Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

smithfraud-c [RESOLVED]

  • This topic is locked This topic is locked



    New Member

  • Member
  • Pip
  • 2 posts
I have recently recovered from a relatively painful ordeal involving having acquired a virus. i've managed to get rid of it, but i think it may have installed something on my computer that i can't seem to get rid of. About every half hour or so my virus scan (avast!) tells me that i have adware in D:\Windows\system32\1024\ld4A2C.tmp\[UPX]. I tell it to delete it every time. i finally got fed up and deleted the .tmp file myself, but that didn't help. After i just a thorough system scan it came up about a dozen times telling me that the same file was infected. evertime i'd tell it to delete it and it would pop up with an error saying that it can't find the file. I also can't seem to get rid of a registry value that spybot keeps finding called "Smithfraud-c" i've scanned several times while the os was booting up, but everytime thus far was when the virus was still there. a friend told me that i had a rootkit installed, and i think that that may have caused spybot's inability to get rid of the spyware, even when it was starting up. The reason i think the virus scan and spybot is related is mostly just because of timing.

Logfile of HijackThis v1.99.1
Scan saved at 2:59:05 PM, on 11/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\Program Files\Apache Group\Apache2\bin\Apache.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\OpenAFS\Client\Program\afsd_service.exe
D:\Program Files\Apache Group\Apache2\bin\Apache.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\MIT\Kerberos\bin\krbcc32s.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Program Files\OpenAFS\Client\Program\afscreds.exe
D:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Stefan\My Documents\Unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.cmu.edu/myandrew/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - D:\WINDOWS\system32\hp6657.tmp
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UpdateManager] "D:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] D:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe D:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "D:\DOCUME~1\Stefan\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AFS Credentials.lnk = D:\Program Files\OpenAFS\Client\Program\afscreds.exe
O4 - Global Startup: Monitor Apache Servers.lnk = D:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: &Viewpoint Search - res://D:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115497786687
O20 - Winlogon Notify: AfsLogon - D:\WINDOWS\SYSTEM32\afslogon.dll
O20 - Winlogon Notify: KFWLogon - D:\WINDOWS\SYSTEM32\afslogon.dll
O20 - Winlogon Notify: NavLogon - D:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - D:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OpenAFS Client Service (TransarcAFSDaemon) - OpenAFS Project - D:\Program Files\OpenAFS\Client\Program\afsd_service.exe
O23 - Service: UJ - Unknown owner - D:\DOCUME~1\Stefan\LOCALS~1\Temp\UJ.exe (file missing)

PS - I did go a little nuts trying to get rid of the virus, so if you think i may have deleted something important, please let me know

Thank you
  • 0




    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello and welcome to GeeksToGo!

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijackthis log in this thread.

If you have resolved this issue please let us know.
  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I managed to get rid of the problem myself
Thank you
  • 0



    Malware Expert

  • Retired Staff
  • 7,457 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP