Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Mrofinu572 and W32/IRCbotworm! [CLOSED]


  • This topic is locked This topic is locked

#1
Speedbumofice

Speedbumofice

    New Member

  • Member
  • Pip
  • 1 posts
Hello, I joined this thread for a virus my little brother got onto are computer and one of my friends suggested this site to help me out. I scanned with smitfraud and I got this. My friend said if I posted that up you'll beable to help. So you know I'm not very computer smart so I might ask more then 1 question. Thanks if you can help me

SmitFraudFix v2.333

Scan done at 14:09:53.21, Fri 08/08/2008
Run from C:Documents and SettingsadamDesktopSmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsFileAgent.exe
C:PROGRA~1COMMON~1AOLACSAOLacsd.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
c:program filesmcafee.comagentmcdetect.exe
c:PROGRA~1mcafee.comagentmctskshd.exe
c:PROGRA~1mcafee.comvsomcvsrte.exe
C:PROGRA~1McAfee.comPERSON~1MPFSERVICE.exe
C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsDeviceConnect.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32hkcmd.exe
C:Program FilesJavaj2re1.4.2_03binjusched.exe
C:Program FilesCyberLinkPowerDVDDVDLauncher.exe
C:Program FilesJavaj2re1.4.2_03binjucheck.exe
C:Program FilesDellMedia ExperienceDMXLauncher.exe
C:WINDOWSsystem32dlatfswctrl.exe
C:Program FilesMusicmatchMusicmatch Jukeboxmm_tray.exe
C:Program FilesMusicmatchMusicmatch Jukeboxmmtask.exe
C:PROGRA~1mcafee.comagentmcagent.exe
c:PROGRA~1mcafee.comvsomcshield.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:PROGRA~1mcafee.comvsomcvsshld.exe
c:progra~1mcafee.comvsomcvsescn.exe
C:PROGRA~1McAfee.comPERSON~1MpfTray.exe
C:Program FilesiTunesiTunesHelper.exe
C:PROGRA~1McAfee.comPERSON~1MpfAgent.exe
C:WINDOWSmrofinu572.exe
C:Program FilesDell SupportDSAgnt.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesAmerica Online 9.0aoltray.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesDigital Line DetectDLG.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSexplorer.exe
C:WINDOWSsystem32msiexec.exe
C:Documents and SettingsadamDesktopSmitfraudFixPolicies.exe
C:WINDOWSsystem32cmd.exe
C:WINDOWSsystem32CSCRIPT.EXE

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:


»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem


»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSWeb


»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32


»»»»»»»»»»»»»»»»»»»»»»»» C:Documents and Settingsadam


»»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsadamApplication Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:DOCUME~1adamFAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDesktopComponents]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 68.87.85.98
DNS Server Search Order: 68.87.69.146
DNS Server Search Order: 68.87.78.130

HKLMSYSTEMCCSServicesTcpip..{3C1D4AA8-D79A-4D25-83C0-5C05FE769C5E}: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130
HKLMSYSTEMCS1ServicesTcpip..{3C1D4AA8-D79A-4D25-83C0-5C05FE769C5E}: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130
HKLMSYSTEMCS3ServicesTcpip..{3C1D4AA8-D79A-4D25-83C0-5C05FE769C5E}: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130
HKLMSYSTEMCCSServicesTcpipParameters: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130
HKLMSYSTEMCS1ServicesTcpipParameters: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130
HKLMSYSTEMCS3ServicesTcpipParameters: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

That is not the log we need.

Please read this topic and post your HijackThis log here when ready.
  • 0

#3
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP