Trojan Spy HTML Smitfraud
Started by
paulm
, May 08 2005 09:50 AM
#1
Posted 08 May 2005 - 09:50 AM
paulm
-
- Member
-
- 4 posts
New Member
#2
Guest_nommork_*
Posted 08 May 2005 - 10:27 AM
Guest_nommork_*
Guest_nommork_*
-
- Guest
For Smitfraud Only
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!
Print these instructions
Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:
Security IGuard
Virtual Maid
Search Maid
Exit Add/Remove Programs.
*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES http://www.xtra.co.n...1916458,00.html
Press CTRL ALT DELETE to open Windows Task Manger. Click on the Processes tab and end the following processes:
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\intmonp.exe
Exit Task Manager.
*Click Here http://www.geekstogo...n=download&id=4 to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*In the field labeled Full Path of File to Delete enter the file paths listed below ONE AT A TIME (EXACTLY as it appears, please double check to make sure! I would just copy each file path and paste it in the field) MAKE SURE TO ENTER ALL FILE PATHS!:
C:\wp.exe
C:\wp.bmp
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe
Press the button that looks like a red circle with a white X in it after each one. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the NO button. Do this after each one until you have entered the LAST file path I have listed above. After that LAST file path has been entered press the YES button at both prompts so that your computer restarts. If you recieve an error message "PendingRenameOperation...." and your computer doesn't restart, please restart it manually.
While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Make sure you can view hidden files.
Using Windows Explorer, delete the following (please do NOT try to find them by "search" because they will not show up that way)
FOLDERS to delete (in bold) if found:
C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard
Reboot into normal mode.
*Download and install Registrar Lite version 2.00 http://www.resplendence.com/download
*Double click the purple Registrar Lite icon on your desktop.
*Copy the line below and paste it into the "Address" field (located at the top) of the program:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
*Click the "Go" button.
*It will take you into the "Policies" folder.
*Locate the "System" folder (in the right panel)
*If found, right-click on the System folder and go to Delete
*Be very careful that you only delete the System folder that is inside the Policies folder.
Reboot your computer again.
1.) Download the Hoster from HERE <http://www.funkytoad...oad/hoster.zip> Press "Restore Original Hosts" and press "OK". Exit Program.
2.) Download: http://www.mvps.org/.../DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.
3.) Download, install, and run CleanUp! http://www.greyknigh...spy/Cleanup.exe
4.) Run this online virus scan: ActiveScan http://www.pandasoft...com/activescan/ - Save the results from the scan!
Run at least two of these anti-spyware programs
Make sure all defintion files are up to date for all programs
Microsoft WIndows Anti-spyware
http://www.microsoft...re/default.mspx
Ad-aware se
http://www.lavasoft....ftware/adaware/
For Ad-ware se run a Full System Scan and ADS scan
Spysweeper
http://www.webroot.com
Ewido
http://www.ewido.net
Run at least two of the online AV scans:
http://www.trojanhunter.com/ Trojan hunter
http://www.pandasoft...n_principal.htm Panda Active Scan
http://housecall.trendmicro.com/ House Call (Trend Micro)
http://www.bitdefend...can/licence.php BitDefender Free OnlineVirus Scan
http://support.f-sec.../home/ols.shtml F-Secure Free OnlineVirus Scan
http://security.syma...IHKERRDTIPOKYJL Symantec Security Scan & Virus Detection
http://www.ravantivirus.com/scan/ RAV AntiVirus Online VirusScan
http://us.mcafee.com....asp?catid=free McAfee Antivirus scan
http://www.virus112....an_registration Danish Antivirus scan
http://support.f-sec.../home/ols.shtml F-SecureAntivirus scan
Post a HiJackThis log.
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!
Print these instructions
Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:
Security IGuard
Virtual Maid
Search Maid
Exit Add/Remove Programs.
*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES http://www.xtra.co.n...1916458,00.html
Press CTRL ALT DELETE to open Windows Task Manger. Click on the Processes tab and end the following processes:
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\intmonp.exe
Exit Task Manager.
*Click Here http://www.geekstogo...n=download&id=4 to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*In the field labeled Full Path of File to Delete enter the file paths listed below ONE AT A TIME (EXACTLY as it appears, please double check to make sure! I would just copy each file path and paste it in the field) MAKE SURE TO ENTER ALL FILE PATHS!:
C:\wp.exe
C:\wp.bmp
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe
Press the button that looks like a red circle with a white X in it after each one. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the NO button. Do this after each one until you have entered the LAST file path I have listed above. After that LAST file path has been entered press the YES button at both prompts so that your computer restarts. If you recieve an error message "PendingRenameOperation...." and your computer doesn't restart, please restart it manually.
While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Make sure you can view hidden files.
Using Windows Explorer, delete the following (please do NOT try to find them by "search" because they will not show up that way)
FOLDERS to delete (in bold) if found:
C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard
Reboot into normal mode.
*Download and install Registrar Lite version 2.00 http://www.resplendence.com/download
*Double click the purple Registrar Lite icon on your desktop.
*Copy the line below and paste it into the "Address" field (located at the top) of the program:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
*Click the "Go" button.
*It will take you into the "Policies" folder.
*Locate the "System" folder (in the right panel)
*If found, right-click on the System folder and go to Delete
*Be very careful that you only delete the System folder that is inside the Policies folder.
Reboot your computer again.
1.) Download the Hoster from HERE <http://www.funkytoad...oad/hoster.zip> Press "Restore Original Hosts" and press "OK". Exit Program.
2.) Download: http://www.mvps.org/.../DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.
3.) Download, install, and run CleanUp! http://www.greyknigh...spy/Cleanup.exe
4.) Run this online virus scan: ActiveScan http://www.pandasoft...com/activescan/ - Save the results from the scan!
Run at least two of these anti-spyware programs
Make sure all defintion files are up to date for all programs
Microsoft WIndows Anti-spyware
http://www.microsoft...re/default.mspx
Ad-aware se
http://www.lavasoft....ftware/adaware/
For Ad-ware se run a Full System Scan and ADS scan
Spysweeper
http://www.webroot.com
Ewido
http://www.ewido.net
Run at least two of the online AV scans:
http://www.trojanhunter.com/ Trojan hunter
http://www.pandasoft...n_principal.htm Panda Active Scan
http://housecall.trendmicro.com/ House Call (Trend Micro)
http://www.bitdefend...can/licence.php BitDefender Free OnlineVirus Scan
http://support.f-sec.../home/ols.shtml F-Secure Free OnlineVirus Scan
http://security.syma...IHKERRDTIPOKYJL Symantec Security Scan & Virus Detection
http://www.ravantivirus.com/scan/ RAV AntiVirus Online VirusScan
http://us.mcafee.com....asp?catid=free McAfee Antivirus scan
http://www.virus112....an_registration Danish Antivirus scan
http://support.f-sec.../home/ols.shtml F-SecureAntivirus scan
Post a HiJackThis log.
Edited by nommork, 08 May 2005 - 10:27 AM.
#3
Posted 08 May 2005 - 11:39 AM
paulm
- Topic Starter
-
- Member
-
- 4 posts
New Member
Before i go any further i just wanna check this. Have been to add remove progs and none of three progs are on there. Also run task manager and the 'processes' and neither of the 2 processes mentioned are there. Should I still continue with the rest of the instructions or is something else going on? Thanks
#4
Posted 10 May 2005 - 12:58 AM
paulm
- Topic Starter
-
- Member
-
- 4 posts
New Member
Thanks for the great help. All solved! Fab set of easy to follow instructions. Cheers 
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
