Smitfraud, Yazzle, Vundo removal attempted but computer running extremely slowly.

By Simonss
Jan 2, 2007
Topic Status:
Not open for further replies.
  1. Hi,

    Have a windows 2000 PC with all new updates.

    Have followed the advice given in the sticky topics.

    Have ran SB S&D, Adaware, AVG AntiSpyware, AVG Anti virus.
    I have also ran the four tools listed in the sticky for
    Smitfraud, Vundo, Virtumundo however I was unable to get the Look2Me tool to run.
    (All the above has been ran in safe mode)

    Problems include Smitfraud-C.Toolbar888, a Vundo infected dll. YazzleSoduko.

    Computer runs at a snails pace in normal mode, fine when in safe mode. Results in scans taking a very long time in normal mode!

    HJT Log attached

    Any help would be VERY much appreciated
  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Hello and welcome to Techspot.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.


    If after reading the above you decide you want to clean your system, do the following.


    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.


    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


    Regards Howard :wave: :wave:


    This thread is for the use of Simonss only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. Simonss

    Simonss Newcomer, in training Topic Starter

    avg spyware log
  4. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    internat.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

    O4 - HKLM\..\RunOnce: [VundoFix] "C:\Documents and Settings\Simon1\Desktop\vundofix.exe"

    O4 - HKCU\..\Run: [internat.exe] internat.exe

    O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudioClient-5.1.0\bin\ZendIEToolbar.dll/DebugCurrent.html

    O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudioClient-5.1.0\bin\ZendIEToolbar.dll/DebugNext.html

    O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL

    O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL

    O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab

    O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.asda-photo.co.uk/wpp/asda/app/opcuploader.cab

    O16 - DPF: {E4F2B0F2-AE18-4254-9167-A8EE66E55A6F} (VivioAX Control 3.4) - https://www.cs.tcd.ie/Jeremy.Jones/vivio/vivioAX.cab

    Click on the fix checked button.

    Close HJT.

    I need some info on the location of internat.exe. This file can be good or bad depending on it`s whereabouts on your system.

    Locate this file and tell me the full directory path. internat.exe Do not delete it.

    Post a fresh HJT log as well as the info on internat.exe

    Regards Howard :)

    This thread is for the use of Simonss only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. Simonss

    Simonss Newcomer, in training Topic Starter

    internat.exe seems to be a legitamate file.

    I have two copies of the file both created on same date and same size (20.2kb, Jan 1999)
    Locations are:
    C:\WINNT\system32\dllcache
    C:\WINNT\system32\

    new HJT log attached - kept one item - Account Tracking Manager as I know this is real and not causing problems.
  6. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Ok, thanks for the info.

    Your HJT log is clean.

    Run the CCleaner programme as per these instructions.

    Download the Ccleaner programme from HERE.

    Run the programme and make sure all the boxes are ticked under the Windows and Applications tabs. Click the run cleaner button with no browsers open. Do this several times. once done, you should be good to go.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Simonss only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. Simonss

    Simonss Newcomer, in training Topic Starter

    Computer is still running extremely slowly. Scans are taking hours to complete and in some cases not completing at all.

    Thinking this might be related to Trojan Lop.AS. I was infected with this but managed to remove it during the "preliminary removal instructions process". It has not reappeared since however with my HJT logs clean I dont know what else could be causing this.

    Looking in task manager doesn't show any application hogging 100% CPU even when the PC is running very slowly.

    Any suggestions would be appreciated.
  8. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Download the following three files ( rmparite.exe, rmparite.nt, rmparite.dos) and run the rmparite.exe file.

    You can also specify the disks (or partitions) to heal as a command parameters, e.g.: "rmparite C: D:". If the command is used without parameters, it heals all disks (partitions) on computer.

    Note:
    Successful running of the remover requires administrator rights. For proper functionality of the remover it is necessary to save the rmparite.nt and rmparite.dos into the same folder as rmparite.exe. After the healing process please run the AVG Complete Test to make sure your computer is virus-free.

    Then, do the following.

    Download Findlop by Metallica. Unzip it to your desktop. Double click findlop.bat. It will open a notepad file. Copy the content of that file and paste it here in your reply.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Window Search
    Window Searching
    Lop.com
    LOP SEARCH
    Browser Enhancer
    Ultimate Browser Enhancer
    Messneger Plus
    Uninstall any other entries you don`t recognise.

    Let me know if any of the above helps.

    Regards Howard :)

    This thread is for the use of Simonss only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  9. Simonss

    Simonss Newcomer, in training Topic Starter

    Based on what I have read elsewhere etc I have done some more scans but still can't seem to find any reason why my computer is still running at a snails pace.

    ran in safe mode - normal mode takes hours to scan

    NoLop.exe found nothing
    rmpartite.exe found nothing i think - no log file then automatically closed.
    smitfraud fix found nothing
    vundofix found nothing
    virtumundo found nothing
    look to me could not be ran
    spybot S&D found hotsearchbar.
    adaware found nothing
    avg antispyware found nothing serious (see log)
    ran cc cleaner a number of times
    ran diskeeper 10 twice and did a boot time defrag.

    Still not joy, comp runs like a dog in normal mode.

    Ran the above findlop.bat file and the result was:

    [TRACE] Enumerating jobs and queues
  10. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Try temporarily uninstalling Diskeeper as there is an entry in your HJT log for the Windows defragger. This may be slowing your system down.

    Let me know the results and post a fresh HJT log.

    Regards Howard :)

    EDIT: Also try this.

    Go to start > controlpanel > software > add/remove programs and uninstall next if present:

    Oin
    Yazzle by Oin
    Purityscan by Oin
    Snowballwars by Oin
    or anything similar with Oin in it.

    If OIN not listed, download and run this uninstaller.


    This thread is for the use of Simonss only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.