Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Smitfraud

Started by Ogalog , Dec 03 2005 12:32 PM

  • This topic is locked This topic is locked

#1
Ogalog
Posted 03 December 2005 - 12:32 PM

Ogalog

    New Member

  • Member
  • Pip
  • 2 posts
Help Me!

I got Smitfraud on my pc... its not coming up to often but im getting the pop up and occasional tray icon warning... heres a scan using Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 18:31:53, on 03/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\AvastAntivirus4\aswUpdSv.exe
C:\Program Files\AvastAntivirus4\ashServ.exe
C:\Program Files\ewidosecurity suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AvastAntivirus4\ashMaiSv.exe
C:\Program Files\AvastAntivirus4\ashWebSv.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\PROGRA~1\AvastAntivirus4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewidosecurity suite\ewidoguard.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = PlusNet Internet Explorer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AvastAntivirus4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{0262F156-C33B-418A-8268-C174F293902A}: NameServer = 212.159.13.49,212.159.13.50,212.159.6.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{0262F156-C33B-418A-8268-C174F293902A}: NameServer = 212.159.13.49,212.159.13.50,212.159.6.9
O17 - HKLM\System\CS2\Services\Tcpip\..\{0262F156-C33B-418A-8268-C174F293902A}: NameServer = 212.159.13.49,212.159.13.50,212.159.6.9
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\AvastAntivirus4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\AvastAntivirus4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\AvastAntivirus4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\AvastAntivirus4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewidosecurity suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewidosecurity suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

You'll notice im using ewido because I read another topic before making my own... Please Save Me!

Edited by Ogalog, 03 December 2005 - 01:10 PM.

  • 0

Advertisements

#2
Ogalog
Posted 03 December 2005 - 01:32 PM

Ogalog

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Please Could Someone post? Even if theres no obvious problem... these pop ups are starting to get on my nerves!
  • 0

#3
g2i2r4
Posted 04 December 2005 - 12:33 PM

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome Ogalog to Geeks to Go!

please open Start> Run and type MSConfig in the 'Run' box. When the System Configuration Utility opens, go to the 'Startup Tab' and make sure there is a checkmark beside each entry. Then the general tab should have the "normal startup" option checked. REBOOT when asked to by Windows to complete the change

After completing the above please scan again with HJT and POST a new HJT log in here in this topic using 'Add Reply' to see what there is to clean.

I really need to see what's in there before I can advise you.


EDIT:
As there has been no reply from the original poster for ten days this topic is now closed.

If you are the original poster and still need assistance, please send me a PM.

Edited by g2i2r4, 15 December 2005 - 03:16 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP