Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smitfraud-C.generic [Closed]


  • This topic is locked This topic is locked

#16
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

did you have a chance to note down the error code of the BSOD, or is it rebooting automatically?

Have you run ComboFix in the past and did you get the same error then?

regards myrti
  • 0

Advertisements


#17
James Brady

James Brady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
It's the type that reboots right away, but I snagged a picture anyway just in case that big number is relevant.

Before I came to the site I wanted to use combofix on my own for the virus and had the same problem.
  • 0

#18
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,
please run TDSSKiller instead then:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

  • 0

#19
James Brady

James Brady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hello, Tdsskiller found it, I was watching and it was the very last thing it scanned.

P.S. I thought I could just leave the proram by clicking next, and now it's set to remove the file ater a resart, I will abstain from restarting though for now just in case.

Here's the text:

Attached File  TDSSKiller.txt   9.89KB   46 downloads
  • 0

#20
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

that log says "scan interrupted by user" and doesn't find anything. Do you have another log?

Do you remember where it found the infection? Did it say it was in a partition?

regards myrti
  • 0

#21
James Brady

James Brady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Shoot, I had tried to start another scan to do it without choosing to delete on restart, but canceled it when I found the file, I must've gotten the new file from the scan I started and canceled.

Also my computer turned itself off when I was away....

I try another scan and see if it's still the same.
  • 0

#22
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

well I have a good idea what was on the PC which is why we ran TDSSKiller, if it turned off and on again successfully, that means all went well too. So there's not too much to worry about.

I was really just trying to collect the necessary information to undo what was done in case things go bad. (Which they don't often do, but it's always worth to be prepared for the worse. ;))

If you remember what it found, I'd still like to know though.

regards myrti
  • 0

#23
James Brady

James Brady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Tada!

I will restart then.

Attached File  TDSSKiller.txt   73.88KB   50 downloads
  • 0

#24
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

did the reboot go well? How is the PC doing now?

regards myrti
  • 0

#25
James Brady

James Brady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
The PC booted up fine, but I ran a scan with spybot and the virus showed back up.
  • 0

Advertisements


#26
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

can you give me the exact name of the virus found and the file in which it found it.

regards myrti
  • 0

#27
James Brady

James Brady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Well according to TdssKiller I guess the name of the virus was "Rootkit.Boot.Pihar.b"

But spybot just calls it "Smitfraud-C.generic", and says it's in "C://windows/svchost.exe"

P.S. Spybot used to delete it but now says I don't have the privileges.
  • 0

#28
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

they are not detecting the same infection. The infection TDSSKiller found is installed on its own partition and does not (normally) drop files onto your windows partition. Therefore anything found in your windows partition is likely to be from a different type of infection.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

  • 0

#29
James Brady

James Brady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I guess two of the viruses it found were already quarantined by Spybot.

Attached File  ESETScan.txt   371bytes   44 downloads
  • 0

#30
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

the other was in your temporary files, not an active infection either.

So is Spybot still seeing SmitFruad? And if so in which file?

regards myrti
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP