Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help me deleting smitfraud-c.coreservice


  • Please log in to reply

#16
angichiru

angichiru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
here are the files

Attached Files


  • 0

Advertisements


#17
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTLI
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
    
    :files
    C:\Program Files\WebShow
    C:\WINDOWS\bqjovqpu
    C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Local Settings\Application Data\.#
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    C:\Program Files\Viewpoint
    
    :Commands
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

  • 0

#18
angichiru

angichiru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Here is the output file.

Attached Files


Edited by angichiru, 11 February 2009 - 09:27 AM.

  • 0

#19
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Those files you were questioning are from Combofix and will be removed in a bit.
Your log is clean is everything back to normal?
  • 0

#20
angichiru

angichiru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi Kadah,
Thanks for the help, but i have one quick question for you. Though my system is clean from viruses, whenever i do a google search in firefox&IE i am getting malicious links in the search results. Please see the result's page source below. Does this mean that my browser's got virus?

href="http://www.google.com/" class=l onmousedown="return clk(this.href,'','','res','1','')"><em>Google</em></a></h3><div class="s">Preferences &middot; Language Tools. New! Explore the ocean in <em>Google</em> Earth 5.0 &middot; Advertising Programs - Business Solutions - About <em>Google</em>. ©2009 - Privacy.<br><cite>www.<b>google</b>.com/ - 7k - </cite><span class=gl><a href="http://209.85.173.132/search?q=cache:zhool8dxBV4J:www.google.com/+google+search&amp;hl=te&amp;ct=clnk&amp;cd=1&amp;gl=us&amp;client=firefox-a" onmousedown="return clk(this.href,'','','clnk','1','')">భద్రపరిచినది</a> - <a href="/search?hl=te&amp;client=firefox-a&amp;rls=org.mozilla:en-US:official&amp;hs=AUh&amp;q=related:www.google.com/">పోలిన పేజీలు</a></span></div><!--n--><!--m--><li class=g style="margin-left:3em"><h3 class=r><a href="http://www.google.com/cse" class=l onmousedown="return clk(this.href,'','','res','2','')"><em>Google</em> Custom <em>Search</em> Engine - Site <em>search</em> and more</a></h3><div class="s hc">Have a website or collection of sites you'd like to <em>search</em> over? With Custom <em>Search</em> Engine, you can harness the power of <em>Google</em> to create a <em>search</em> engine <b>...</b><br><cite>www.<b>google</b>.com/cse - 10k - </cite><span class=gl><a href="http://209.85.173.132/search?q=cache:y-o4VhKJn0gJ:www.google.com/cse+google+search&amp;hl=te&amp;ct=clnk&amp;cd=2&amp;gl=us&amp;client=firefox-a" onmousedown="return clk(this.href,'','','clnk','2','')">భద్రపరిచినది</a> - <a href="/search?hl=te&amp;client=firefox-a&amp;rls=org.mozilla:en-US:official&amp;hs=AUh&amp;q=related:www.google.com/cse">పోలిన పేజీలు</a></span><br><a class=fl href="/search?hl=te&client=firefox-a&rls=org.mozilla:en-US:official&hs=AUh&q=+site:www.google.com+google+search">www.google.com నుంచి మరిన్ని ఫలితాలు&nbsp;&raquo;</a></div><!--n--><!--m--><li class=g><h3 class=r><a href="http://www.google.co.uk/" class=l onmousedown="return clk(this.href,'','','res','3','')"><em>Google</em></a></h3><div class="s"><em>Search</em>: the web pages from the UK. New! Explore the ocean in <em>Google</em> Earth 5.0 &middot; Advertising Programmes - Business Solutions - About <em>Google</em> - Go to <em>Google</em>. <b>...</b><br><cite>www.<b>google</b>.co.uk/ - 8k - </cite><span class=gl><a href="http://209.85.173.13...ient=firefox-a" onmousedown="return clk(this.href,'','','clnk','3','')">భద్రపరిచినది</a> - <a href="/search?hl=te&amp;client=firefox-a&amp;rls=org.mozilla:en-US:official&amp;hs=AUh&amp;q=related:www.google.co.uk/">పోలిన పేజీలు</a></span></div><!--n--><!--m--><li class=g><h3 class=r><a href="http://www.google.ca/" class=l onmousedown="return clk(this.href,'','','res','4','')"><em>Google</em></a></h3><div class="s"><em>Search</em>: the web pages from Canada. New! Explore the ocean in <em>Google</em> Earth 5.0. <em>Google</em>.ca offered in: Français &middot; Advertising Programs - Business Solutions <b>...</b><br><cite>www.<b>google</b>.ca/ - 7k - </cite><span class=gl><a href="http://209.85.173.13...ient=firefox-a" onmousedown="return clk(this.href,'','','clnk','4','')">


Every malicious link is starting with http://209.85.173.132, i never observe this behavior before. Please help me in removing this virus
  • 0

#21
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
hmmm well let's dig a little deeper.

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#22
angichiru

angichiru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I didn't get anything in the scan report.
  • 0

#23
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download avz4.zip from here
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again
  • After the update, from the "File" menu, choose "Standard Scripts"
  • Put a check next to item 2: Advanced System Investigation
  • Click Execute selected scripts
  • At the next prompt, click the OK button
  • Let the scan run and click "OK" when the completion prompt pops up
  • Now Close out of the Standard Scripts window, and exit AVZ
  • Navigate to the avz4 folder and locate the folder LOG
  • Inside the LOG folder you will find virusinfo_syscheck.htm and virusinfo_syscheck.zip
  • Attach virusinfo_syscheck.htm to your next reply, along with a fresh HijackThis log

  • 0

#24
angichiru

angichiru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Attached virusInfo_syscheck.htm and virusInfo_syscheck.zip files

Attached Files


  • 0

#25
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Post that log in your next reply.

(Note if you cannot open the log it produces then right click on it and choose rename.
Rename it to .txt and you will be able to open it)

  • 0

Advertisements


#26
angichiru

angichiru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
My system got crashed while the dr web antivirus is moving/deleting all the files. I am not sure y it removed the spybot files and other registration files.
  • 0

#27
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
DO you have a log?
Can the computer boot up?
  • 0

#28
angichiru

angichiru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
NO kadah. My computer doesn't boot at all. I tried to replace dll's with other OS Key and it worked. Now i am able to boot but unable to connect to network or do anything. My wireless network connection won't connect though it displays all the networks available. Please help me out if there is a way to fix this error or else my last option will be for re-installation

Edited by angichiru, 17 February 2009 - 04:06 PM.

  • 0

#29
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
IS this a laptop?
Do you have drivers installed for the wireless card.
What dll's did you replace?

I need more information please.
  • 0

#30
angichiru

angichiru

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Not sure what dll's i have replaced. I tried to recover through another OS cd, the wireless network got locked and even though i tried to uninstall and add it again it's giving same error
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP