Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan-spy.HTML.smithfraud.c [CLOSED]

Started by slmuley , May 19 2005 06:57 AM

  • This topic is locked This topic is locked

#1
slmuley
Posted 19 May 2005 - 06:57 AM

slmuley

    New Member

  • Member
  • Pip
  • 1 posts
my pc was ifected by Trojan-spy.smithfraud.c.first of all i would like to thanks for the help i had received from the form the forum.I had downloaded SpSeHjfix112 and run it as per instructions.then run CWShredder here is my log file.


(5/16/05 5:36:07 PM) SPSeHjFix started v1.1.2
(5/16/05 5:36:07 PM) OS: Win98SE A (4.10.2222)
(5/16/05 5:36:07 PM) Language: english
(5/16/05 5:36:07 PM) Win-Path: C:\WINDOWS
(5/16/05 5:36:07 PM) System-Path: C:\WINDOWS\SYSTEM
(5/16/05 5:36:07 PM) Temp-Path: C:\WINDOWS\TEMP\
(5/16/05 5:36:13 PM) Disinfection started
(5/16/05 5:36:13 PM) Bad-Dll(IEP): c:\windows\temp\se.dll
(5/16/05 5:36:13 PM) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\SYSTEM\ECCG.DLL
(5/16/05 5:36:13 PM) Searchassistant Uninstaller - Keys Deleted
(5/16/05 5:36:13 PM) UBF: 6 - UBB: 6 - UBR: 23
(5/16/05 5:36:13 PM) FilterKey: HKCR\text/html (deleted)
(5/16/05 5:36:13 PM) FilterKey: HKCR\CLSID\{B8794980-C4C8-11D9-825C-A0F2DDDACC04} (deleted)
(5/16/05 5:36:13 PM) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(5/16/05 5:36:13 PM) FilterKey: HKCR\text/plain (deleted)
(5/16/05 5:36:13 PM) FilterKey: HKCR\CLSID\{B8794980-C4C8-11D9-825C-A0F2DDDACC04} (error while deleting)
(5/16/05 5:36:13 PM) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(5/16/05 5:36:13 PM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8794981-C4C8-11D9-825C-A0F2B296699F} (deleted)
(5/16/05 5:36:13 PM) BHO-Key: HKCR\CLSID\{B8794981-C4C8-11D9-825C-A0F2B296699F} (deleted)
(5/16/05 5:36:13 PM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall (deleted)
(5/16/05 5:36:13 PM) UBF: 4 - UBB: 5 - UBR: 22
(5/16/05 5:36:13 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(5/16/05 5:36:13 PM) Stealth-String found: C:\WINDOWS\RSAGEDT.GID
(5/16/05 5:36:13 PM) File added to delete: c:\windows\system\eccg.dll
(5/16/05 5:36:13 PM) File added to delete: c:\windows\temp\se.dll
(5/16/05 5:36:13 PM) File added to delete: c:\windows\rsagedt.gid
(5/16/05 5:36:13 PM) Reboot
(5/16/05 5:49:23 PM) SPSeHjFix 2nd Step
(5/16/05 5:49:23 PM) Stealth-String not present. Disinfection succesfully
(5/16/05 5:49:38 PM) Cleaned




(5/16/05 5:36:07 PM) SPSeHjFix started v1.1.2
(5/16/05 5:36:07 PM) OS: Win98SE A (4.10.2222)
(5/16/05 5:36:07 PM) Language: english
(5/16/05 5:36:07 PM) Win-Path: C:\WINDOWS
(5/16/05 5:36:07 PM) System-Path: C:\WINDOWS\SYSTEM
(5/16/05 5:36:07 PM) Temp-Path: C:\WINDOWS\TEMP\
(5/16/05 5:36:13 PM) Disinfection started
(5/16/05 5:36:13 PM) Bad-Dll(IEP): c:\windows\temp\se.dll
(5/16/05 5:36:13 PM) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\SYSTEM\ECCG.DLL
(5/16/05 5:36:13 PM) Searchassistant Uninstaller - Keys Deleted
(5/16/05 5:36:13 PM) UBF: 6 - UBB: 6 - UBR: 23
(5/16/05 5:36:13 PM) FilterKey: HKCR\text/html (deleted)
(5/16/05 5:36:13 PM) FilterKey: HKCR\CLSID\{B8794980-C4C8-11D9-825C-A0F2DDDACC04} (deleted)
(5/16/05 5:36:13 PM) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(5/16/05 5:36:13 PM) FilterKey: HKCR\text/plain (deleted)
(5/16/05 5:36:13 PM) FilterKey: HKCR\CLSID\{B8794980-C4C8-11D9-825C-A0F2DDDACC04} (error while deleting)
(5/16/05 5:36:13 PM) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(5/16/05 5:36:13 PM) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8794981-C4C8-11D9-825C-A0F2B296699F} (deleted)
(5/16/05 5:36:13 PM) BHO-Key: HKCR\CLSID\{B8794981-C4C8-11D9-825C-A0F2B296699F} (deleted)
(5/16/05 5:36:13 PM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall (deleted)
(5/16/05 5:36:13 PM) UBF: 4 - UBB: 5 - UBR: 22
(5/16/05 5:36:13 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(5/16/05 5:36:13 PM) Stealth-String found: C:\WINDOWS\RSAGEDT.GID
(5/16/05 5:36:13 PM) File added to delete: c:\windows\system\eccg.dll
(5/16/05 5:36:13 PM) File added to delete: c:\windows\temp\se.dll
(5/16/05 5:36:13 PM) File added to delete: c:\windows\rsagedt.gid
(5/16/05 5:36:13 PM) Reboot
(5/16/05 5:49:23 PM) SPSeHjFix 2nd Step
(5/16/05 5:49:23 PM) Stealth-String not present. Disinfection succesfully
(5/16/05 5:49:38 PM) Cleaned
but still my destop background is showing me error as a fatal error in IE
has occured at 0028:C0011E36 in VXD VMM(01) + 00010E36 Error was caused by Trojan-spy.HTML.smithfraud.c

please let me know what are the next steps to be followed
  • 0

Advertisements

#2
greyknight17
Posted 19 May 2005 - 07:17 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Who told you to run this tool? I do see signs of that infection but this tool is not used to remove smitfraud. It's removing something else.

OK, did you follow the steps in the sticky topic (Read here before ....)? Do so now and post a HijackThis log when ready.
  • 0

#3
greyknight17
Posted 22 June 2005 - 09:45 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP