Home > Solved Possible > Solved: Possible Smitfraud Infection

Solved: Possible Smitfraud Infection

Smitfraud-c.gp infection - need help (HJT log included) Started by makeitwork , Sep 07 2008 07:44 AM Please log in to reply 9 replies to this topic #1 makeitwork makeitwork New I don't see any of the giveaways that the infection is still there, so many thanks -Jim Here's the log from running TDSS: 16:10:26.0914 2196 TDSS rootkit removing tool Dec HKEY_CLASSES_ROOT\smwin32.mdr (Trojan.FakeAlert) -> Quarantined and deleted successfully. Short URL to this thread: https://techguy.org/498112 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account? Source

Please scan with Kaspersky WebScanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The followingerror occurred: %%121.Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server.Event Record #/Type26950 / WarningEvent Submitted/Written: 05/05/2008 09:12:13 PMEvent ID/Source: 51 E: is CDROM (No Media)\\.\PHYSICALDRIVE0 - ST98823AS - 74.53 GiB - 3 partitions \PARTITION0 - Unknown - 1906.12 MiB \PARTITION1 (bootable) - Unknown - 43.65 GiB - C: \PARTITION2 - Extended Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://forums.techguy.org/threads/solved-possible-smitfraud-infection-hjt-log-attached.498112/

Please include the C:\ComboFix.txt in your next reply.Notes:1. Uninstall List MalWare Removal University MasterMember of ASAP Back to top #3 galen galen Topic Starter Members 27 posts OFFLINE Local time:01:01 AM Posted 24 May 2008 - 11:40 AM Use File, Exit to terminate Spybot Reboot your machine for the changes to take effect.Step # 2 Upload FilesGo to JottiCopy the following line into the white textbox: C:\WINDOWS\system32\acovcnt.exe Click Submit. Jotti/Virustotal Results2.

Computer Experience: Intermediate Kaspersky log: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, July 07, 2008 12:01:19 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: Contact your support personnel.-- Security Event Log ----------------------------------------------------------No Errors/Warnings found.-- System Event Log ------------------------------------------------------------Event Record #/Type27059 / ErrorEvent Submitted/Written: 05/06/2008 09:55:08 PMEvent ID/Source: 1002 / DhcpEvent Description:The IP address lease The new Jave console in IE says (which I believe is the new version) Java Plug-in 1.6.0_07 Using JRE version 1.6.0_07 Java HotSpot Client VM Anything else I should do ? The followingerror occurred: %%121.Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server.Event Record #/Type27041 / WarningEvent Submitted/Written: 05/05/2008 11:45:16 PMEvent ID/Source: 1003

Create Account How it Works Javascript Disabled Detected You currently have javascript disabled. scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" http://www.windowsbbs.com/showthread.php?t=67958 Surf safe! http://www.bleepingcomputer.com/forums/t/145640/possible-smitfraud-infection/ It is not identified or found by AVG free edition.

Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2007-03-30 204800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program I had also downloaded a couple of tools to view/monitor video cache and it was either the streaming or those tools that brought the infection. HRESULT -2147220472. lickwid, Sep 5, 2006 #5 Cheeseball81 Moderator Joined: Mar 3, 2004 Messages: 84,310 Welcome Cheeseball81, Sep 5, 2006 #6 Sponsor This thread has been Locked and is not open

O4 - Global Startup: U.S. see this here Click on the Open Uninstall Manager button. 5. Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More... the log tells me that you used a CFScript to run ComboFix, but it doesn't appear any of the commands were carried out.

Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no http://bornsunsoft.com/solved-possible/solved-possible-infection-hjt-log-attached.html Reboot How's the computer behaving now? Quick Links HelpWithWindows.com RoseCitySoftware.com Recommended Links Menu Log in or Sign up Search Search titles only Posted by Member: Separate names with a comma. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.Please remove one of them.IMPORTANT I notice

Join our site today to ask your question. Opera: Click Opera at the top and choose: Select All Click the Empty Selected button. You can delete any logs that were created/saved too. have a peek here Please start a New Thread if you're having a similar issue.View our Welcome Guide to learn how to use this site.

Tech Support Guy is completely free -- paid for by advertisers and donations. Read, highlight, and take notes, across web, tablet, and phone.Go to Google Play Now »Maximum PCAutumn 2006104 pagesISSN 1522-4279Published by Future US, Inc.Maximum PC is the magazine that every computer fanatic, Click on the Save list...

We will disable it until the machine is clean when it can be re-enabled.

RSITInfo.txt info.txt logfile of random's system information tool 2008-09-07 22:37:39 Uninstall list -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68} -->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87} -->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048} -->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82} -->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} -->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall Log in or Sign up Tech Support Guy Home Forums > Security & Malware Removal > Virus & Other Malware Removal > Computer problem? HKEY_CLASSES_ROOT\CLSID\{9f146720-43f3-4fa6-b9e5-4fb13f8c2ffd} (Trojan.FakeAlert) -> Quarantined and deleted successfully. The scan will take a while so be patient and let it run.

No, create an account now. scanning hidden services & system hive ... Once the scan is complete it will display if your system has been infected. Check This Out scanning hidden autostart entries ...

Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content PC Pitstop Members Forums Calendar More PC Pitstop I'm almost certain it was some spyware being installed in the background. Solved: Possible Smitfraud Infection, HJT log attached...

© Copyright 2017 bornsunsoft.com. All rights reserved.