Hi, My pc seems to have the popular "strike" of the guard services. Sophos and zone alarms have let this in zone alarms now wont do a virus scan and Sophos, well.... Can anyone assist please on my HJT flog file please? Scan saved at 03:15:50, on 30/04/2006 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\EPSON\ESM2\eEBSVC.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\atmclk.exe C:\WINNT\System32\dcomcfg.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Steam\Steam.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe C:\WINNT\System32\wuauclt.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\WINNT\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\ZoneLabs\isafe.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Bob Bob\Local Settings\Temp\HijackThis.exe O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINNT\System32\hp46AC.tmp O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINNT\System32\ZoneLabs\isafe.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: Sophos AutoUpdate Service - Sophos plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe Many thanks.
Hi icepick66, Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip Unzip it (folder named SmitFraudFix) to your desktop: Boot your computer to SAFEMODE. Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files. You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys. The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter". The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode. A textfile will appear after the cleaning process, copy this file and paste it to here. Tha log is saved to your local diskdrive, usually C:\rapport.txt.
Many thanks for your V Quick support. Here is the log SmitFraudFix v2.37 Scan done at 18:11:10.75, Sun 30/04/2006 Run from C:\Documents and Settings\Bob Bob\Desktop\SmitfraudFix OS: Microsoft Windows 2000 [Version 5.00.2195] »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINNT\system32\atmclk.exe Deleted C:\WINNT\system32\dcomcfg.exe Deleted C:\WINNT\system32\hp????.tmp Deleted C:\WINNT\system32\ld????.tmp Deleted C:\WINNT\system32\ot.ico Deleted C:\WINNT\system32\simpole.tlb Deleted C:\WINNT\system32\stdole3.tlb Deleted C:\WINNT\system32\ts.ico Deleted C:\WINNT\system32\1024\ Deleted C:\Documents and Settings\Bob Bob\Application Data\Install.dat Deleted C:\DOCUME~1\BOBBOB~1\FAVORI~1\Antivirus Test Online.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» End
