Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32.skynet!


  • Please log in to reply

#1
DanJamin

DanJamin

    New Member

  • Member
  • Pip
  • 1 posts
I've been reading on this thing in other post's. here is the log i get after i have scanned.


SmitFraudFix v2.274

Scan done at 21:15:07.84, Fri 01/18/2008
Run from C:\Documents and Settings\Dan\My Documents\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4233ac08-a2c4-4742-a0b4-83719613d62c}"="grassily"

[HKEY_CLASSES_ROOT\CLSID\{4233ac08-a2c4-4742-a0b4-83719613d62c}\InProcServer32]
@="C:\WINDOWS\system32\ilmpjy.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4233ac08-a2c4-4742-a0b4-83719613d62c}\InProcServer32]
@="C:\WINDOWS\system32\ilmpjy.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8068bf35-3711-4dce-a2f3-f008cecfe894}"="araca"

[HKEY_CLASSES_ROOT\CLSID\{8068bf35-3711-4dce-a2f3-f008cecfe894}\InProcServer32]
@="C:\WINDOWS\system32\afzdbl.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8068bf35-3711-4dce-a2f3-f008cecfe894}\InProcServer32]
@="C:\WINDOWS\system32\afzdbl.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
1.1.1.1 f-secure.com
1.1.1.1 www.f-secure.com
1.1.1.1 ftp.f-secure.com
1.1.1.1 ftp.sophos.com
1.1.1.1 liveupdate.symantec.com
1.1.1.1 customer.symantec.com
1.1.1.1 dispatch.mcafee.com
1.1.1.1 download.mcafee.com
1.1.1.1 rads.mcafee.com
1.1.1.1 mast.mcafee.com
1.1.1.1 my-etrust.com
1.1.1.1 www.my-etrust.com
1.1.1.1 nai.com
1.1.1.1 www.nai.com
1.1.1.1 networkassociates.com
1.1.1.1 secure.nai.com
1.1.1.1 securityresponse.symantec.com
1.1.1.1 service1.symantec.com
1.1.1.1 sophos.com
1.1.1.1 www.sophos.com
1.1.1.1 symantec.com
1.1.1.1 www.symantec.com
1.1.1.1 update.symantec.com
1.1.1.1 updates.symantec.com
1.1.1.1 us.mcafee.com
1.1.1.1 vil.nai.com
1.1.1.1 viruslist.com
1.1.1.1 www.viruslist.com
1.1.1.1 grisoft.com
1.1.1.1 www.grisoft.com
1.1.1.1 free.grisoft.com
1.1.1.1 trendmicro.com
1.1.1.1 housecall.trendmicro.com
1.1.1.1 www.trendmicro.com
1.1.1.1 usa.kaspersky.com
1.1.1.1 zonelabs.com
1.1.1.1 www.zonelabs.com
1.1.1.1 bitdefender.com
1.1.1.1 www.bitdefender.com
1.1.1.1 download.bitdefender.com
1.1.1.1 upgrade.bitdefender.com
1.1.1.1 merijn.org
1.1.1.1 www.merijn.org
1.1.1.1 sysinternals.com
1.1.1.1 www.sysinternals.com
1.1.1.1 onguardonline.gov
1.1.1.1 www.onguardonline.gov
1.1.1.1 avast.com
1.1.1.1 www.avast.com
1.1.1.1 safety.live.com
1.1.1.1 www.paretologic.com
1.1.1.1 paretologic.com
1.1.1.1 virusscan.jotti.org
1.1.1.1 services.google.com
1.1.1.1 www.webroot.com
1.1.1.1 webroot.com

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\Dan\STARTM~1\Programs\VirusProtectPro Deleted
C:\DOCUME~1\Dan\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\Dan\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\Dan\Desktop\Spyware?Malware Protection.url Deleted
C:\DOCUME~1\Dan\FAVORI~1\Online Security Test.url Deleted
C:\DOCUME~1\Dan\FAVORI~1\Error Cleaner.url Deleted
C:\DOCUME~1\Dan\FAVORI~1\Privacy Protector.url Deleted
C:\DOCUME~1\Dan\FAVORI~1\Spyware?Malware Protection.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 68.87.75.194
DNS Server Search Order: 68.87.64.146

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D546A8C6-8A3B-4AA2-8733-A85D929E3437}: DhcpNameServer=68.87.75.194 68.87.64.146
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D546A8C6-8A3B-4AA2-8733-A85D929E3437}: DhcpNameServer=68.87.75.194 68.87.64.146
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D546A8C6-8A3B-4AA2-8733-A85D929E3437}: DhcpNameServer=68.87.75.194 68.87.64.146
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.75.194 68.87.64.146
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.75.194 68.87.64.146
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.75.194 68.87.64.146


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End





now what?
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP