Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smitfraud Trojan[RESOLVED]


  • This topic is locked This topic is locked

#46
longlivemonkeys

longlivemonkeys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
New problem: msole32 WON'T DELETE! I "deleted" it in Killbox copying and pasting the exact file. Then I rebooted, and yet again msole32 is running in Task Manager. Here's my logfile:

Logfile of HijackThis v1.99.1
Scan saved at 22:00:59, on 29/04/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\MSOLE32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\MCBIN\AV\RT\MGAVRTCL.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\RunDLL.exe
C:\Program Files\Hewlett-Packard\HP PSC 500 98\scanning\Hpodlb08.exe
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\A.C\SCROLL-IN-MOUSE V2.0\SCROLL.EXE
C:\WINDOWS\MCBIN\AV\RT\MGAVRTE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AOL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SemTop!] C:\PROGRAM FILES\SEMARGL\SEMTOP!\SEMTOP!.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: HP ODLB08.lnk = C:\Program Files\Hewlett-Packard\HP PSC 500 98\scanning\Hpodlb08.exe
O4 - Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Scroll-In-Mouse V2.0.lnk = C:\Program Files\A.C\Scroll-In-Mouse V2.0\Scroll.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
  • 0

Advertisements


#47
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Download and install Ewido from: http://www.ewido.net/en/

Use it to do a full system scan.

Keep us posted,
  • 0

#48
longlivemonkeys

longlivemonkeys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
My PC won't install Ewido as it needs Windows 2000. Is there another program I can use?
  • 0

#49
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Then download a free trial of TDS3 from here:
http://tds.diamondcs...x.php?page=home
Update as described here:
http://tds.diamondcs...php?page=update
When that is ready click System Testing > Full sytem scan
Delete everything it gives you a positive identification on.

Regards,
  • 0

#50
longlivemonkeys

longlivemonkeys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Sorry it took so long, but my PC's running fine now and all the Trojan files have been deleted successfully. Thanks a lot :-D

Just one thing though - the format of Display, Properties, Background has changed, and now there is no option to stretch the picture to fit the background. I can only use Tile and Center. Is there any way I can get it back to how it was? This isn't imperative so just reply when you can.

Thanks again.
  • 0

#51
longlivemonkeys

longlivemonkeys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hello? Any suggestions how I can get my old display format back? As I said I've totally lost the "stretch" setting. Also, in the Wallpaper drop-down menu there used to be all the files in "My Pictures" automatically there. This has also gone. Help? I have been rather patient lol
  • 0

#52
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
If you rightclick the desktop > Properties > Do you have a Desktop tab?
if so there should be a button called Adapt/change sorry I have to guess, my computer is not running an english windows version Desktop

This will open another screen with a Reset Settings button.
Does using that one help?

Regards,
  • 0

#53
longlivemonkeys

longlivemonkeys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Nope, there's no Desktop tab unfortunately. There is a Background tab, but this only gives the option of changing wallpaper.
  • 0

#54
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Please make a restore point before you do this. This fix is for XP, but I think it should work for me as well. But I could be wrong and I want you to have someting to go back to if I missed something.

Copy the part below into notepad and save it as resttabs.reg

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=hex:00,00,00,00
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"SetVisualStyle"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"ThemeActive"="1"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,72,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,\
00,54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,6c,00,75,00,6e,00,61,00,5c,00,\
6c,00,75,00,6e,00,61,00,2e,00,6d,00,73,00,73,00,74,00,79,00,6c,00,65,00,73,\
00,00,00


Doubleclick that file and confirm you want to merge it with the registry.
Reboot and see if you have a Desktop tab now.

Courtesy of the regfile: Kellys-Korner

Regards,
  • 0

#55
longlivemonkeys

longlivemonkeys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
A restore point? Sorry, I'm a bit slow lol
  • 0

Advertisements


#56
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
http://www.winbookco...BTA10000100.htm

Regards,
  • 0

#57
longlivemonkeys

longlivemonkeys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Thank you! It worked and my display is back to normal :-D thanks for your help Pieter!
  • 0

#58
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

Please do have a look at my site about removing and preventing spyware.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP