Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hijack this not working & smitfraud

Started by Dagonet , Apr 21 2005 04:29 PM

  • Please log in to reply

#1
Dagonet
Posted 21 April 2005 - 04:29 PM

Dagonet

    New Member

  • Member
  • Pip
  • 2 posts
Desperate for help here. I'm working on a friends Win98Se box. My friend managed to get a host of spyware and malware by not running a firewall on a high speed connection. I was able to install spybot and and adaware and remove quite a few gems however I can't download updates for the programs as Internet Explorer is still messed up from smitfraud.c. Browser keeps getting redirected even after removing registry entries related to smitfraud.c.

I was able to use killbox to stop the smitfraud processes however I cannot run Hijack this even in safe mode, I keep getting an kernel32.dll invalid page fault. (My friend tried installing ZoneAlarm and zone alarm gets the same kernel32.dll invalid page fault).

I was able to install AVG with the most recent updates from CD, the scan got rid of more trojans/spy stuff but the browser is still wonky.

The only thing I haven't tried is reinstalling Internet Explorer 6 (I have tried repairing it through add/remove programs, no joy there thanks Microsoft).

I have persuaded my friend to get hardware firewall (better late than never).

I really don't want to reinstall windows. Any ideas?

Thanks!

Edited by Dagonet, 21 April 2005 - 04:38 PM.

  • 0

Advertisements

#2
RKinner
Posted 25 April 2005 - 03:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
See if a program called AutoStart Viewer from DiamondCS will work for you:

http://www.diamondcs...p?page=asviewer

Save it then run it then Main, Save and it will save a txt file in the same folder. Post the txt file.

As a last resort it is possible to revert back to the original version of the registry. The files user.dat and system.dat are stored in c:\windows if I remember correctly and in c:\ there were copies of the original user.1st and system.1st. You can make copies of the two .dats then replace them with copies of the .1st. Then on a reboot you had the original windows registry. You can also check in the same folder you may find other user.xxx files .da0 or some such. If you can find a pair of them then they can serve also.

There is an older version of zone alarm floating around. It worked better on 98 than the newer version which really only wants to work on win2K/XP.

http://www.libertyac...etup_37_202.exe

Ron
  • 0

#3
Dagonet
Posted 25 April 2005 - 03:35 PM

Dagonet

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thank you for your reply. Unfortunately my friend really needed their system up on the weekend so I got his data off and reinstalled everything. Between the viruses and the malware probably the best thing to do anyway, only to be sure I got rid of it all.

I have looked at that tool you suggested on my own machine. Very cool.


Thanks again for the help.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP