Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan.w32.looksky

Started by Stellies , Sep 14 2007 08:32 AM

  • Please log in to reply

#1
Stellies
Posted 14 September 2007 - 08:32 AM

Stellies

    New Member

  • Member
  • Pip
  • 1 posts
Can you please help me remove trojan.w32.looksky
Iwas infected today and I am being driven crazy by all the popups. I saw on some of the other forums that I must download smitFraudfix to my desktop and then run it. (search 1). I am desperate for some help and any help will be much appreciated.

The log that I got after running smitFraudfix is as follows:

mitFraudFix v2.223

Scan done at 16:13:08.16, Fri 09/14/2007
Run from C:\Documents and Settings\olivierg\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MICROMINE\Marx\server\CBIOSSrv.srv
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\HLS32SVC.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\WINDOWS\System32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe
C:\Program Files\QPC\QvtNet\bin\Ftpd.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Network Associates\VirusScan\scan32.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\WIN95APL\inetkey\inetkey.exe
C:\Documents and Settings\olivierg\Desktop\install_en.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\main_uninstaller.exe FOUND !
C:\WINDOWS\msmdev.dll FOUND !
C:\WINDOWS\msmhost.dll FOUND !
C:\WINDOWS\nsduo.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\olivierg


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\olivierg\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\olivierg\FAVORI~1

C:\DOCUME~1\olivierg\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\olivierg\FAVORI~1\Privacy Protector.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\olivierg\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\olivierg\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\olivierg\Desktop\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\VideoAccessCodec\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/100 VE Network Connection
DNS Server Search Order: 146.232.128.10
DNS Server Search Order: 146.232.128.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9154BFD6-0959-4E6A-AF5D-DCFB9256741A}: DhcpNameServer=146.232.128.10 146.232.128.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9154BFD6-0959-4E6A-AF5D-DCFB9256741A}: DhcpNameServer=146.232.128.10 146.232.128.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9154BFD6-0959-4E6A-AF5D-DCFB9256741A}: DhcpNameServer=146.232.128.10 146.232.128.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=146.232.128.10 146.232.128.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=146.232.128.10 146.232.128.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=146.232.128.10 146.232.128.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP