TechSpot

help! melaware threats problem

By phooey
Jun 11, 2007
  1. followed the instructions on how to remove malware/spyware etc.... i stopped with step 10, after downloading toolkit1.... shall i do the cleaning or just the search? i did the search and the results are

    what do i do next????


    xoxo
    chiaz, thanks, i ddint know where to post a new thread.... i'm so lost.... urgh

    uh...malware problems i mean
     
  2. chiaz

    chiaz TS Rookie

    Hello again. :)

    I'm not sure if I'm allowed to help you, so moderators just give me a nudge if there are official helpers for this.


    In the meantime phooey, You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".


    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning : running option #2 on a non infected computer will remove your Desktop background.




    This thread is for the use of phooey only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in security and the web forum.
     
  3. phooey

    phooey TS Rookie Topic Starter

    i did so....

    but i ddnt see SmitfraudFix folder... why is that??? and my pc froze
     
  4. chiaz

    chiaz TS Rookie

    Apparently the folder you have it in is:
    C:\Program Files\Mozilla Firefox\SmitfraudFix


    And when does your system freeze?





    This thread is for the use of phooey only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in security and the web forum.
     
  5. phooey

    phooey TS Rookie Topic Starter

    i opted to try again and hurrah.... im on to step 11....thanks...!!!!!
     
  6. chiaz

    chiaz TS Rookie

    After Step 11, skip Step 12 and go on to Step 13, 14 and 15. Thanks. :)



    This thread is for the use of phooey only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in security and the web forum.
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Instructions for using each tool in step 10 are on the download sites, you are advised to follow the instructions for using each tool. ;)

    I don`t advise skipping step12 as it is quite important and I need to see a Combofix log.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, once you have completed the instructions.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of phooey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. phooey

    phooey TS Rookie Topic Starter

    yow

    here are the logs........ :wave:
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Go HERE and download and run the Parite removal tool. Follow the instructions.

    Post a fresh HJT as well as a fresh Combofix log once done.

    Regards Howard :)

    This thread is for the use of phooey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. phooey

    phooey TS Rookie Topic Starter

    fresh hjt n combo...

    :) thanks again!!!

    i'll see your reply tomorrow... i still have to review... ciao...!!!!
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    NuNinst.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYPH

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\NuNinst.exe

    Reboot into normal mode and rehide your protected OS files.

    Post fresh HJT and Combofix logs.

    Regards Howard :)

    This thread is for the use of phooey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
     
  12. phooey

    phooey TS Rookie Topic Starter

    here they are...

    thanks again :)
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your logfiles are clean.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of phooey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. phooey

    phooey TS Rookie Topic Starter

    whew!!

    thanks a whole lot!!!!! :hotbounce
     
  15. phooey

    phooey TS Rookie Topic Starter

    good day...

    'zup? i forgot how to post a new topic soo.... anyway... could you please take a look at my latest logfile?
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    It`s ok, there`s no need to start a new thread.

    Your HJT log is clean.

    Regards Howard :)

    This thread is for the use of phooey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. phooey

    phooey TS Rookie Topic Starter

    thanks...!
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.