Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smitfraud.c


  • This topic is locked This topic is locked

#31
freebird53

freebird53

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
All of those programs did show up in HiJack This and i followed your instructions on the uninstall and delete. All except the hibcdfu file. Now, I am working on my computer and transferring all of this over to the other one. Will it be ok for me to just c&p what you just sent to a disc and transfer it over to the other computer?
  • 0

Advertisements


#32
freebird53

freebird53

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Can I do this without going into safe mode?...I've had to do everything else that way.
  • 0

#33
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
That will do just fine.

Please go here: Jotti Virus Scan

Click the "browse" button and locate this file:

C:\WINNT\System32\wininet.dll

Click "Open", then click the "Submit" button. Copy the results and paste them here.

***

Copy everything in the code box below and paste it into notepad. Go up to "File > Save As..." and click the drop-down box to change the "Save As Type" to "All Files". Save it as wininet.bat on your desktop.

dir %Systemdrive%\wininet.dll /a h /s > files.txt
start notepad files.txt


Double click wininet.bat and when it is ready it will open files.txt
Copy the content of files.txt and paste it here.

Edited by g2i2r4, 26 June 2005 - 03:30 PM.

  • 0

#34
freebird53

freebird53

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Ok, but I want to tell you something that happened during all of the things that went on yesterday. I have never used Windows 2000 so I'm not sure what is normal in that OS. When I couldn't log on as Administrator on Friday night (it kept telling me my password was incorrect and I know it wasnt), I left it and when I came back and finally got Windows to come back up, I have a window now that pops up asking me to press CTRL ALT DEL before I can put the password to log on. That was not happening before. Is this something in Windows 2000?
  • 0

#35
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
I don't know to be honest.
I take it it's not your computer then? Does the owner recognise this behaviour?
  • 0

#36
freebird53

freebird53

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Ok, I'm confused...go to that site on the computer I'm trying to fix?
  • 0

#37
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Yep
  • 0

#38
freebird53

freebird53

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
No, it's a friends and they didn't have a virus scanner or firewall on it and let their son download all of these files from Kazaa on his business computer.....so I was trying to help them out.....sheeshhhhhhh....won't do that again
  • 0

#39
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
:tazz: ;) ;)
  • 0

#40
freebird53

freebird53

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
OK,...I'm going to do step 1 first....I'm a little leary of logging in here on that computer though because some of the viruses record keystrokes from what I've read
  • 0

Advertisements


#41
freebird53

freebird53

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
will be back in a few when I'm done....thanks...will let ya know when I'm here
  • 0

#42
freebird53

freebird53

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Ok, here are the results from the scan. That file I found was not wininet.dll Everything was in caps like WININET.DLL and the scan was almost 100% when it stalled. this is what the page said.

Last file scanned at least one scanner reported something about: Backdoor.Win32.Codbot.ag in dhcpclient.exe, detected by:

Scanner Malware name
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
Dr.Web BackDoor.IRC.Moto
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus Backdoor.Win32.Codbot.ag
NOD32 X
Norman Virus Control X
VBA32 X




This is the report from the wininet.bat file:

Directory of C:\WINNT\$NtServicePackUninstall$

07/22/2002 03:05p 461,584 wininet.dll
1 File(s) 461,584 bytes

Directory of C:\WINNT\$NtUninstallSP2SRP1$

05/08/2001 08:00a 467,728 wininet.dll
1 File(s) 467,728 bytes

Directory of C:\WINNT\ServicePackFiles\i386

06/19/2003 03:05p 466,704 wininet.dll
1 File(s) 466,704 bytes

Directory of C:\WINNT\system32

08/23/2004 07:32p 589,312 WININET.DLL
1 File(s) 589,312 bytes

Directory of C:\WINNT\system32\dllcache

08/23/2004 07:32p 589,312 WININET.DLL
1 File(s) 589,312 bytes
  • 0

#43
freebird53

freebird53

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hmmmm....now thats strange....when it was scanning I wrote down the viruses it said it had detected previously and they were these (not the ones I just posted)

These are what I wrote down :
Win32.Trojan.KillFiles.u in update.exe
Win32:Trojan-gen.{u}
Trojan.W32.Msbook
Win32.Trojan.KillFiles.u
  • 0

#44
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Well, that scan didn't work. These are result for a scan done on another file.

Try this one please.
http://www.virustota...h/index_en.html
  • 0

#45
freebird53

freebird53

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
ok...i'll try but after a few minutes online everything seems to freeze
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP