Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan-spy.html.smit.fraud.c[CLOSED]


  • This topic is locked This topic is locked

#1
Spyware Murderer

Spyware Murderer

    New Member

  • Member
  • Pip
  • 4 posts
I am yet another person having a problem with this can someone help me
My Hijack This Log

Logfile of HijackThis v1.99.1
Scan saved at 12:33:24 AM, on 5/8/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)


I managed to get rid of the blue screen, but now i cant change my wallpaper and im stuck with a black screen with absolutely nothing on it, can n e one help?!
  • 0

Advertisements


#2
Spyware Murderer

Spyware Murderer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
here's another log

Logfile of HijackThis v1.99.1
Scan saved at 1:16:01 AM, on 5/8/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1115538264\EE\AOLHOSTMANAGER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1115538264\EE\AOLSERVICEHOST.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\ARES\ARES.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\PROGRAM FILES\AOL TOOLBAR 2.0\AOLTB.DLL
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\PROGRAM FILES\NAVEXCEL\NAVHELPER\V2.0.4B\NHELPER.DLL
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\PROGRAM FILES\NAVEXCEL SEARCH TOOLBAR\NAVEXCELBAR.DLL
O3 - Toolbar: AOLToolBand Class - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\PROGRAM FILES\AOL TOOLBAR 2.0\AOLTB.DLL
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\PROGRAM FILES\NAVEXCEL SEARCH TOOLBAR\NAVEXCELBAR.DLL
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1115538264\EE\AOLHostManager.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServices: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)

pleaze ppl i need help wit this
  • 0

#3
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Download: http://www.mvps.org/winhelp2002/DelDomains.inf
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

Open Notepad. Copy EVERYTHING in the box below and paste it into a new notepad file. Change the 'Save As Type' to "All Files" and save it as fix.reg on your desktop. Make sure there is NO blank line above REGEDIT4:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"WallpaperStyle"=-
"Wallpaper"=-
"NoDispBackgroundPage"=-
"NoDispAppearancePage"=-

[HKEY_CURRENT_USER\Control Panel\Desktop]
"Wallpaper"=-
"WallpaperStyle"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-
"NoActiveDesktop"=-
"NoSaveSettings"=-
"ClassicShell"=-
"NoThemesTab"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=-


Locate fix.reg on your desktop and doubleclick on it. When asked if you want to merge with the registry click YES. After you receive the prompt "merged successfully", follow the rest of instructions below.

Reboot your computer.

Then please run this online virus scan:
ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log.

Edited by bananafanafo, 07 May 2005 - 11:57 PM.

  • 0

#4
Spyware Murderer

Spyware Murderer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
when i tried to merge it, it said "cannot Import C:/Desktop/fix.reg. The Specified File is not a registry script. You can only import registry files." and i made sure there isnt a blank line above redgit4

Edited by Spyware Murderer, 08 May 2005 - 12:07 AM.

  • 0

#5
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ok, we're going to try it another way lol Good ol' ME! :tazz:

Download this to your desktop: http://www.bleepingc...g/smitfraud.reg

Doubleclick smitfraud.reg - when it asks if you want to merge it with the registry click YES. Then follow the rest of my previous instructions.
  • 0

#6
Spyware Murderer

Spyware Murderer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
THANK YOU!!!! I finally have my normal desktop back!

Logfile of HijackThis v1.99.1
Scan saved at 2:18:21 AM, on 5/8/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1115538264\EE\AOLHOSTMANAGER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\1115538264\EE\AOLSERVICEHOST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ARES\ARES.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\PROGRAM FILES\AOL TOOLBAR 2.0\AOLTB.DLL
O3 - Toolbar: AOLToolBand Class - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\PROGRAM FILES\AOL TOOLBAR 2.0\AOLTB.DLL
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1115538264\EE\AOLHostManager.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

Ill eventually edit this with the virus scan, but it seems to be working fine tho

EDIT- i have to get off now, ill be back with the virus results 2morrow

Edited by Spyware Murderer, 08 May 2005 - 12:36 AM.

  • 0

#7
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
No problem, I'll be here!
  • 0

#8
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP