Reply
 
Thread ToolsSpacer Display Modes Spacer
Old 11-20-2008, 01:35 PM   #11
scotfan

Advanced Member
 
scotfan's Avatar
 
Join Date:
Mar 2008
Location:
Scotland
Posts:
191
Shouts:
0
Thanks:
108

Rep Power:
scotfan is on a distinguished road
Default

Do not try online banking or using cards online until fixed, most trojans have keyloggers.

This was the original post from bleepingcomputer:
I am at my wits end. Tried Spy Bot, Ad-Aware, Zone Alarm, Norton Anti-Virus and nothing is helping with the hijacked homepage, pop-ups and System Alert: Trojan-Spy.Win32@mx with the yellow triangle warning sign on the bar. Can some one help, please?!


Try this:
Download SmitfraudFix.exe from here and save it to your desktop

http://www.bleepingcomputer.com/files/smitfraudfix.php

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".


The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows.


No guarantees that this will fix the problem but I do think its your best bet (it worked for the guy who sent in the question)

Good luck
scotfan is offline   Reply With Quote
The Following User Says Thank You to scotfan For This Useful Post:
BigBadSi (11-20-2008)
Old 11-20-2008, 02:15 PM   #12
cdawg

Advanced Member
 
cdawg's Avatar
 
Join Date:
Mar 2008
Location:
baytown,tx. USA or where ever
Posts:
202
Shouts:
1196
Thanks:
211

Rep Power:
cdawg is on a distinguished road
Send a message via Yahoo to cdawg
Default

I would suggest refraining from doing anything remotely tied in with personel info on the puter,just the slightest hint of a password could get you in trouble with trojans on your puter,it happened to me with just innocently putting password for just my email with personel stuff on it
cdawg is offline   Reply With Quote
Old 11-20-2008, 04:03 PM   #13
BigBadSi

2k No Life Club
 
BigBadSi's Avatar
 
Join Date:
Dec 2006
Location:
Leeds,England
Posts:
6,174
Shouts:
3174
Thanks:
9,563

Rep Power:
BigBadSi is on a distinguished road
Default

hope i arnt saying this too soon but it looks like you could have done me good scotfan....watch this space
__________________
Marching on together, were gonna see you win,we are so proud were shouting out loud we love you LEEDS,,,,LEEDS,,,,,LEEDS!!!!
Pattaya,Pattaya...Poo Ying Love you mak mak
BigBadSi is offline   Reply With Quote
Old 11-20-2008, 04:10 PM   #14
BigBadSi

2k No Life Club
 
BigBadSi's Avatar
 
Join Date:
Dec 2006
Location:
Leeds,England
Posts:
6,174
Shouts:
3174
Thanks:
9,563

Rep Power:
BigBadSi is on a distinguished road
Default

nope not all gone got this one still

System alert:maleware threats

your pc MIGHT be infected with a backdoor trojan that allows remote attacker to perform malicious actions

emphasise on the word might,could this just be an advertising thingy
__________________
Marching on together, were gonna see you win,we are so proud were shouting out loud we love you LEEDS,,,,LEEDS,,,,,LEEDS!!!!
Pattaya,Pattaya...Poo Ying Love you mak mak
BigBadSi is offline   Reply With Quote
Old 11-21-2008, 02:28 AM   #15
Chuck_Wao

Advanced Member
 
Chuck_Wao's Avatar
 
Join Date:
Dec 2006
Location:
ChillyJockoLand
Posts:
573
Shouts:
393
Thanks:
3,073

Rep Power:
Chuck_Wao is on a distinguished road
Thumbs up

Try this Si - I've been using it for years and its not bad and free to boot!

http://www.avast.com/

Move your mouse to free software at the top and then download "avast! HOME EDITION" and try that.

Good Luck!!




PS I wouldn't put Norton on my PC if they paid me...

Last edited by Chuck_Wao : 11-21-2008 at 02:38 AM. Reason: Forgot the Norton thingie
Chuck_Wao is offline   Reply With Quote
Old 11-21-2008, 03:04 AM   #16
yusamile

Advanced Member
 
yusamile's Avatar
 
Join Date:
Dec 2006
Location:
here and now.
Posts:
3,964
Shouts:
148
Thanks:
1,284

Rep Power:
yusamile is an unknown quantity at this point
Default

Quote:
Originally Posted by BigBadSi View Post
nope not all gone got this one still

System alert:maleware threats

your pc MIGHT be infected with a backdoor trojan that allows remote attacker to perform malicious actions

emphasise on the word might,could this just be an advertising thingy
Sometimes you can get these messages that ask you to do a Free system scan with their product, then you scan and they come up with a list of threats they have found on your comp. Then they say you cannot delete the little buggas until you sign up for their full version, then they infect you with trojans etc etc.

Best if you can identify who or what program is giving you these alerts. Sometimes it sounds like a legit spyware removal prog. Never click on for free spyware tests. This is how these things can start. Once you clean some of this shit up, always go to Control panel, ..Add / remove progs and look to see if theres anything you dont recognise or like, and delete it. Sometimes go into your Prog Files and look for folders still left lingering with small traces of shit after it has supposedly been removed and manually delete.

Looks like your making progress anyway,...sometimes this takes a while and you may need seveal attempts and tools, but its better that losing all your shit on a new install. Unlesss of course its only photos and stuff which you can back up to disk and then reload.
__________________
A typical day at the office for Mr Samile,.................................. ...................................... ...........................
yusamile is offline   Reply With Quote
Old 11-21-2008, 08:49 AM   #17
scotfan

Advanced Member
 
scotfan's Avatar
 
Join Date:
Mar 2008
Location:
Scotland
Posts:
191
Shouts:
0
Thanks:
108

Rep Power:
scotfan is on a distinguished road
Default

Exactly that. You must still have a registry entry giving you a popup to a "free" spyware program which is trying to con you out of cash better spent in a bar in Patts. Run ALL the legit antispyware progs I suggested and see if they can at least identify what you may or may not still have. Let me know and I should be able to find the removal tool.
scotfan is offline   Reply With Quote
Old 11-22-2008, 01:52 PM   #18
BigBadSi

2k No Life Club
 
BigBadSi's Avatar
 
Join Date:
Dec 2006
Location:
Leeds,England
Posts:
6,174
Shouts:
3174
Thanks:
9,563

Rep Power:
BigBadSi is on a distinguished road
Default

a new development

none of the scans have worked that avast was ok but scared the hell out of me when it was warning me about an attempted attack,it was almost like being on a warship.

Ive now tried something new, i was using my standard packard bell browser before and everytime i logged on pop ups about spyware and maleware were rife,and windows was warning me that i was infected,ive just now downl.oaded mozilla and hey presto not one pop up,not one system alert no windows warnings etc.

I wonder if it could just have been localised to my browser and that i am not infected just my browser was,any thoughts.?
__________________
Marching on together, were gonna see you win,we are so proud were shouting out loud we love you LEEDS,,,,LEEDS,,,,,LEEDS!!!!
Pattaya,Pattaya...Poo Ying Love you mak mak
BigBadSi is offline   Reply With Quote
Old 11-22-2008, 03:18 PM   #19
Chuck_Wao

Advanced Member
 
Chuck_Wao's Avatar
 
Join Date:
Dec 2006
Location:
ChillyJockoLand
Posts:
573
Shouts:
393
Thanks:
3,073

Rep Power:
Chuck_Wao is on a distinguished road
Default

LOL! Sorry Si I forgot the KLAXON NOISE !!!!!

Have a wade through here if you have some time http://www.moneysavingexpert.com/sho...virus-software

Good Luck and dont forget your ear defenders next time! LOL!

Lex
Chuck_Wao is offline   Reply With Quote
Old 11-22-2008, 03:43 PM   #20
monkeyspanker

Sexual Tyrannosaurus
 
monkeyspanker's Avatar
 
Join Date:
Jan 2007
Location:
Mo`s Taven
Posts:
2,709
Shouts:
3550
Thanks:
3,476

Rep Power:
monkeyspanker is on a distinguished road
Default

si, have/had the same thing.
ok on firefox but ie caused probs.

think i got rid of it after about 3 weeks trying.

scrapped all the spyware as couldnt shift it, put new version of nod32 on it it immediatly found a few "missed" trojans.

been ok for last week (fingers crossed)

i have a version which gives 27 years trial, no patching keycodes etc.

if you want i can send you a copy (19 meg-ish)

can break it down or upload to rapidshare no probs

always worth a try if you still have probd
__________________
"I'd like to thank God for making me an atheist"..
monkeyspanker is offline   Reply With Quote
The Following 2 Users Say Thank You to monkeyspanker For This Useful Post:
BigBadSi (11-22-2008), Chuck_Wao (11-22-2008)
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump