damn youuu www. s y ssecurity.com

Discussion in 'Windows - Virus and spyware problems' started by usama89, Jun 30, 2006.

  1. usama89

    usama89 Member

    Joined:
    Jun 30, 2006
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    11
    hiya, i ran smitfraudfix like someone suggested on a different thhread- here are my results:

    SmitFraudFix v2.65

    Scan done at 15:00:30.00, 30/06/2006
    Run from C:\Documents and Settings\Allan\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\atmclk.exe FOUND !
    C:\WINDOWS\system32\dcomcfg.exe FOUND !
    C:\WINDOWS\system32\hp???.tmp FOUND !
    C:\WINDOWS\system32\hp????.tmp FOUND !
    C:\WINDOWS\system32\ld????.tmp FOUND !
    C:\WINDOWS\system32\ot.ico FOUND !
    C:\WINDOWS\system32\regperf.exe FOUND !
    C:\WINDOWS\system32\simpole.tlb FOUND !
    C:\WINDOWS\system32\stdole3.tlb FOUND !
    C:\WINDOWS\system32\1024\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Allan\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Allan\FAVORI~1

    C:\DOCUME~1\Allan\FAVORI~1\Antivirus Test Online.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{af3fd9a8-1287-4159-9212-9a5b4494af70}"="ecosystems"

    [HKEY_CLASSES_ROOT\CLSID\{af3fd9a8-1287-4159-9212-9a5b4494af70}\InProcServer32]
    @="C:\WINDOWS\System32\guxxa.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{af3fd9a8-1287-4159-9212-9a5b4494af70}\InProcServer32]
    @="C:\WINDOWS\System32\guxxa.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Does anyone know what to do next!! please help
     
  2. tapiiri

    tapiiri Regular member

    Joined:
    Jun 11, 2005
    Messages:
    1,142
    Likes Received:
    0
    Trophy Points:
    46
    Hi usama89,

    * Reboot your computer in Safe Mode

    http://www.pchell.com/support/safemode.shtml

    * Double-click smitfraudfix.cmd
    * Select 2 and hit Enter to delete infect files.
    * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
    * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
    * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

    Send it here along with a fresh HjT log.
     
  3. munx

    munx Regular member

    Joined:
    Apr 3, 2005
    Messages:
    184
    Likes Received:
    0
    Trophy Points:
    26
    Just building on that, when you do try to erase it, make sure system restore is off, otherwise when you erase the infected files, they still might come back when you try to restore. So turn it off, erase and turn it on again after reboot
     
  4. tapiiri

    tapiiri Regular member

    Joined:
    Jun 11, 2005
    Messages:
    1,142
    Likes Received:
    0
    Trophy Points:
    46
    Yes good point @munx
     

Share This Page