Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Smitfraud Remnants [CLOSED]

Started by bebattey , Jan 09 2008 06:33 PM

  • This topic is locked This topic is locked

#1
bebattey
Posted 09 January 2008 - 06:33 PM

bebattey

    New Member

  • Member
  • Pip
  • 2 posts
I've been infected with Smitfraud O.o

Happened in the morning, I took steps to get rid of it. First i ran Spybot S&D, got rid of random spycrap, but not Smitfraud. Next I ran Spybot and HijackThis in safe mode, which I believe got rid of Smitfraud, because the crap that's happening has receded, but still remains.

HijackThis is consistently showing two BHO's, xxwww.dll and opnljig.dll in system32. I check them, click to get rid, but next scan shows them up again. I found xxwww.exe in system32 and deleted it.

Here's my HijackThis log.

Please and thank you ^_^ You all rock my socks.

Right now I'm running firefox and hijackthis with no explorer....it kind of disappeared while I was surfing O.o

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:43 PM, on 1/9/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Data\Downloads\VundoFix.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 973 bytes
  • 0

Advertisements

#2
andrewuk
Posted 14 January 2008 - 05:38 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi bebattey

welcome back to geekstogo :)

sorry to keep you waiting. lets do a deeper scan of your machine to give me something to work off.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

andrewuk

Edited by andrewuk, 14 January 2008 - 05:38 PM.

  • 0

#3
andrewuk
Posted 19 January 2008 - 12:00 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP