Sign in to follow this  
tykra

Computer Attacked

Recommended Posts

I don't know much about computers and how to remove stuff like this. I've never had to I'm always very careful but somehow I got hit by this. If I go into the registry it locks up immidiatly, same with task manager. I don't know what else to do. I don't know much but this is an extreem pain in the neck. Someone please explain to me fromt he very start how to get rid of this I can't figure it out

Share this post


Link to post
Share on other sites

Hi ALL!

 

I'm from Italy :)

 

I have the same problem... http://antispywarebox.com/ etc etc all the windows, etc.

 

This afternoon I sow it in my notebook... i read the guide #46 and I think, I delete the problem because for the moment i have not see it again. (to delete it is sufficent to do that??)

 

But now, I discover the same problem in my PC :| :|

 

How is it possible???? Probabilly because they are all connected with a router??

Anyway, tomorrow I'll try to do the same (#46) with this PC, but can u tell me what is it?? Is a virus?? How could i get it? Is the first time i see a thing like this :S

 

My antivirus, router firewall... :) nothing stop it.

(?) what's it?

Please make me know... and sorry for my English.

Share this post


Link to post
Share on other sites

Thanks CalamityJane the Smitfraudfix from Post #46 worked for me too, only i still have some strange files:

 

Directory: C:\Documents and Settings\Jan\Local settings\Temp\

 

Files: Perflib_Perfdata_484.dat, Perflib_Perfdata_db0.dat, Perflib_Perfdata_dcc.dat

Directory: is-AUHU7.tmp (empty) and _ZCTmp.dir with the file _ZC000.tmp in it.

 

Should i try to delete them ?, or leave them alone ?

 

Thank you if you will look in to this.

Share this post


Link to post
Share on other sites
only i still have some strange files:

 

Directory: C:\Documents and Settings\Jan\Local settings\Temp\

 

Files: Perflib_Perfdata_484.dat, Perflib_Perfdata_db0.dat, Perflib_Perfdata_dcc.dat

Directory: is-AUHU7.tmp (empty) and _ZCTmp.dir with the file _ZC000.tmp in it.

 

Should i try to delete them ?, or leave them alone ?

 

You can delete them and ALL of the files in the temp folder.

C:\Documents and Settings\Jan\Local settings\Temp

If a few files cannot be deleted from the Temp folder that is normal as some files may be in use at the time.

 

Additionally clear out your cache (Temporary Internet Files folder) and empty your recycle bin

 

Another way to do this is go to Start > Run and type in the box: cleanmgr

Wait while windows scans your system for files to delete to free up disk space.

Make sure these 3 only are checkmarked:

 

Temporary Files

Temporary Internet Files

Recycle bin

 

I would recommend you do that for all users on the system

 

You can then delete the SmitfraudFix folder and zip file on your desktop as it will no longer be needed.

If you should encounter another Smitfraud infection, it can be downloaded fresh as it is updated frequently for new pests of this family of Hijackers.

 

Follow up with a complete system scan with Adaware. This will check for any leftovers or irregularities in your system settings, registry, etc.

 

Once your system is all clean, be sure to reset your System Restore (Windows XP and ME)....why?

One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

 

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

 

(winXP)

 

1. Turn off System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Put a Checkmark in the box next to "Turn off System Restore".

Click Apply, and then click OK.

 

2. Reboot.

 

3. Turn ON System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Remove the checkmark next to "Turn off System Restore".

Click Apply, and then click OK.

 

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/default.aspx?...kb;en-us;310405

 

We have found that this malware takes advantage of unpatched systems using exploits on webpages...so be SURE that you have ALL windows critical security updates

http://update.microsoft.com/microsoftupdate/

 

Other victims have been infected by a fake ecard greeting, or spoofed email purporting to be Windows Update (Microsoft never sends updates via email) or any other email asking to to click a link (watch out..that email could be fake!) or perhaps even, links from "buddies" in IMs (don't trust those if you aren't expecting it...it could be your "buddy" is infected and against his knowledge the virus on his PC is sending you that link to click and infect YOU!

 

Also watch out for fake codecs! This is another favorite method. You get a link to view a video and it says you need (this or that) codec to view it. Be careful! Many times that is a fake codec that is actually a trojan waiting to infect your system.

 

How do I prevent Browser Hijacks and Spyware?

http://www.dslreports.com/faq/13620

 

That article will give you some helpful tips and free programs to help prevent future infections. Hope that helps! :)

Share this post


Link to post
Share on other sites
Someone please explain to me fromt he very start how to get rid of this I can't figure it out

Rocco,

 

A free tool has been developed by a volunteer researcher to remove this nasty for you. I'll post the directions again for anyone reading this:

 

Good news! The free tool, SmitfraudFix has been updated for this variant. :)

 

If you already had it, please delete the prior version SmitfraudFix folder and files and download the new version 2.57 (or higher) SmitfraudFix

 

1. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

 

How to extract (decompress) zipped or compressed files

http://www.lvsonline.com/compresstut/index.shtml

 

Note : process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky, Panda) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

 

 

2. Reboot into Safe Mode

You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

 

How to start the computer in Safe mode

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

 

3. Once in Safe mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd

 

Select option #2 - Clean by typing 2 and press Enter.

Wait for the tool to complete and disk cleanup to finish.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

 

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

 

Note: This tool will remove the (Smitfraud) fake antispyware program, latest varient called Antispywarebox, and any prior similar variants, however, if you had a bundled malware problem, there may be other issues that remain If you ONLY had the Smitfraud pest alone, this tool should be all you need.

......................................

4. If you are still having a problem, please scan with HijackThis to produce a log.

 

Instructions on creating a HijackThis Log

http://www.lavasoftsupport.com/index.php?showtopic=216

 

However, we ask that your FIRST scan your system with Adaware SE to clear any other infections that may interfere with or make extra work for our volunteer helpers.

IMPORTANT - Before Posting a HijackThis Log

http://www.lavasoftsupport.com/index.php?showtopic=660

 

Post that log into a new topic here:

http://www.lavasoftsupport.com/index.php?showforum=36

 

along with the other requested logs named below.

 

Logs needed in your next post are:

 

The log from SmitfraudFix called rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed

Logs needed in your next post are:

 

rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed

 

Fresh HijackThis log

 

.

Share this post


Link to post
Share on other sites
Sign in to follow this