1.

Solve : "Warning! Potential Spyware Operation!..."?

Answer»

Bravo!

Next step.

1. Print out these instructions as we will NEED to close every window that is open later in the fix.

2. Download SmitfraudFix.exe from here and save it to your desktop:

http://www.bleepingcomputer.com/files/smitfraudfix.php

3. Next, please reboot your computer into Safe Mode by doing the following:

a. Restart your computer

b. Start tapping F8 key

c. A menu will appear

d. Select the first option, to run Windows in Safe Mode.

4. Close all open Windows.

5. Now, double-click on the SmitFraudfix icon.

6. When the tool first starts you will see a CREDITS screen. Simply press any key on your keyboard to get to the next screen.

7. You will now see a menu. Press the number 2 on your keyboard and the press the Enter key to choose the option Clean.

8. The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program.
This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this INFECTION. This process can take up a long time depending on your computer, so please be patient. When it is complete, it will close automatically and you should continue with next step.

9. When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the Enter key.

10. When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot.

11. Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer.
Save that log to your desktop, and attach it to your next reply.
SmitFraudFix v2.250

Scan done at 23:05:27.43, Thu 11/08/2007
Run from C:\Documents and Settings\Computer\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


192.168.200.3ad.doubleclick.net
192.168.200.3ad.fastclick.net
192.168.200.3ads.fastclick.net
192.168.200.3ar.atwola.com
192.168.200.3atdmt.com
192.168.200.3avp.ch
192.168.200.3avp.com
192.168.200.3*Blocked Russian URL*
192.168.200.3awaps.net
192.168.200.3banner.fastclick.net
192.168.200.3banners.fastclick.net
192.168.200.3ca.com
192.168.200.3click.atdmt.com
192.168.200.3clicks.atdmt.com
192.168.200.3customer.symantec.com
192.168.200.3dispatch.mcafee.com
192.168.200.3download.mcafee.com
192.168.200.3downloads-us1.kaspersky-labs.com
192.168.200.3downloads-us2.kaspersky-labs.com
192.168.200.3downloads-us3.kaspersky-labs.com
192.168.200.3downloads1.kaspersky-labs.com
192.168.200.3downloads2.kaspersky-labs.com
192.168.200.3downloads3.kaspersky-labs.com
192.168.200.3downloads4.kaspersky-labs.com
192.168.200.3engine.awaps.net
192.168.200.3f-secure.com
192.168.200.3fastclick.net
192.168.200.3ftp.avp.ch
192.168.200.3ftp.downloads1.kaspersky-labs.com
192.168.200.3ftp.downloads2.kaspersky-labs.com
192.168.200.3ftp.downloads3.kaspersky-labs.com
192.168.200.3ftp.f-secure.com
192.168.200.3*Blocked Russian URL*
192.168.200.3ftp.sophos.com
192.168.200.3ids.kaspersky-labs.com
192.168.200.3kaspersky-labs.com
192.168.200.3kaspersky.com
192.168.200.3liveupdate.symantec.com
192.168.200.3liveupdate.symantecliveupdate.com
192.168.200.3mast.mcafee.com
192.168.200.3mcafee.com
192.168.200.3media.fastclick.net
192.168.200.3my-etrust.com
192.168.200.3nai.com
192.168.200.3networkassociates.com
192.168.200.3norton.com
192.168.200.3phx.corporate-ir.net
192.168.200.3rads.mcafee.com
192.168.200.3secure.nai.com
192.168.200.3securityresponse.symantec.com
192.168.200.3service1.symantec.com
192.168.200.3sophos.com
192.168.200.3spd.atdmt.com
192.168.200.3symantec.com
192.168.200.3trendmicro.com
192.168.200.3update.symantec.com
192.168.200.3updates.symantec.com
192.168.200.3updates1.kaspersky-labs.com
192.168.200.3updates2.kaspersky-labs.com
192.168.200.3updates3.kaspersky-labs.com
192.168.200.3updates4.kaspersky-labs.com
192.168.200.3updates5.kaspersky-labs.com
192.168.200.3us.mcafee.com
192.168.200.3vil.nai.com
192.168.200.3viruslist.com
192.168.200.3*Blocked Russian URL*
192.168.200.3virusscan.jotti.org
192.168.200.3virustotal.com
192.168.200.3www.avp.ch
192.168.200.3www.avp.com
192.168.200.3*Blocked Russian URL*
192.168.200.3www.awaps.net
192.168.200.3www.ca.com
192.168.200.3www.f-secure.com
192.168.200.3www.fastclick.net
192.168.200.3www.grisoft.com
192.168.200.3www.kaspersky-labs.com
192.168.200.3www.kaspersky.com
192.168.200.3*Blocked Russian URL*
192.168.200.3www.mcafee.com
192.168.200.3www.my-etrust.com
192.168.200.3www.nai.com
192.168.200.3www.networkassociates.com
192.168.200.3www.sophos.com
192.168.200.3www.symantec.com
192.168.200.3www.symantec.com
192.168.200.3www.trendmicro.com
192.168.200.3www.viruslist.com
192.168.200.3*Blocked Russian URL*
192.168.200.3www.virustotal.com
192.168.200.3www3.ca.com

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\bronto.dll Deleted
C:\WINDOWS\system32\printer.exe Deleted
C:\WINDOWS\system32\WinAvXX.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{96C10D87-0213-462A-B4EE-2DE10818F12C}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{96C10D87-0213-462A-B4EE-2DE10818F12C}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{96C10D87-0213-462A-B4EE-2DE10818F12C}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Reboot



»»»»»»»»»»»»»»»»»»»»»»»» End
Very nice!

Now, post your fresh HJT log.Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:23:52 PM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Computer\My Documents\HiJackThis_v2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - Trusted Zone: www.youtube.com
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories CACHE daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)

--
End of file - 3285 bytesLet me see what crap you have left there....Beautiful!!! Your computer is totally clean.
One more thing, though. I can see, you're running Comodo firewall already (I didn't ask you to install it, yet), and your Windows firewall is on, as well.
You can't run two firewalls at the same time.
Turn your Windows firewall off (it's next to worthless, anyway), by following:
# Click on the Start Menu
# Click on Control Panel
# Click on Security Center
# Click on Windows Firewall toward the bottom the Security Center Window.
# Choosing between the “On” or “Off” will turn enable or disable Windows Firewall.

Post back.yayy. windows firewall is off now. does that mean i'm all done? It looks like...Just let me know, how your computer is doing...hurrah, i will. thankyou SOO much! it seems to be great so far. Just don't screw it again.....LOL


Discussion

No Comment Found

Related InterviewSolutions