Windows Xp SP2 AMD Sempron 3000+ (2.02GHZ) 512 Ra... Aug 10 2005, 06:24 AM

tampabelle Hi Ginga, Your RAM is only 512 MB. While it is ... Aug 10 2005, 06:41 AM

Ginga_Wolf Hi Yes I was contemplating that but a graphics ca... Aug 10 2005, 06:55 AM

tampabelle Hi Ginga, Can you install the games again ??? Cha... Aug 11 2005, 09:45 AM

Ginga_Wolf Ive reinstalled them both already and it made no d... Aug 14 2005, 12:38 PM

tampabelle Hi Ginga, Before you buy the components, Can you... Aug 14 2005, 03:15 PM

Ginga_Wolf ok I will do And thanks again for the help s... Aug 14 2005, 04:09 PM

tampabelle Since this issue appears to be resolved ... this T... Aug 14 2005, 07:11 PM

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Smitfraud help[RESOLVED]	18 / 6,511	11th May 2005 - 05:32 PM cornovii started - last by Michelle
Virus, Spyware and Trojan Removal Trojan-spy.HTML.Smitfraud.c Help [RESOLVED]	16 / 1,351	6th July 2005 - 03:30 PM ldude69000 started - last by Excal
Virus, Spyware and Trojan Removal smitfraud.C help [resolved]	11 / 752	16th August 2005 - 09:49 AM BMM started - last by coachwife6
Virus, Spyware and Trojan Removal Help Removing Smitfraud-c.coreservice [RESOLVED]	14 / 698	3rd December 2008 - 03:33 PM Sazerac started - last by Rorschach112