Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

spyware/malware. smitfraud is machine ok? [RESOLVED]


  • This topic is locked This topic is locked

#16
Stamper19

Stamper19

    Expert

  • Expert
  • 1,992 posts
Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u7-windows-i586-p.exe and select "Run as an Administrator.")

  • 0

Advertisements


#17
moose1

moose1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, July 27, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, July 27, 2008 17:20:55
Records in database: 1014801
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 76288
Threat name: 8
Infected objects: 16
Suspicious objects: 0
Duration of the scan: 02:27:41


File name / Threat name / Threats count
C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix\IEDFix.C.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix\IEDFix.exe Infected: Hoax.Win32.Renos.vaoz 1
C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe Infected: Hoax.Win32.Renos.vaoz 2
C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Compaq_Owner\Shared\04 Track 4.wma Infected: Trojan-Downloader.WMA.Wimad.d 1
C:\Documents and Settings\Compaq_Owner\Shared\celebrity stocker.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Compaq_Owner\Shared\Saving Abel (2008).wma Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Documents and Settings\Compaq_Owner\Shared\Saving Abel - She Got Over Me(1).mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Compaq_Owner\Shared\Saving Abel- She got over me.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\Compaq_Owner\Shared\Top of Charts - 2003.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\Compaq_Owner\Shared\Top of Charts - 2004.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\Compaq_Owner\Shared\Top of Charts - 2005.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4PUJ8XQR\update[1].upd Infected: Rootkit.Win32.Clbd.bj 1
D:\I386\Apps\APP01255\src\HPSummer2005.exe Infected: not-a-virus:AdWare.Win32.MyWay.j 1

The selected area was scanned.
  • 0

#18
Stamper19

Stamper19

    Expert

  • Expert
  • 1,992 posts
Lets delete some ill mannered files.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\Compaq_Owner\Shared\04 Track 4.wma
    C:\Documents and Settings\Compaq_Owner\Shared\celebrity stocker.mp3
    C:\Documents and Settings\Compaq_Owner\Shared\Saving Abel (2008).wma
    C:\Documents and Settings\Compaq_Owner\Shared\Saving Abel - She Got Over Me(1).mp3
    C:\Documents and Settings\Compaq_Owner\Shared\Saving Abel- She got over me.mp3
    C:\Documents and Settings\Compaq_Owner\Shared\Top of Charts - 2003.wma
    C:\Documents and Settings\Compaq_Owner\Shared\Top of Charts - 2004.wma
    C:\Documents and Settings\Compaq_Owner\Shared\Top of Charts - 2005.wma
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4PUJ8XQR\update[1].upd
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Also, let me know how the computer is running.
  • 0

#19
moose1

moose1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
C:\Documents and Settings\Compaq_Owner\Shared\04 Track 4.wma moved successfully.
C:\Documents and Settings\Compaq_Owner\Shared\celebrity stocker.mp3 moved successfully.
C:\Documents and Settings\Compaq_Owner\Shared\Saving Abel (2008).wma moved successfully.
C:\Documents and Settings\Compaq_Owner\Shared\Saving Abel - She Got Over Me(1).mp3 moved successfully.
C:\Documents and Settings\Compaq_Owner\Shared\Saving Abel- She got over me.mp3 moved successfully.
C:\Documents and Settings\Compaq_Owner\Shared\Top of Charts - 2003.wma moved successfully.
C:\Documents and Settings\Compaq_Owner\Shared\Top of Charts - 2004.wma moved successfully.
C:\Documents and Settings\Compaq_Owner\Shared\Top of Charts - 2005.wma moved successfully.
< C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4PUJ8XQR\update[1].upd >
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4PUJ8XQR\update[1].upd moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07272008_133008


computer seems to be running much better. The only difference I notice is that when I download a file the computer pops up the download box and what was downloaded is not there it just automatically goes to desktop. it used to have the option I believe to delete or all the downloaded items could be 'cleaned-up'.
  • 0

#20
Stamper19

Stamper19

    Expert

  • Expert
  • 1,992 posts

computer seems to be running much better. The only difference I notice is that when I download a file the computer pops up the download box and what was downloaded is not there it just automatically goes to desktop. it used to have the option I believe to delete or all the downloaded items could be 'cleaned-up'.

Not quite following you here. What exactly do you mean by the option to delete or clean up? I am not even certain what the latter is pertaining to. Is that from a particular program? It does not strike me as a normal windows function...
  • 0

#21
moose1

moose1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
nothing I am too concerned with. previously when I downloaded something windows popped up a box that was named 'download'. inside that box would be the program/item downloaded and to the far right you could choose to open or delete. it would save all your downloaded items until you would click 'clean-up' on the bottom right outside the box. what the machine is doing now is that the download box pops up but it does not show the items 'downloaded'. again I am not too concerned with the appearance of this as all seems to run much better.
  • 0

#22
Stamper19

Stamper19

    Expert

  • Expert
  • 1,992 posts
Hi Moose1,

Not sure about the issue you are describing. It sounds to me like it may be related to a particular program that provided those features. As it is not malware related, you might consider posting a messeage here in the Windows XP forum where one of the techs might be able to provide further assistance. If you do post there be sure to mention that your machine has been cleared of malware.

On that note - Congrats - your logs are all clean :)

There are still a couple of things you should do for the sake of cleaning up.

---------------------------------------------------------------

Lets delete all the tools we downloaded.
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

----------------------------------------------------------------

Please clear and reset your system restore points.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405

----------------------------------------------------------------

Otherwise, unless you have any questions, you are all set. Included below are some tips for keeping your computer malware free in the future.

Cheers,
Stamper :)

----------------------------------------------------------------

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

  • 0

#23
moose1

moose1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Stamper. thank you very much for all your help. I appreciate you sharing your knowledge and help.
  • 0

#24
Stamper19

Stamper19

    Expert

  • Expert
  • 1,992 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP