Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Smitfraud and stealth virus

  • This topic is locked This topic is locked




  • Member
  • PipPip
  • 36 posts
Hi Geeks!!!

I got that terrible smitfraud.c and I did everythinh thats is said to do. All the steps with the antivirus and the spyware removers. I suceed in restoring my wallpapers back by deleting the wp.exe, wp.bmp the system key in regedit, however the red icon with the white "x" is still there creating new desktop icons and acessing adult web pages. It send some messages saying that my system is in danger, is being attacked and that a stealth hjack virus is infecting my pc. So, I´d be very gald and thankfull is anyone could help me.

Thanks in advance!!!!
  • 0





  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Logfile of HijackThis v1.99.1
Scan saved at 20:15:15, on 18/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe
C:\Arquivos de programas\FaxTalk Communicator\FTCtrl32.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Palm\HOTSYNC.EXE
C:\Arquivos de programas\FaxTalk Communicator\FAPIEXE.EXE
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\DNS\Meus documentos\Mike\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/ad0278/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsof...ss/allinone.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com
O1 - Hosts: lycos.com
O1 - Hosts: www.lycos.com
O1 - Hosts: altavista.com
O1 - Hosts: www.altavista.com
O1 - Hosts: amazon.com
O1 - Hosts: www.amazon.com
O1 - Hosts: aol.com
O1 - Hosts: www.aol.com
O1 - Hosts: earthlink.net
O1 - Hosts: www.earthlink.net
O1 - Hosts: ebay.com
O1 - Hosts: www.ebay.com
O1 - Hosts: go.com
O1 - Hosts: www.go.com
O1 - Hosts: icq.com
O1 - Hosts: www.icq.com
O1 - Hosts: lycos.com
O1 - Hosts: www.lycos.com
O1 - Hosts: www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [CallControl 4.5] C:\Arquivos de programas\FaxTalk Communicator\FTCtrl32.exe /autoload
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winhelp] winhlp16.exe
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Arquivos de programas\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - Startup: Gerenciador do HotSync.lnk = C:\Arquivos de programas\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {4A42257C-1005-4242-80E3-51F0B89D0424} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4A42257C-1005-4242-80E3-51F0B89D0424} - (no file) (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {329D10B1-1C70-11D6-B49A-0040C7A63343} (ChatWebX Control) - http://servers.centr...web/ChatWeb.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAF9C199-BDB2-4818-B6F1-C56EC4FD09C4}: NameServer =
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spooler de impressão (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
  • 0



    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Duplicate post.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP