1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Thought I Had It Fixed [Spyfalcon, Securityuptodate.com]

Discussion in 'Malware and Virus Removal Archive' started by CLARKMAIL, 2006/05/15.

  1. 2006/05/15
    CLARKMAIL

    CLARKMAIL Inactive Thread Starter

    Joined:
    2006/05/15
    Messages:
    2
    Likes Received:
    0
    :( I know that my machine has a Spyware and/or virus problem. I was getting the full page blurb from "SpyFalcon" and "securityuptodate" was highjacking my home page. I tried to get rid of them and thought I had succeeded, but a small, red bordered, box still pops up in the lower right hand corner and tells me "Your computer is infected! ".

    I really don't know what to do next, other than reformat. Can anyone be of help in this matter?

    Thanx,
    Clarky
     
    CLARKMAIL,
    #1
  2. 2006/05/16
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    CLARKMAIL - Welcome to the Board :)

    Please observe Posting Rules #3 - Meaningful Subject - I have adjusted your title.

    Follow the instructions in Post #2 in this thread and we'll take it from there ....

    http://www.windowsbbs.com/showthread.php?t=54097

    Click on SmitfraudFix which is highlighted in blue - this is a link to the download. Download HijackThis through Quicklinks in my signature - click on Quicklinks and again on HijackThis - save it to a folder on your hard drive, say C:\HJT - not to the Desktop or a temporary folder.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2006/05/16
    CLARKMAIL

    CLARKMAIL Inactive Thread Starter

    Joined:
    2006/05/15
    Messages:
    2
    Likes Received:
    0
    SmitFraudFix v2.44

    Scan done at 12:27:02.17, 16 May, 2006
    Run from C:\Documents and Settings\STAN CLARK\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\appmagr.dll FOUND !
    C:\WINDOWS\system32\dcomcfg.exe FOUND !
    C:\WINDOWS\system32\ot.ico FOUND !
    C:\WINDOWS\system32\simpole.tlb FOUND !
    C:\WINDOWS\system32\stdole3.tlb FOUND !
    C:\WINDOWS\system32\ts.ico FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\STAN CLARK\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\STANCL~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source "= "About:Home "
    "SubscribedURL "= "About:Home "
    "FriendlyName "= "My Current Home Page "


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
    CLARKMAIL,
    #3
  5. 2006/05/16
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    OK - the next step ....

    You may like to print out these instructions as you will be unable to connect to the Internet to read them while in Safe Mode.

    Boot into Safe Mode and log onto your usual account.
    In Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd

    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ? "; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter ".

    The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process - a copy of this file is saved as C:\rapport.txt.

    Stay in or reboot into Safe Mode and double click on hijackthis.exe and select 'Scan and save a log file'

    Boot into normal mode and paste the contents of the SmitfraudFix log and the HJT log - saved to the same folder as you ran HJT from - into your next post.
     
    PeteC,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...