Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Smitfraud

Started by mhebb , May 31 2005 09:18 AM

  • Please log in to reply

#1
mhebb
Posted 31 May 2005 - 09:18 AM

mhebb

    New Member

  • Member
  • Pip
  • 1 posts
I am fairly PC literate. I've just been hit by the Smitfraud virus and was able to clean much of

it up using notes on your site. Got my screen background back etc. There's some very inconvenient stuff still happening that I need

help getting rid of. I'm running Ad-aware professional weekly or so and Spywareguard continually

on Windows 98 system. I downloaded and ran Cleanup. I've used Netscape predominantly but have

started using Firefox for browsing.
Whenever I open windows explorer Spyware guard tells me my browser IE home page and other

settings are being changed to the :Blank page. In addition I can't print anything. The

application says I haven't set a default printer. When I go into Settings/Printers I again get

the same Spyguard messages about the ID settings being changed and the screen shows a default

printer really is set so there's basically no printing possible. In the process list the

HPZTSB04 is the HP printer tool. It can print sample pages OK.
Whenever IE comes up it homes in on the :Blank page and a lot of junk downloads. It is usually a

couple dozen zero length .exe files to Windows and to System folder plus 2 or 3 more that start

up automatically at boot time and are not cought by Spyware. They appear to use random names.In addition when I establish a modem connection without opening a brouser something kicks in and downloads the same junk.
I'd like to get the lastest fixes ,assuming there are any, for Windows98 but I can't do anything

with IE and that's the only thing that will do it. TrendHousecall allso seems to require IE.
Hope this is enough hints so someone can help me.

Mike

This is my latest HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 6:31:43 AM, on 5/31/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\HIJACKTHIS\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\HIJACKTHIS\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\bhbyd.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\bhbyd.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
res://C:\WINDOWS\bhbyd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\bhbyd.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\bhbyd.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\bhbyd.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\bhbyd.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://home.microsof...search.asp?p=%s
R3 - Default URLSearchHook is missing
N2 - Netscape 6: user_pref("browser.startup.homepage",
"http://www.vermontel.net/~mhebb/"); (C:\WINDOWS\Application
Data\Mozilla\Profiles\default\50wmt18r.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine",
"engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_02.src");
(C:\WINDOWS\Application Data\Mozilla\Profiles\default\50wmt18r.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {66D3FDEB-5F0C-6338-124F-0738805DC97D} -
C:\WINDOWS\SYSTEM\MFCFC32.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - Startup: SpywareGuard.lnk = C:\HijackThis\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akama...n/QuickTimeInst

aller.exe
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl
Class) - http://65.19.78.71//activex/AMC.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = vermontel.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vermontel.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
204.164.106.2,204.164.106.8
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP