Smitfraud.c
Started by
freebird53
, Jun 24 2005 11:26 AM
#31
Posted 26 June 2005 - 03:01 PM
#32
Posted 26 June 2005 - 03:10 PM
Can I do this without going into safe mode?...I've had to do everything else that way.
#33
Posted 26 June 2005 - 03:17 PM
That will do just fine.
Please go here: Jotti Virus Scan
Click the "browse" button and locate this file:
C:\WINNT\System32\wininet.dll
Click "Open", then click the "Submit" button. Copy the results and paste them here.
***
Copy everything in the code box below and paste it into notepad. Go up to "File > Save As..." and click the drop-down box to change the "Save As Type" to "All Files". Save it as wininet.bat on your desktop.
Double click wininet.bat and when it is ready it will open files.txt
Copy the content of files.txt and paste it here.
Please go here: Jotti Virus Scan
Click the "browse" button and locate this file:
C:\WINNT\System32\wininet.dll
Click "Open", then click the "Submit" button. Copy the results and paste them here.
***
Copy everything in the code box below and paste it into notepad. Go up to "File > Save As..." and click the drop-down box to change the "Save As Type" to "All Files". Save it as wininet.bat on your desktop.
dir %Systemdrive%\wininet.dll /a h /s > files.txt
start notepad files.txt
Double click wininet.bat and when it is ready it will open files.txt
Copy the content of files.txt and paste it here.
Edited by g2i2r4, 26 June 2005 - 03:30 PM.
#34
Posted 26 June 2005 - 03:22 PM
Ok, but I want to tell you something that happened during all of the things that went on yesterday. I have never used Windows 2000 so I'm not sure what is normal in that OS. When I couldn't log on as Administrator on Friday night (it kept telling me my password was incorrect and I know it wasnt), I left it and when I came back and finally got Windows to come back up, I have a window now that pops up asking me to press CTRL ALT DEL before I can put the password to log on. That was not happening before. Is this something in Windows 2000?
#35
Posted 26 June 2005 - 03:26 PM
I don't know to be honest.
I take it it's not your computer then? Does the owner recognise this behaviour?
I take it it's not your computer then? Does the owner recognise this behaviour?
#36
Posted 26 June 2005 - 03:26 PM
Ok, I'm confused...go to that site on the computer I'm trying to fix?
#37
Posted 26 June 2005 - 03:29 PM
Yep
#38
Posted 26 June 2005 - 03:31 PM
No, it's a friends and they didn't have a virus scanner or firewall on it and let their son download all of these files from Kazaa on his business computer.....so I was trying to help them out.....sheeshhhhhhh....won't do that again
#39
Posted 26 June 2005 - 03:32 PM
#40
Posted 26 June 2005 - 03:33 PM
OK,...I'm going to do step 1 first....I'm a little leary of logging in here on that computer though because some of the viruses record keystrokes from what I've read
#41
Posted 26 June 2005 - 03:35 PM
will be back in a few when I'm done....thanks...will let ya know when I'm here
#42
Posted 26 June 2005 - 04:17 PM
Ok, here are the results from the scan. That file I found was not wininet.dll Everything was in caps like WININET.DLL and the scan was almost 100% when it stalled. this is what the page said.
Last file scanned at least one scanner reported something about: Backdoor.Win32.Codbot.ag in dhcpclient.exe, detected by:
Scanner Malware name
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
Dr.Web BackDoor.IRC.Moto
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus Backdoor.Win32.Codbot.ag
NOD32 X
Norman Virus Control X
VBA32 X
This is the report from the wininet.bat file:
Directory of C:\WINNT\$NtServicePackUninstall$
07/22/2002 03:05p 461,584 wininet.dll
1 File(s) 461,584 bytes
Directory of C:\WINNT\$NtUninstallSP2SRP1$
05/08/2001 08:00a 467,728 wininet.dll
1 File(s) 467,728 bytes
Directory of C:\WINNT\ServicePackFiles\i386
06/19/2003 03:05p 466,704 wininet.dll
1 File(s) 466,704 bytes
Directory of C:\WINNT\system32
08/23/2004 07:32p 589,312 WININET.DLL
1 File(s) 589,312 bytes
Directory of C:\WINNT\system32\dllcache
08/23/2004 07:32p 589,312 WININET.DLL
1 File(s) 589,312 bytes
Last file scanned at least one scanner reported something about: Backdoor.Win32.Codbot.ag in dhcpclient.exe, detected by:
Scanner Malware name
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
Dr.Web BackDoor.IRC.Moto
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus Backdoor.Win32.Codbot.ag
NOD32 X
Norman Virus Control X
VBA32 X
This is the report from the wininet.bat file:
Directory of C:\WINNT\$NtServicePackUninstall$
07/22/2002 03:05p 461,584 wininet.dll
1 File(s) 461,584 bytes
Directory of C:\WINNT\$NtUninstallSP2SRP1$
05/08/2001 08:00a 467,728 wininet.dll
1 File(s) 467,728 bytes
Directory of C:\WINNT\ServicePackFiles\i386
06/19/2003 03:05p 466,704 wininet.dll
1 File(s) 466,704 bytes
Directory of C:\WINNT\system32
08/23/2004 07:32p 589,312 WININET.DLL
1 File(s) 589,312 bytes
Directory of C:\WINNT\system32\dllcache
08/23/2004 07:32p 589,312 WININET.DLL
1 File(s) 589,312 bytes
#43
Posted 26 June 2005 - 04:21 PM
Hmmmm....now thats strange....when it was scanning I wrote down the viruses it said it had detected previously and they were these (not the ones I just posted)
These are what I wrote down :
Win32.Trojan.KillFiles.u in update.exe
Win32:Trojan-gen.{u}
Trojan.W32.Msbook
Win32.Trojan.KillFiles.u
These are what I wrote down :
Win32.Trojan.KillFiles.u in update.exe
Win32:Trojan-gen.{u}
Trojan.W32.Msbook
Win32.Trojan.KillFiles.u
#44
Posted 26 June 2005 - 04:23 PM
Well, that scan didn't work. These are result for a scan done on another file.
Try this one please.
http://www.virustota...h/index_en.html
Try this one please.
http://www.virustota...h/index_en.html
#45
Posted 26 June 2005 - 04:25 PM
ok...i'll try but after a few minutes online everything seems to freeze
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users