I did something very STUPID and downloaded music on my work computer without updating my virus protection and of course receieved the Torjan-Spy smitfraud virus.I believe I have removed most of the virus but there must be a few parts left. When I run my computer in normal startup it runs VERY slow. It an take up to 15 minuted to open my desk top, it has taken up to 5 minutes to open a word file.
When I try to go onto the internet to my home page it also can take 5 to 15 minutes. I do get my home page, but I am not sure if it is the cached page or the actual page. When I tried to go to Trend Housecall I waited a half an hour and only had 3 bars on the progress bar at the bottom, so I got off. Sometimes I can download updates. I was able to with Ad-Aware, but I don't think the download completed for Spybot. I had left the computer for about 20 minutes and when I came back I had an error sign that Spybot needed to shut down. All the upgrades that I tried to do I did in Normal. I know they cannot be done in Safe Mode.
This is what I have done so far:
I tried to go through all of the steps for Malware Removal that you provide on this site. I had to download all the programs on my other work computer and transfer them by CD. (The two computers are not networked other than internet access. The computer with the virus is on DSL and accesses the internet through a router with a firewall.)
I installed Ad-ware updated it and ran it in Safe Mode.
I installed CWShredder, but could not download an upgrade. I then ran it in Safe Mode.
I installed Spybot S&D. Not sure if upgrade happened, but I did run it anyway in Safe Mode.
I installed AVG. Could not upgrade, but I ran it anyway in Safe Mode.
Could not access Trend Housecall to do a scan.
I installed TDS-3, could not register, but ran it in Safe Mode anyway.
I did not do the Windows Updates. I don't think I could have even if I wanted to. Also I couldn't rememer if I had installed the XP Service Pack 2 yet and the instructions said not to install it if I had malware.
I rebooted several times, but no change.
I then installed Hijack This. Here is my Highjack Log:
Logfile of HijackThis v1.99.1
Scan saved at 8:00:42 PM, on 5/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\Sue\Local Settings\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ntrj.exe] C:\WINNT\ntrj.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Actinic.lnk = C:\Program Files\Actinic ecommerce v5\Catalog.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
I also installed Killbox and had it remove all the files that I could find on the other posts that matched what I had originally listed in my Highjack Log. The items I deleted with Killbox are as follows:
C:\bsw.exe
C:\wp.bmp
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe
C:\WINNT\System32\SPOOLSV.EXE
C:\WINNT\system32\ktstn.dll
C:\WINNT\System32\ALGU.EXE
C:\Windows\System32\helper.exe
c:\windows\system32\log files
C:\wp.exe
C:\bws.exe
C:\Windows\sites.ini
C:\Windows\System32\ole32vbs.exe
C:\WINDOWS\System32\hp7C29.tmp
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\intmon.exe
I also scoured all the other threads for not only these files, but for any other files that matched what were in my Highjack Log, but had to be taken out with the Highjack program. I do not have a list of those.
I cannot get into System Restore either in Normal or Safe Mode. In Safe Mode the outside of the System Restore window shows up for a second and that is all. In Normal Mode I get nothing. I have tried to get into System Restore in Diagnostic Mode. The window opens, but I get a message that says I cannot use it.
I originally used Kaspersky Anti-Virus Personal to find a get rid of most of the Trojan Files. I ran it 3 times. There were no more files listed in the third time.
I have also added smitfraud to the registry. I can't remeber what type of file it was, but it was one that was recommended on one of the threads.
I have my desktop somewhat back to normal. Blue background, but no more error note. Last time I checked I also have 5 tabs on my Display Properties. I have not tried to change it back yet.
I also ran Cleanup! 2 times.
I also cannot use Search under startup. Whenever I open it and tell it to search under files, it just shuts down in any startup mode.
I did tell the computer to show all hidden files.
I also went to Program Files and deleted Security IGard. Virtual Maid and Search Maid were not there.
I could not download DelDomains on the infected computer and when I did on my othr computer I could not open it from the CD.
I did not try to go On Line to go to ActiveScan. I didn't think I would be able to and every other time I did try to get on the Internet it took too long.
I am not sure if it is my imagination or not, but it seems to me the longer I work at this the slower my computer gets, but only in Normal Mode. There has been no change in Daignostic or Safe Modes.
I think I have rmembered to tell you everything. I have been working at this 2 1/2 days and my head is spinning.
I called Gateway. They could not help and suggested I reformat my hard drive.
I REALLY do not want to do this. This computer has my Website/Shopping Cart on it and if I have to do that I will have my share of headaches with security issues with that! YES I made a very STUPID mistake!
I thank you for all you have posted on other threads to help me get this far and I thank you in advance for any help you can give me from this point on.
Also thanks for the great Smilies. I have never used them before and they made this long ordeal a little funner!
Sue
Sign In
Create Account
