Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hijack this not working & smitfraud


  • Please log in to reply

#1
Dagonet

Dagonet

    New Member

  • Member
  • Pip
  • 2 posts
Desperate for help here. I'm working on a friends Win98Se box. My friend managed to get a host of spyware and malware by not running a firewall on a high speed connection. I was able to install spybot and and adaware and remove quite a few gems however I can't download updates for the programs as Internet Explorer is still messed up from smitfraud.c. Browser keeps getting redirected even after removing registry entries related to smitfraud.c.

I was able to use killbox to stop the smitfraud processes however I cannot run Hijack this even in safe mode, I keep getting an kernel32.dll invalid page fault. (My friend tried installing ZoneAlarm and zone alarm gets the same kernel32.dll invalid page fault).

I was able to install AVG with the most recent updates from CD, the scan got rid of more trojans/spy stuff but the browser is still wonky.

The only thing I haven't tried is reinstalling Internet Explorer 6 (I have tried repairing it through add/remove programs, no joy there thanks Microsoft).

I have persuaded my friend to get hardware firewall (better late than never).

I really don't want to reinstall windows. Any ideas?

Thanks!

Edited by Dagonet, 21 April 2005 - 04:38 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 17,344 posts
  • MVP
See if a program called AutoStart Viewer from DiamondCS will work for you:

http://www.diamondcs...p?page=asviewer

Save it then run it then Main, Save and it will save a txt file in the same folder. Post the txt file.

As a last resort it is possible to revert back to the original version of the registry. The files user.dat and system.dat are stored in c:\windows if I remember correctly and in c:\ there were copies of the original user.1st and system.1st. You can make copies of the two .dats then replace them with copies of the .1st. Then on a reboot you had the original windows registry. You can also check in the same folder you may find other user.xxx files .da0 or some such. If you can find a pair of them then they can serve also.

There is an older version of zone alarm floating around. It worked better on 98 than the newer version which really only wants to work on win2K/XP.

http://www.libertyac...etup_37_202.exe

Ron
  • 0

#3
Dagonet

Dagonet

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thank you for your reply. Unfortunately my friend really needed their system up on the weekend so I got his data off and reinstalled everything. Between the viruses and the malware probably the best thing to do anyway, only to be sure I got rid of it all.

I have looked at that tool you suggested on my own machine. Very cool.


Thanks again for the help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP