Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan-Spy>HTML.Smitfraud.c

Started by CookieMonster , Jul 04 2005 07:41 AM

  • Please log in to reply

#1
CookieMonster
Posted 04 July 2005 - 07:41 AM

CookieMonster

    New Member

  • Member
  • Pip
  • 5 posts
Hi beforehand thank you for this site and the help and supporrt you provide. :tazz:

OK now..I got the blue screen with the leyend:
Fatal error in IE at 0028 : 00011e36 in VXD UMM(01) + 00010e36
Trojan-Spy.HTML.Smitfraud.c

I already run spybot and Antivir , Antivir detected this ones

C:\windows\SYS 124.EXE
C:Documents ans settings\owner\local Settings\Tempfolder
C:Windows\System 32\intell 32.EXE
trojanhorse TR\Desktophijak.B
trojanhorse TR\agent EO
C;Windows\Uninstn.EXE
Windows SYS 1338. EXE
TrojanR\D ldr.1st Bar.Q42 SYS 1522.EXE
everytime the pop window from Activir appeared , asked if i want to delete the trojanhorse file I say yes but still got the problem.

Please help my computer its so slow that takes time to write this down , I already download the tool Hijack this .
Here a copy of the HIjack this utility :


Logfile of HijackThis v1.99.1
Scan saved at 7:36:03 AM, on 04/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\WINDOWS\system32\S3apphk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\WINDOWS\SYSTEM32\install32m.exe
C:\Program Files\Maven\mavenAgent.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\Program Files\Maven\mavenUpdater.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\sys1053.exe
C:\WINDOWS\sys1058.exe
C:\Program Files\AVPersonal\AVWIN.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\sys1235.exe
C:\WINDOWS\sys137.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe install32m.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\system32\intel32.exe
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Owner\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{24C44423-7CE2-4B61-A7BD-6CA8447DEC16}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE
O4 - Startup: Start Maven Updater.lnk = C:\Program Files\Maven\mavenUpdater.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\skins\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Start Maven Client.lnk = C:\Program Files\Maven\mavenAgent.exe
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O16 - DPF: {11F8D6A0-01C6-4A23-A40F-1C3A560B99EA} (MavenInstallerAXControl Class) - http://client.maven....enInstaller.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...llInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: mavencache - {DB47FDC2-8C38-4413-9C78-D1A68BF24EED} - C:\Program Files\Maven\protocolHandlers.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Is this da one u need to check? please forgive my Ignorance ;) .
  • 0

Advertisements

#2
CookieMonster
Posted 04 July 2005 - 08:39 AM

CookieMonster

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I been reading all the post similar at mine , so I download the KillBox but not install yet , seems is da tool to use too , Im tryin my best to get trough this , but i dont know for how long Im gona still have Internet , S.O.S . my baby keep me awake , anyhow happy 4th o July guys .

Will reformating the computer fix this problem? or will it infect everything again ?

Cookie.

Edited by CookieMonster, 04 July 2005 - 09:20 AM.

  • 0

#3
CookieMonster
Posted 04 July 2005 - 01:44 PM

CookieMonster

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
WOW!!
Now im on page 5 !! can someone Please respond to this post?

maybe u guys are gettin tired of the same questions over and over again , sorry for the Stupid questions , and forgive my Ignorance in this matter.

thank you .
  • 0

#4
CookieMonster
Posted 04 July 2005 - 06:21 PM

CookieMonster

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OK well.... I scan with ewido security suite , and give me this report ;

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:56:07 PM, 04/07/2005
+ Report-Checksum: 3F634ABD

+ Date of database: 04/07/2005
+ Version of scan engine: v3.0

+ Duration: 213 min
+ Scanned Files: 356869
+ Speed: 27.91 Files/Second
+ Infected files: 31
+ Removed files: 17
+ Files put in quarantine: 17
+ Files that could not be opened: 0
+ Files that could not be cleaned: 14

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
C:\

+ Scan result:
C:\Program Files\AVPersonal\INFECTED\INTEL32.EXE.001 -> Trojan.Agent.ff -> Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\INTEL32.EXE.VIR -> Trojan.Agent.ff -> Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\intel32.VIR -> Trojan.Agent.ff -> Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\ISTINSTALL_154992[1].EXE.001 -> TrojanDownloader.IstBar -> Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\ISTINSTALL_154992[1].EXE.002 -> TrojanDownloader.IstBar -> Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\ISTINSTALL_154992[1].EXE.VIR -> TrojanDownloader.IstBar -> Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\SYS012.EXE.VIR -> TrojanDownloader.IstBar -> Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\SYS04.EXE.VIR -> TrojanDownloader.IstBar -> Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\SYS3355.EXE.VIR -> TrojanDownloader.IstBar -> Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\SYS5928.EXE.VIR -> TrojanDownloader.IstBar -> Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\UNINSTIU.EXE.001 -> Trojan.Agent.ff -> Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\UNINSTIU.EXE.VIR -> Trojan.Agent.ff -> Cleaned with backup
C:\WINDOWS\sys1446.exe -> Trojan.Agent.ff -> Cleaned with backup
C:\WINDOWS\SYSTEM32\oleadm.dll -> Trojan.Agent.ff -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\INTEL32.EXE.001 -> Trojan.Agent.ff -> Error during cleaning
C:\Program Files\AVPersonal\INFECTED\INTEL32.EXE.VIR -> Trojan.Agent.ff -> Error during cleaning
C:\Program Files\AVPersonal\INFECTED\intel32.VIR -> Trojan.Agent.ff -> Error during cleaning
C:\Program Files\AVPersonal\INFECTED\ISTINSTALL_154992[1].EXE.001 -> TrojanDownloader.IstBar -> Error during cleaning
C:\Program Files\AVPersonal\INFECTED\ISTINSTALL_154992[1].EXE.002 -> TrojanDownloader.IstBar -> Error during cleaning
C:\Program Files\AVPersonal\INFECTED\ISTINSTALL_154992[1].EXE.VIR -> TrojanDownloader.IstBar -> Error during cleaning
C:\Program Files\AVPersonal\INFECTED\SYS012.EXE.VIR -> TrojanDownloader.IstBar -> Error during cleaning
C:\Program Files\AVPersonal\INFECTED\SYS04.EXE.VIR -> TrojanDownloader.IstBar -> Error during cleaning
C:\Program Files\AVPersonal\INFECTED\SYS3355.EXE.VIR -> TrojanDownloader.IstBar -> Error during cleaning
C:\Program Files\AVPersonal\INFECTED\SYS5928.EXE.VIR -> TrojanDownloader.IstBar -> Error during cleaning
C:\Program Files\AVPersonal\INFECTED\UNINSTIU.EXE.001 -> Trojan.Agent.ff -> Error during cleaning
C:\Program Files\AVPersonal\INFECTED\UNINSTIU.EXE.VIR -> Trojan.Agent.ff -> Error during cleaning
C:\WINDOWS\sys1446.exe -> Trojan.Agent.ff -> Error during cleaning
C:\WINDOWS\SYSTEM32\oleadm.dll -> Trojan.Agent.ff -> Error during cleaning


::Report End

so maybe im BUMPIN in my own POSt ;) but guys really need this puter to run ( as maybe everyone else ) Im gonna try to save as much I can of my INFo. if i dont get an answer at nite , Im gonna Reformat the computer :tazz: hope that helps , lol , I know ur busy busy guys , so I hope to get an answer......

p.s. By the way I already did that thing of "show hidden folders" k.

Cookie

Edited by CookieMonster, 04 July 2005 - 06:35 PM.

  • 0

#5
CookieMonster
Posted 04 July 2005 - 10:02 PM

CookieMonster

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Well........ Time to say so LONG.

Im gonna reformat my computer I really dont know if it gonna work or not , but
wut da heck !! LOL
I try to save as much as I can of some v.i.files I have in here , as u say guys maybe I bump in my reply My bad :tazz: but cannot wait as for 5 or 8 days for a respond..... that if im lucky , gonna take my chances only way to learn , thank you very much guys to have this site for helpin da PPL .

Guys you need a better tutorial In how to deal with Trojans , u know already were to start , I think the ppl will appreciate that . as for example how to "identify" ;) wich files to delete... etc .
anyhow just my 2 cents .

You are DA GEEKS TO GO !!!

Cookie.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP