Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smitfraud trojan


  • This topic is locked This topic is locked

#1
steelhead

steelhead

    New Member

  • Member
  • Pip
  • 4 posts
UPDATE: 5/8/05 Downloaded and installed some WINDOWS Updates and the system allowed me to run a HiJack This scan which I saved. Re-downloaded the Ad Aware program and it still won't install, the wizard doesn't work.

Is it possible to work from a HiJack This scan only? If not, any suggestions on how to make the the AdAware or other programs run?

steelhead




HELP! I've been reading the posts on this topic because this trojan showed up on my computer several weeks ago. I downloaded the AdAware, CWShredder, Spybot S&D, Housecall, Pandasoftware, TDS-3, Windows Updates, SpyDoctor, and Hijack This from your site and saved them into a separate file; the HiJack This is in its own folder.

With the exception on CWShredder, none of these program will install much less run. CWShredder didn't find any infection by that virus. I continue to receive messages such as C:\WINDOWS\TEMP\*******\tmp setup denied or file is in use by another program. Asterisks signify any one of a variety of files similar to \is-F5D5 or \is-S5BCQ. The AdAware file wizard is in use by another program \~GLC1034.TMP.

Tried running 'scannow' but START RUN can not find sfc.exe file. Browsed for file and it doesn't seem to exist. Tried running the same thing in SAFE MODE with the same results. Can't install or delete any programs and haven't had any success in using the recovery disc because there seems to be a problem with the boot up from the CD ROM.

Ran a McAfee virus scan and it took about three hours and scanned 54,000 files. Looked like 1/3 of theose were in the C:\TEMP and most had a .gif file extension; when I look in C:\TEMP there are no files, folders etc. Tried showing hidden files and folders with same results.

I know you need a posting of the log so if you can tell me how to accomplish running one, I'll gladly provide it.

Thank you for your assistance.

steelhead

Edited by steelhead, 09 May 2005 - 05:39 AM.

  • 0

Advertisements


#2
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi steelhead,

Welcome to Geeks 2 Go. Sorry about the delay in getting to your post, we have been very busy.

Do you still require help or are your problems resolved.

Please let me know and if you still require assistance, please post a fresh HJT log.

Regards,

Usetobe
  • 0

#3
steelhead

steelhead

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
USETOBE: Thanks for the response; figured you were really busy.

On the smitfraud problem, I've downloaded HiJack This twice on my computer and on a different machine with SAVE to floppy disc. I had it run once and have the log but can not get it to run again.; I get an "Invalid Picture" screen when I try to run.

Unfortunately, I added to my problems with a Windows Update Install which I believe to be another Trojan. I get different sites popping up when I try to change sites in Explorer.

If you still wish to help, I could use some directions on how to run a Disc Format. I only have a minimal of inormation that would be lost. I didn't care enough to back it up so I can afford to lose it!!!

Thanks.

Steelhead
  • 0

#4
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Steelhead, lets try a few things first before we take the reformatt route.

Make sure you unzip HJT to it's own folder.

Have you tried to run HJT in SAFE MODE? Tap F8 key whilst PC starts up and select SAFE MODE. See if it will run.

Try the following online virus scans to see if any of these will run.

Kaspersky

Trend

Panda Activescan

Bitdefender

F-secure

Also try this Please download the free MWAV antivirus tool from here:
ftp://ftp.microworldsystems.com/download/tools/mwav.exe

This scan might take around 3+ hours to finish when set to scan everything. I need you to run MWav, put a check next to below items before scanning:

*Memory
*Startup Folders
*Drive - All Local Drives
*Folder - then click "browse" to change the directory to C: (default is C:\Windows)
*Registry
*System Folders
*Services
*Include Sub-Directory
*Scan All Files

Please make sure ALL of these are checked, then press the scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

Highlight the portion of the scan that lists infected items and hold CTRL + C to Copy then paste it here. The whole log will be extremely BIG so there is no way to copy the whole thing. I just need the infected items list.

Also Download the following (PC in normal mode) to see if either of these will run.

Ewido. Download, install, run and update it but do not run until in Safe mode.


Let me know how you get on with the above
  • 0

#5
steelhead

steelhead

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
USETOBE: Thanks for the suggestion. I did download HJT and it had its own folder on the desktop. I also downloaded a copy onto a 3.5 floppy and extracted that file. When I open the folder, I have a small icon that looks like "dynamite" and I did get the scan to run on time. I did download Panda, Trend, Killbox, along with several others and either they don't install or I get a multitude of error messages as described in my initial post.

Anyway, I went the re-formatting route last night. I still have a little work to do tonight but hopefully, I'll be back on line soon. I'm hoping this will improve my dialup service which is extremely slow--one download of 1.4MB took almost an hour yet my ISP assures me they are running at 26,000 bps!

If you need to close this topic in order to help someone else, please do so. I'll contact GTG again in the near future as my son has a Klez worm on his XP machine.

Thank for all your help.

steelhead
  • 0

#6
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Topic closed, poster went along the reformatt route :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP