Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan.w32.looksky


  • Please log in to reply

#1
Stellies

Stellies

    New Member

  • Member
  • Pip
  • 1 posts
Can you please help me remove trojan.w32.looksky
Iwas infected today and I am being driven crazy by all the popups. I saw on some of the other forums that I must download smitFraudfix to my desktop and then run it. (search 1). I am desperate for some help and any help will be much appreciated.

The log that I got after running smitFraudfix is as follows:

mitFraudFix v2.223

Scan done at 16:13:08.16, Fri 09/14/2007
Run from C:\Documents and Settings\olivierg\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MICROMINE\Marx\server\CBIOSSrv.srv
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\HLS32SVC.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\WINDOWS\System32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe
C:\Program Files\QPC\QvtNet\bin\Ftpd.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Network Associates\VirusScan\scan32.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\WIN95APL\inetkey\inetkey.exe
C:\Documents and Settings\olivierg\Desktop\install_en.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\main_uninstaller.exe FOUND !
C:\WINDOWS\msmdev.dll FOUND !
C:\WINDOWS\msmhost.dll FOUND !
C:\WINDOWS\nsduo.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\olivierg


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\olivierg\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\olivierg\FAVORI~1

C:\DOCUME~1\olivierg\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\olivierg\FAVORI~1\Privacy Protector.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\olivierg\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\olivierg\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\olivierg\Desktop\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\VideoAccessCodec\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/100 VE Network Connection
DNS Server Search Order: 146.232.128.10
DNS Server Search Order: 146.232.128.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9154BFD6-0959-4E6A-AF5D-DCFB9256741A}: DhcpNameServer=146.232.128.10 146.232.128.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9154BFD6-0959-4E6A-AF5D-DCFB9256741A}: DhcpNameServer=146.232.128.10 146.232.128.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9154BFD6-0959-4E6A-AF5D-DCFB9256741A}: DhcpNameServer=146.232.128.10 146.232.128.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=146.232.128.10 146.232.128.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=146.232.128.10 146.232.128.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=146.232.128.10 146.232.128.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP