Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smitfraud


  • Please log in to reply

#1
mhebb

mhebb

    New Member

  • Member
  • Pip
  • 1 posts
I am fairly PC literate. I've just been hit by the Smitfraud virus and was able to clean much of

it up using notes on your site. Got my screen background back etc. There's some very inconvenient stuff still happening that I need

help getting rid of. I'm running Ad-aware professional weekly or so and Spywareguard continually

on Windows 98 system. I downloaded and ran Cleanup. I've used Netscape predominantly but have

started using Firefox for browsing.
Whenever I open windows explorer Spyware guard tells me my browser IE home page and other

settings are being changed to the :Blank page. In addition I can't print anything. The

application says I haven't set a default printer. When I go into Settings/Printers I again get

the same Spyguard messages about the ID settings being changed and the screen shows a default

printer really is set so there's basically no printing possible. In the process list the

HPZTSB04 is the HP printer tool. It can print sample pages OK.
Whenever IE comes up it homes in on the :Blank page and a lot of junk downloads. It is usually a

couple dozen zero length .exe files to Windows and to System folder plus 2 or 3 more that start

up automatically at boot time and are not cought by Spyware. They appear to use random names.In addition when I establish a modem connection without opening a brouser something kicks in and downloads the same junk.
I'd like to get the lastest fixes ,assuming there are any, for Windows98 but I can't do anything

with IE and that's the only thing that will do it. TrendHousecall allso seems to require IE.
Hope this is enough hints so someone can help me.

Mike

This is my latest HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 6:31:43 AM, on 5/31/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\HIJACKTHIS\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\HIJACKTHIS\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\bhbyd.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\bhbyd.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
res://C:\WINDOWS\bhbyd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\bhbyd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\bhbyd.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\bhbyd.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\bhbyd.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://home.microsof...search.asp?p=%s
R3 - Default URLSearchHook is missing
N2 - Netscape 6: user_pref("browser.startup.homepage",
"http://www.vermontel.net/~mhebb/"); (C:\WINDOWS\Application
Data\Mozilla\Profiles\default\50wmt18r.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine",
"engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_02.src");
(C:\WINDOWS\Application Data\Mozilla\Profiles\default\50wmt18r.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {66D3FDEB-5F0C-6338-124F-0738805DC97D} -
C:\WINDOWS\SYSTEM\MFCFC32.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - Startup: SpywareGuard.lnk = C:\HijackThis\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akama...n/QuickTimeInst

aller.exe
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl
Class) - http://65.19.78.71//activex/AMC.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = vermontel.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vermontel.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
204.164.106.2,204.164.106.8
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP