Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan-spy.HTML.smitfraud.c has infected me. HELP


  • Please log in to reply

#1
axisintact

axisintact

    New Member

  • Member
  • Pip
  • 3 posts
:tazz: Greetings.
I am new to this process so please bear with me. My desktop is blue with the standard security warning regarding IE and smitfraud.c. I have read the other posts regarding this issue and did my best to follow instructions, but when I go to download killbox, the site tells me i am not allowed to do this. i have used my entire arsenal of tools (adaware, stinger, xcleaner,spybot, spydoctor, microsoft antspyware, and the free AVG!--ALL UPDATED!) yet, the bluescreen and warning remain.
I am usually quite effective when it comes to scanning and cleaning my system, however, when it comes to the intricacies of the process, I am analagous to the chimpanzee playing with a crashed UFO (most of it makes no sense to my feeble brain). Please help me!

Here is my hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 10:37:52 AM, on 4/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\wp.exe
C:\lotus\organize\easyclip.exe
C:\lotus\smartctr\smartctr.exe
C:\lotus\smartctr\suitest.exe
C:\Program Files\SHARP\PixLab Lite Pack\SCPopup.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\DigiDownloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.angulounlimited.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.angulounlimited.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunServices: [ZipGenius Clean] "C:\WINDOWS\zg.exe" -cleantemp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 - Global Startup: Lotus QuickStart.lnk = ?
O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: SCPopup.lnk = C:\Program Files\SHARP\PixLab Lite Pack\SCPopup.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Microsoft AntiSpyware helper - {5671830E-432F-4F36-937F-F11B66957BFE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5671830E-432F-4F36-937F-F11B66957BFE} - (no file) (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://pcpitstop.com...cpConnCheck.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093398226028
O16 - DPF: {9E6C7461-FE4A-41A9-9D35-7468796CF9E7} (AVXControl Class) - http://threatlevel.p...trol/avxnew.dll
O16 - DPF: {BCD5A227-8720-497B-AF5F-4403E94342E3} (CDDM Object) - https://netservices..../DSLControl.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com...irus/PitPav.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
  • 0

Advertisements


#2
axisintact

axisintact

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Some additional info, if needed:
I am using mozilla firefox.
I just downloaded killbox but have not opened it yet pending a reply.
pc pitstop doesn't identify this trojan.
I attempted to follow another thread's instructions for xp, and there was no "teatimer" in my spybot system startup.
I am quite confused. :tazz:
  • 0

#3
axisintact

axisintact

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
[B][COLOR=red] ;) Thanks for the non-help.
I figured it out on my own.
Things are running smooth.
:tazz: ;)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP