Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan-spy.smitfraud.c


  • Please log in to reply

#1
vbraut

vbraut

    New Member

  • Member
  • Pip
  • 2 posts
PC infected with trojan-spy.smitfraud.c. Mine is Widows XP-sp2.
I used following tools to remove it.It gained some success but still not 100%.
-Browser Hijack Recover(BHR)
-Spybot - Search & Destroy and
-Microsoft AntiSpyware(BETA)

Following is the latest LOG from BHR

:tazz: PLEASE SUGGEST THE REMEDY-

Logfile of Browser Hijack Recover(BHR) v2.2
http://www.browser-hijack.com/
Log created on 5/19/2005 8:48:33 AM
Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Internet Explorer v6.0.2900.2180 Update Versions: ;SP2;

[Process Manager] - [Process]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Browser Hijack Recover\bhr.exe

[IE Options] - [Normal]
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rediff.com/
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Window Title =

[IE Options] - [IE Menu]

[IE Options] - [Internet Options]

[IE Options] - [IE Search Hooks]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll

[IE Add-Ons] - [Toolbars]
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

[IE Add-Ons] - [Explorer Bars]

[IE Add-Ons] - [Context Menu]

[IE Add-Ons] - [BHOs]

[IE Add-Ons] - [Tools Menu]
O9 - Extra "Tool" Menu Item: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - No File
O9 - Extra "Tool" Menu Item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

[IE Add-Ons] - [Tools Button]
O9 - Extra "Tool" Menu Item: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - No File
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

[System Options]

[StartUp]
04 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run MSMSGS = C:\Program Files\Messenger\msmsgs.exe" /background
04 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run MsnMsgr = C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run IgfxTray = C:\WINDOWS\system32\igfxtray.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run High Definition Audio Property Page Shortcut = HDAudPropShortcut.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run SoundMan = SOUNDMAN.EXE
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run AlcWzrd = ALCWZRD.EXE
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run PCMService = c:\Apps\Powercinema\PCMService.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run TkBellExe = C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run ccApp = C:\Program Files\Common Files\Symantec Shared\ccApp.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run gcasServ = C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run AME_CSA = rundll32 amecsa.cpl,RUN_DLL
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run notepad2.exe = popuper.exe
O4 - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
O4 - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\PROGRA~1\MICROS~2\Office\OSA9.EXE
  • 0

Advertisements


#2
vbraut

vbraut

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Here is log-
Logfile of Browser Hijack Recover(BHR) v2.2
http://www.browser-hijack.com/
Log created on 5/19/2005 8:48:33 AM
Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Internet Explorer v6.0.2900.2180 Update Versions: ;SP2;

[Process Manager] - [Process]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Browser Hijack Recover\bhr.exe

[IE Options] - [Normal]
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rediff.com/
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Window Title =

[IE Options] - [IE Menu]

[IE Options] - [Internet Options]

[IE Options] - [IE Search Hooks]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll

[IE Add-Ons] - [Toolbars]
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

[IE Add-Ons] - [Explorer Bars]

[IE Add-Ons] - [Context Menu]

[IE Add-Ons] - [BHOs]

[IE Add-Ons] - [Tools Menu]
O9 - Extra "Tool" Menu Item: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - No File
O9 - Extra "Tool" Menu Item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

[IE Add-Ons] - [Tools Button]
O9 - Extra "Tool" Menu Item: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - No File
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

[System Options]

[StartUp]
04 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run MSMSGS = C:\Program Files\Messenger\msmsgs.exe" /background
04 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run MsnMsgr = C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run IgfxTray = C:\WINDOWS\system32\igfxtray.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run High Definition Audio Property Page Shortcut = HDAudPropShortcut.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run SoundMan = SOUNDMAN.EXE
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run AlcWzrd = ALCWZRD.EXE
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run PCMService = c:\Apps\Powercinema\PCMService.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run TkBellExe = C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run ccApp = C:\Program Files\Common Files\Symantec Shared\ccApp.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run gcasServ = C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run AME_CSA = rundll32 amecsa.cpl,RUN_DLL
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run notepad2.exe = popuper.exe
O4 - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
O4 - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\PROGRA~1\MICROS~2\Office\OSA9.EXE
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP