Trojan-spy.html.smitfraud.c [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Trojan-spy.html.smitfraud.c [RESOLVED]

Options

cryptopsy View Member Profile	Jul 3 2005, 05:02 AM Post #1
Member Posts: 23 OS: Windows 98	Hi, a couple of days ago my computer got infected with this trojan. I have gone through the required steps before posting my hijackthis log. By using the various spyware/adware tools i have now reset my homepage to its usual one, and the background, appearance and effects tabs are available again under my display properties so i can set my desktop wallpaper via the usual way. I am still receiving popups though, like i was after i first got infected with the trojan. Your help in getting rid off these annoying popups and making sure my computer is clean would be greatly appreciated . My hijackthis log is as follows: Logfile of HijackThis v1.99.1 Scan saved at 22:49:54, on 3/07/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\RUNDLL32.EXE C:\PROGRAM FILES\MOUSE\AMOUMAIN.EXE C:\WINAMP.EXE C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\GEOFF\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank O1 - Hosts: 64.91.255.87 www.dcsresearch.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [NInit] C:\Program Files\Norton SystemWorks\Norton Uninstall\NINIT.EXE O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot O4 - HKLM\..\Run: [DLF_00001000] C:\WINDOWS\SYSTEM\Vcdlf.exe /c O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe O4 - HKLM\..\Run: [JVM0.14] C:\WINAMP.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [TVWatch] C:\WINDOWS\SYSTEM\TVWatch.exe O4 - HKLM\..\RunServices: [MSys32] C:\PROGRA~1\TETRIS~1\morfitwebentrance.exe O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs6.chat.yahoo.com/v/yacscom.cab O16 - DPF: {B3AA2F6B-6BAF-11D3-BA05-00C0F0322972} - http://209.132.223.150/videodownload/uncensored_sex.exe O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.fhm.com/girls/zoomify/download/zoomify138.cab O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/wdriver...wave/wtinst.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!http://www.awmdabest.com/bltd/114.chm::/file.exe

Posts in this topic

cryptopsy Trojan-spy.html.smitfraud.c [RESOLVED] Jul 3 2005, 05:02 AM

rambro Dear cryptopsy, Welcome to the Geeks to Go foru... Jul 17 2005, 03:58 PM

rambro Dear cryptopsy, You may want to print out these... Jul 17 2005, 04:37 PM

cryptopsy Thank you for replying to my post. I actually now ... Jul 18 2005, 09:34 PM

rambro Dear cryptopsy, Try this, from this link: http... Jul 18 2005, 11:19 PM

cryptopsy Thanks for responding quickly. After running the s... Jul 18 2005, 11:56 PM

cryptopsy Ok, sorry if i sounded a bit stupid in my last pos... Jul 19 2005, 12:23 AM

rambro Dear cryptopsy, I was looking over the last two... Jul 19 2005, 10:26 AM

cryptopsy Ok, i managed to successfully restore the files us... Jul 19 2005, 10:02 PM

cryptopsy I was looking over some related posts on msvbvm60.... Jul 19 2005, 11:57 PM

rambro Dear cryptopsy, You may want to print out these... Jul 20 2005, 09:06 AM

rambro Dear cryptopsy, (Note: Do the following steps i... Jul 20 2005, 09:08 AM

cryptopsy Thank you again for responding quickly. Firstly, i... Jul 21 2005, 12:03 AM

cryptopsy Don't know whether this matters but extra info... Jul 21 2005, 03:53 AM

rambro Dear cryptopsy, You may want to print out these... Jul 21 2005, 09:15 AM

rambro Dear cryptopsy, (Note: Do the following steps i... Jul 21 2005, 09:22 AM

cryptopsy I downloaded and ran killbox with no problems. The... Jul 21 2005, 11:39 PM

rambro Dear crytopsy I would like you to generate a ... Jul 22 2005, 05:31 AM

cryptopsy Cheers, i really appreciate the work you have been... Jul 22 2005, 07:21 AM

rambro Dear cryptopsy, When you restore the "winin... Jul 22 2005, 07:53 AM

rambro Dear cryptospy, Please go to Start -> Progra... Jul 22 2005, 09:25 AM

cryptopsy Here are the wininet.dll file details: File versi... Jul 22 2005, 11:55 PM

rambro Dear cryptospy, Read this post over a couple of ... Jul 23 2005, 04:57 AM

cryptopsy In response to your first question i have been res... Jul 23 2005, 06:39 PM

rambro Dear cryptospy, Since you are using an older ver... Jul 23 2005, 07:43 PM

cryptopsy I reinstalled Internet explorer and i can now go t... Jul 24 2005, 11:09 PM

rambro Dear cryptospy, Here's some recommended chan... Jul 25 2005, 12:09 AM

rambro Dear cryptopsy, I would like you to run the foll... Jul 25 2005, 12:16 AM

rambro Dear cryptopsy, Restart your computer and then ... Jul 25 2005, 05:47 AM

cryptopsy I changed the internet explorer settings as direct... Jul 25 2005, 10:40 PM

rambro Dear cryptopsy, I want to try to get the SilentR... Jul 26 2005, 10:06 AM

rambro Dear cryptopsy On second thought, don't execu... Jul 26 2005, 10:46 AM

cryptopsy I have read your last two pasts and not executed a... Jul 26 2005, 09:42 PM

cryptopsy I was looking in my c drive and noticed the folder... Jul 26 2005, 10:41 PM

rambro Dear cryptopsy, I would like you to do a furthe... Jul 27 2005, 12:04 AM

rambro Had trouble posting the last post. Jul 27 2005, 12:06 AM

rambro Had trouble posting the last post. Jul 27 2005, 12:08 AM

cryptopsy My computer is still running fine. After using spy... Jul 27 2005, 10:56 PM

rambro Dear cryptopsy, Please rerun the MWAV antivirus... Jul 28 2005, 05:28 AM

cryptopsy My computer is running fine. Here is my mwav log: ... Jul 28 2005, 08:58 PM

rambro Dear cryptopsy, I would like you to download a ... Jul 28 2005, 10:23 PM

cryptopsy My computer is running fine. Here is my mwav log: ... Jul 30 2005, 10:36 PM

rambro Dear cryptopsy, You may want to print out these i... Jul 31 2005, 09:23 AM

cryptopsy I deleted the specified files using killbox and th... Jul 31 2005, 11:45 PM

rambro Dear cryptopsy, Your HijackThis log is clean. ... Aug 1 2005, 08:16 AM

cryptopsy Cheers, thanks a lot for all your help it is much ... Aug 1 2005, 07:32 PM

rambro Since this issue appears to be resolved ... this T... Sep 19 2005, 02:01 PM

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal trojan-spy.html.smitfraud.c [RESOLVED]	8 / 1,194	12th November 2005 - 10:01 AM dnulnoj started - last by Michelle
Virus, Spyware and Trojan Removal Trojan-Spy.HTML.Smitfraud.c [RESOLVED]	10 / 3,573	13th August 2005 - 08:13 AM hunterwang started - last by greyknight17
Virus, Spyware and Trojan Removal Blue screen / Trojan-spy.HTML.smitfraud.c [RESOLVED]	18 / 5,388	22nd August 2005 - 10:04 PM johanvd started - last by Michelle
Virus, Spyware and Trojan Removal Trojan-Spy.HTML.Smitfraud.c [RESOLVED]	16 / 1,913	10th September 2005 - 05:57 AM RecoDesign started - last by LostAccount