Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SmitFraud.c & W32Netsky.P Virus [RESOLVED]


  • This topic is locked This topic is locked

#31
SmokyGirl

SmokyGirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
ALL THAT TIME & only now is Active Scan ACTUALLY scanning the PC!

B, I'm going to have to get to bed or I'll never make it to work tomorrow. I'll let you know how the scan and reg-edits turn out.

Nite .... Panda has found 1 so far.
  • 0

Advertisements


#32
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Make sure to save the log for me ;)

See you later today :tazz:
  • 0

#33
SmokyGirl

SmokyGirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I'm finally back Bananafanafo!

First, here is the SymEvent.txt file:


REGEDIT4

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\SymEvnt]
"StaticVxD"="C:\\PROGRA~1\\SYMANTEC\\SYMEVNT.386"

Now for Active Scans' log:


Incident - - - Status - - - Location

1. Adware:adware/comet - - - No disinfected - - - C:\WINDOWS\DOWNLOADED PROGRAM FILES\cc.inf
2. Spyware:Spyware/Smitfraud - - - No disinfected - - - C:\WINDOWS\SYSTEM\oleadm.dll
3. Possible Virus. No disinfected C:\Program Files\Utilities\Trial Software\DiamondCS TDS-3\dcsres.exe
  • 0

#34
SmokyGirl

SmokyGirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Bananafanafo,

I used Killbox to delete

C:\WINDOWS\DOWNLOADED PROGRAM FILES\cc.inf
and
C:\WINDOWS\SYSTEM\oleadm.dll [on this one I selected the option to unregister .dll file before deleting.]

  • 0

#35
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Copy everything inside the code box below (starting with REGEDIT4) and paste it into notepad. Go up to "File > Save As", then click the drop-down box to change the "Save As Type" to "All Files". Save it as symevent.reg on your desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\SymEvnt]
Double-click symevent.reg on your desktop. When asked if you want to merge with the registry click YES.

It was just as I expected, so this will take care of the Symantec error message. :tazz: After this I need you reboot, then install AVG again - you shouldn't have problems this time.

It's odd that oleadm.dll file was present but wininet.dll is not infected. So, it may have been infected since the last time we checked, so let 's check it again:

Please go here: Jotti Virus Scan

Click the "browse" button and locate this file:

C:\WINDOWS\System\wininet.dll

Click "Open", then click the "Submit" button. Copy the results and paste them here along with a new HiJackThis log.
  • 0

#36
SmokyGirl

SmokyGirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Do you want AVG installed before I go to Jotti Scan? .... I thought I'd cleaned up wininet.dll earlier, but who knows.:tazz:
  • 0

#37
SmokyGirl

SmokyGirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Jotti Virus Scan Report:

File: Wininet.dll
Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 3d3f0083f8c210541884b4625083257d

I'm off to reinstall AVG. :tazz:
  • 0

#38
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts

I thought I'd cleaned up wininet.dll earlier, but who knows

That's almost impossible to do by conventional means ;) But, it's excellent that it is not infected :tazz:

After AVG is installed, reboot and post a new HijackThis log and of course let me know if you run into any of the problems you had previously.
  • 0

#39
SmokyGirl

SmokyGirl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
AVG scan ran clean; no problems or infections. :help:
Also the pesky Symantec error message is gone. :help:
It looks like you accomplished the impossible and helped me clear up all the problems on my friend's PC! :tazz: ;) ;)

Here is the latest Hijack file:


Logfile of HijackThis v1.99.1
Scan saved at 10:50:06 PM, on 7/17/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\3DFX INTERACTIVE\3DFX TOOLS\APPS\3DFXMAN.EXE
C:\WINDOWS\SYSTEM\HPZTSB06.EXE
C:\PROGRAM FILES\UTILITIES\AVG FREE ANTI-VIRUS V7.0\AVGCC.EXE
C:\PROGRAM FILES\UTILITIES\AVG FREE ANTI-VIRUS V7.0\AVGEMC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\UTILITIES\AVG FREE ANTI-VIRUS V7.0\AVGAMSVR.EXE
C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TIES
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb06.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\UTILIT~1\AVGFRE~1.0\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\UTILIT~1\AVGFRE~1.0\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\UTILIT~1\AVGFRE~1.0\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .scr: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab

Bananafanafo,
What's your personal opinion, should I install Norton Anti-Virus on here or just leave it with AVG? :help:

  • 0

#40
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
That's great news :tazz:

My personal opinion is do NOT re-install Norton. I prefer AVG and use it myself. ;)

I do have some recommendations to help keep the system clean ;)

First, and foremost, the system needs a firewall! Two good free versions are Sygate (preferably), and ZoneAlarm.

Then, I highly recommend the Google Toolbar to prevent pop-up windows, which is extremly important.

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

  • 0

Advertisements


#41
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP