Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

smitfraud & quicknavigate fx


  • Please log in to reply

#1
vito71

vito71

    Member

  • Member
  • PipPip
  • 10 posts
Hi evry body
it's TWO days that I'm following you in this exciting forum.
Compliments to you all. ;)
I decided to sign in and ask your help since that's my situation: :tazz:
I've been infected by the smitfraud.c on thursday nite at 8PM.
I followed many instructions on the web, and I succeeded to "BLOCK" in a way this trojan/virus on my PC.
Now I dont have no bluescreen on My PC, and all the sw I downloaded find no other trojans or malwares, BUT I still have my IE catched by "quyicknavigate", I have a black backscreen - and not the normal blue - on the left part of thw screen when I use the "search" function of Explorer in WinXP, and I have the "hp" file.tmp back in my system32 directory!!!!! It's called hpAB91
Please, note that I already had a "hp".tmp file the day before yesterday, hp7B5A.tmp, but I succeeded to fix it...
I was very happy of myself... Here is what hijack showed me that nite:
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\system32\hp7B5A.tmp (file missing) - situation of May 13.

...but it didn't completely work for some reason, and now it was born again with slight different name as you can see from attached HJT log.
It would be so kind from you if you could help me understand what I can do to definitely solve the problem.
Attached : my HJT log.

Thank you so much for your reply and help.

vito71

Logfile of HijackThis v1.99.1
Scan saved at 21.02.26, on 14/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\basfipm.exe
C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Dell\OpenManage\Client\Iap.exe
C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\windows\system32\PDFCreatorMessages.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\shnlog.exe
C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmi\JawsSystems\Jaws PDF Creator\PDFClient.exe
C:\PROGRA~1\TV4STU~1\MImpPRO\MIProHst.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\intmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\Microsoft Office2000\Office\1040\msoffice.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Microsoft Office2000\Office\WINWORD.EXE
C:\Programmi\File comuni\pestpatrol\ppRemoteService.exe
C:\Programmi\File comuni\pestpatrol\PPMCActiveDetection.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\pcavellino\Documenti\personal\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavi...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavi...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.quicknavigate.com/
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\system32\hpAB91.tmp
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programmi\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PDFCreatorClient] C:\Programmi\JawsSystems\Jaws PDF Creator\PDFClient.exe
O4 - HKLM\..\Run: [MImpPro] C:\PROGRA~1\TV4STU~1\MImpPRO\MIProHst.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office2000\Office\OSA9.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.../kavwebscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DABA69B-845A-4BB0-8475-4AD1C6078E6C}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DABA69B-845A-4BB0-8475-4AD1C6078E6C}: NameServer = 193.70.152.15 193.70.152.25
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Iap - Dell Inc - C:\Programmi\Dell\OpenManage\Client\Iap.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\windows\system32\PDFCreatorMessages.exe
O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\Programmi\File comuni\pestpatrol\ppRemoteService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe



P.S.: I can probably move from the Pc in a few minutes tonite. So please forgive me if eventually I cant reply immediately tonite when you should send me an answer. In this case see U tomorrow.
Thank You.
vito71
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Disable Microsoft AntiSpyware Resident Protection for as lon as it takes to get your computer cleaned. It might hinder our efforts by guarding your settings.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid


Exit Add/Remove Programs.

Download this file: http://metallica.gee...m/smitfraud.reg
and doubleclick it. Confirm you want to merge it with the registry.

*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\WINDOWS\sites.ini
C:\WINDOWS\popuper.exe
C:\WINDOWS\system32\hhk.dll
C:\WINDOWS\System32\helper.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\System32\msmsgs.exe
C:\WINDOWS\System32\ole32vbs.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\intmon.exe
C:\WINDOWS\System32\msmsgs.exe

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Run HijackThis and put checkmarks in front of he following items.
Close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavi...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavi...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.quicknavigate.com/
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\system32\hpAB91.tmp

*IMPORTANT* Be sure you know how to VIEW HIDDEN FILES

Using Windows Explorer, delete the following (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard

Reboot into normal mode.

1.) Download the Hoster from HERE Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Download: DelDomains.inf
Should the link above display the text instead of downloading the file, then copy & paste the text into notepad and save the file as DellDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

Post back with a new log when you are done.

Regards,
  • 0

#3
vito71

vito71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
hi metallica
thank you so much for your reply & support
now I'm not in front of my Pc
asap I'll write U back

Thanx a lot !!!
CU
vito 71 :tazz:
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Keep me posted. :tazz:

Regards,
  • 0

#5
vito71

vito71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Dear Metallica

I really hope U're in front of your screen now, since I feel evrything is Ok and I want to thank U so much!!!!!!!!! :)

As per your kind request I attach here after the HJT log made few seconds ago:

Logfile of HijackThis v1.99.1
Scan saved at 1.35.50, on 17/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\basfipm.exe
C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Dell\OpenManage\Client\Iap.exe
C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\windows\system32\PDFCreatorMessages.exe
C:\Programmi\File comuni\pestpatrol\ppRemoteService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\File comuni\pestpatrol\PPMCActiveDetection.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\JawsSystems\Jaws PDF Creator\PDFClient.exe
C:\PROGRA~1\TV4STU~1\MImpPRO\MIProHst.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\Microsoft Office2000\Office\1040\msoffice.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\pcavellino\Documenti\personal\HJT\HijackThis.exe

O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programmi\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PDFCreatorClient] C:\Programmi\JawsSystems\Jaws PDF Creator\PDFClient.exe
O4 - HKLM\..\Run: [MImpPro] C:\PROGRA~1\TV4STU~1\MImpPRO\MIProHst.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [CleanUp!] C:\PROGRA~1\CleanUp!\CleanUp.exe /WindowsRestart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office2000\Office\OSA9.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.../kavwebscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DABA69B-845A-4BB0-8475-4AD1C6078E6C}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{1DABA69B-845A-4BB0-8475-4AD1C6078E6C}: NameServer = 193.70.152.15 193.70.152.25
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Iap - Dell Inc - C:\Programmi\Dell\OpenManage\Client\Iap.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\windows\system32\PDFCreatorMessages.exe
O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\Programmi\File comuni\pestpatrol\ppRemoteService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

I'm looking forward to hearing from U again, and be ascertain that my Pc is clean!!!

I would like anyway to give to you some infos ABOUT the procedure that you suggested and that I made; they're eventually useful for your better understanding of the trojan:
When I ran HJT after booting in safe mode I found another "HP" file in the log: that is "hp85ca.tmp" instead of previous "hpAB91.tmp"... but I fixed that one and it seems it worked as well... I REALLY HOPE!!!! ;)
Now, if you please, some questions:
What do I have to do with MS Antispyware Beta version that I have installed???
what about Avast Antivirus?? Is it safe enough in Your opinion???
what about ADAWARE, SPYBOT and other sw that I have on my PC now?? Do I have to run 'em all often or are they rather harmful???
I hope I dont bother U with my questions...
Thanx for your reply... I really Appreciate!!!

YOU'RE GREAT GUYS!!!
GOD BLESS YA METALLICA!!! ;)

I wait for your reply..
Thanx a lot again ...
Vito71 :)


Xcuse me!!! some more news:
(1) I have to say that I still have the black "backscreen" - and not the normal blue one - on the left part of the screen when I use the "search" function of Windows Explorer!!!! Can I get some more help to move that too???

(2) Moreover: my Avast has recognised a "Hp...tmp" file as a virused file and put in a "Avast" directory as "HPB3FE.TMP.VIR" file...
Now it still recognises it as a virus on boot up... Is it harmful? Do I have to clean it in a definitive way to stay safe for the future???

(3) It seems to me that Antispyware from Microsoft - Beta Version - just locks the DSL connection down after feww minutes I browse.... Now I Stopped it and it seems I can surf the web... is it better to shut it down????

No words to say ..THANX FOR YOUR HELP!!!

CU
VITO71!! :tazz:

Edited by vito71, 16 May 2005 - 06:28 PM.

  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
The MicroSoft AntiSpyware is still in development and has some bugs.

If it doesn't work for you as resident protection, then use it only as a scanner.

Spybot and AdAware are good as well. PestPatrol I have always found overly sensitive, but that is a personal opinion.

Your log looks great. I am not quite sure how Avast works, but can you have it delete that file it quarantained?
It is obviously part of the infection.

For the Search pane:

Click Start > RUN > Type or copy&paste these commands (one by one followed by clicking OK)

regsvr32 urlmon.dll
regsvr32 jscript.dll
regsvr32 wshom.ocx


Each should prompt a confirmation box saying it has been successful.

Regards,
  • 0

#7
vito71

vito71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Metallica!

Sorry if I could not reply earlier.
it's an intense job-time for me right now!

I tried your advices for trying to move the black screen away from search panel, but it didn' work.

In any case, it's not so bad having a black screen instead that the originasl blue one... Maybe I'm the only one to have it!!!

The other files in quarantine have been littered and destroyed...
So I think evrything is rught.

I send you all my greetings for your fundamental help.

Thanx and see you Metallica

Ciao
Vito71
  • 0

#8
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Are you sure?

Post back anytime when you have the time to look into it.

I'll be here. :tazz:

Regards,
  • 0

#9
vito71

vito71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
:tazz:

Hi Metallica...
I've followed your lines again,
Start\run\ **** \ok --> three times, but ... black is black !!!

Do U need another HJT log form me??
I'm at your disposal...
See you_
and thanx 4 your interest, as always...

Vito71
;)
  • 0

#10
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Do you know how to make a screenshot and save it as a jpg?

I'm really curious to see how it looks and it might give me some ideas on how to fix it.

Regards,
  • 0

Advertisements


#11
vito71

vito71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
HI METALLICA,
XCUSE ME FOR MY DELAY - I WAS AWAY FOR JOB
I KNOW HOW TO DO, AND
WHEN I GO BACK HOME I'LL DO IT FOR YOU...
:tazz:
JUST WAIT A BIT!!!
SEE U
VITO71
  • 0

#12
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
No problem. I'll be around. :tazz:

Regards,
  • 0

#13
vito71

vito71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Metallica!!

So far...!! here in Italy is quite hot, but I didnt forget and so I'm back...

You can find attached the image of my "search" screen_
I'm sure you'll understand better this way than I could do with words.
Hope to see U soon
My best regards


Vito71 !!!

:tazz:

Attached Thumbnails

  • Immagine.JPG

  • 0

#14
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Can you click Start > Run > copy&paste regedit.exe /e C:\wheresdog.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState" > OK

This will create the file C:\wheresdog.txt
Post te content of that file.

Regards,
  • 0

#15
vito71

vito71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
hi met...
here 's the content that you made me create...

hope you understand..
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState]
"Settings"=hex:0c,00,02,00,0a,01,80,7c,60,00,00,00
"FullPath"=dword:00000000
"FullPathAddress"=dword:00000001

P.S. tonite I found a file C:\bla.exe with a virus inside that Avast blocked
Its name was:
w32 trojan-gen

does this have something to do with the rest of it???

Best regards
VITO71
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP