I'm very computer literate, but even this has got me in a bind.
Recently my mmorpg account was compromised which of course prompted me to clean virus' and such. Since then I have not once typed in my password. Good ole' copy and paste. that was a month ago now I have been receiving emails that a password reset has been requested(not by me) prompting me yet again check my computer. Vundo(Virtumonde) virus was found and has been successfully removed. Four Days Later again a request for a password reset. Now I am thinking WTH. Again scanned my computer and lo and behold smitfraud-c. has been found. I also noticed in my task manager that 2 rundll32.exe file has been running and wasn't there before. I have tried everything to remove it. When I change the name of the file and then delete I no longing have access to my display properties or my security center. I had to find a replacement rundll32.exe file to fix the problem. When I run Spybot S&D and still finds it as a smitfraud-c. I've looked up this virus and the strange thing is that is doesn't affect my system like the description says, to my knowledge, only that I still feel that this virus is being used to steal my private information(from the continued password requests). Here is my hijack this file. Notice the 2 rundll32.exe files running. Those weren't there before. Those Files are what Spybot is identifying as smitfraud-c.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:49, on 12/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
--
End of file - 1456 bytes
I run a very clean system(as you can see from the very short hijack list lol) and only use it for gaming and some internet. I use Spybot S&D, MBAM, RegCure, and CCleaner for PC Health and I run then almost daily now because of this. Please Help Me
New Symptom!! 12-23-08
It seems when I kill the runddl32.exe files after a certain amount of time the critical error sound goes off(just the sound and I think it's that critical error sound) and the rundll32.exe files are back running. It happens maybe like 1-2 hours after killing the process.
Also should I have that many svchost.exe files running? In my task manager I have 7 different svchost.exe files running on startup.
Update!!
Ran another smitfraudfix in safemode, another anti-virus, and another cleaner with no change. here is a screenshot of Spybot still recognizing the virus.
Edited by EldonM, 23 December 2008 - 12:09 PM.