Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smitfraud.c Virus YES another one :(


  • This topic is locked This topic is locked

#1
shagger

shagger

    Member

  • Member
  • PipPip
  • 14 posts
hiya guys posted a thead earlier but you guys are real busy so i thought id have another crack at it with all the other threads going on

anyway here is my Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 6:18:11 PM, on 10/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\intmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Brendon\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavi...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.quicknavigate.com/
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\System32\hp69EE.tmp



this is a real toughie :tazz: internet explorer is stuffed on my PC ,, running firefox now ,, which is Great !!! might keep it after this is fixed

any assistant would be greatly appreacited

thanks in advance

Brendon
  • 0

Advertisements


#2
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi shagger,

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
shagger

shagger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
hey mate thanks for ya help appreacite it !!!

ok what i did last night was i forgot to turn off System Restore OOPS :tazz:

that made a big difference and when i did that , started in safe mode and did all the steps again it got rid of alot more ,,,

i got the latest windows update and i will reboot now and send in the latest Hijack log file

BRB ;)
  • 0

#4
shagger

shagger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
heres the LOG FILE after a fresh reboot

Logfile of HijackThis v1.99.1
Scan saved at 7:26:32 AM, on 11/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Brendon\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.2xtremegolf.com/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115759790150
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab




now im no expect but that looks ok ? i do run a google tool bar and pop up stopper so im guessing theres a bit there and i custom my homepage which is there ?

hows the rest look m8 ?

cheers again

Brendon :tazz:


P.S seems to be running ok too ,, no hicups yet lol
  • 0

#5
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Your HJT does not show an update

*Please go http://www.howtotell.com ]here (Microsoft website) using Internet Explorer ( not Firefox or any other browser as they won't work)
*Click on "Windows Validation Assistant"
*Click on the "Validate Now" button.
*Be patient while the ActiveX loads, do not click on any links.
*Read the instructions on this page while it's loading. You will be prompted to install - click YES.
*Enter your product key then click "continue"
*When it says "Validation Complete" please click "Continue to return to your previous activity"
*Copy what it says and paste it here.

Edited by usetobe, 10 May 2005 - 03:38 PM.

  • 0

#6
shagger

shagger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ok yes a problem occured

got to the validation button clicked that and ....



"The windows validation assistant failed to run properly"
Please verfify you a running a supported operated system and your Internet Explorer security settings allows signed Active X controls to run


ok no idea now lol :tazz:

Brendon
  • 0

#7
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Try this link to set up internet explorer to allow it to run

INstructions from MS

Then try it again and post back result

Edited by usetobe, 10 May 2005 - 03:53 PM.

  • 0

#8
shagger

shagger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
did that m8 ,, its set at medium level and i check to see if Active X is prompt on download ,, which is was ,, double checked it and tryed to validate again ,

same thing m8 :tazz: same message
  • 0

#9
Guest_usetobe_*

Guest_usetobe_*
  • Guest
While we understand that you may not have been aware, if you cannot upgrade or obtain validation, your copy of Windows may not be legitimate. Unfortunately, we are unable to help you any further on this site, as we have a strict policy we adhere to in only helping people who have legitmate copies of Windows. Unless you can either get validation or you can upgrade to SP1a and post a HJT log that shows this upgrade we can not advise any further. Thank you for understanding.
  • 0

#10
shagger

shagger

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
thanks mate ,, fully understand :tazz:

but i have a legmatite copy of windows with a legimate reg key ,, i got it in a package when i brought my Laptop ;)

maybe someone was having a lend of me but looking at the Windows XP home edition disk i have here with a stamp at the bottom of it "Genuine"

maybe i need to activate my windows again or the virus has changed my setting in my registry some how ?

hope a re format isnt the only way to fix it ;)


Brendon
  • 0

#11
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Topic closed
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP