smitfraud

[jack9]

Hi Howard
After getting a virus/spyware (SMITFRAUD-RPCC DLL) on my machine I have read and executed your preliminary removal instructions.
. I have uninstalled F-secure and spybot which were unable to delete smitfraud. Now i am having avg antivirus, Zone alarm firewall & spyware blaster .Machine now seems to be running OK with only one problem i am having after these removal processes. The screen remains blue for a while after restarting the computer before the icon appears on the desktop. i am also having cc cleaner is this safe to use.
Would you be be kind enough to check my HJT log to see if there is anything left that needs to be fixed.

Regards

shalini

 

[howard_hopkinso]

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ALCMTR.EXE

Close task manager.

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {1C6C8855-4F45-15D3-1E9B-049E7E7D5776} - (no file)

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present<To be fixed if not done intentionally. Fix this entry if you did not activate the 'Lock homepage from changes' option in some kind of anti-spyware tool.

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

O16 - DPF: {8CF97DE6-EB52-42A8-8076-FB75B528E0A0} (Project1.PaceControl) - https://www.5paisa.com/lstControl.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{163B11EE-ACE2-499C-BEA9-B4263934ED1C}: NameServer = 218.248.255.193 218.248.255.145

O17 - HKLM\System\CCS\Services\Tcpip\..\{A0D66BA9-34D4-4672-A4BC-FE5707280C69}: NameServer = 203.94.227.70,203.94.243.70

O17 - HKLM\System\CS1\Services\Tcpip\..\{163B11EE-ACE2-499C-BEA9-B4263934ED1C}: NameServer = 218.248.255.193 218.248.255.145

Only fix the above 017 entries if they don`t belong to your ISP.

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

ALCMTR.EXE<Search your system for this file and delete all instances found.

Reboot your computer.

Please post a fresh HJT log as well as an AVG Antispyware log as per the instructions in this thread HERE.

Regards Howard

This thread is for the use of jack9 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[jack9]

i open my task manager and checked my processes tab there is no exe named ALCMTR.EXE but there is another processe running named ALCWZRD.EXE which u will find in my fresh hjt log.ALCMTR.EXE was in another folder i deleted it from there.
one month before my computer was attacked by a virus named WIN ANTI VIRUS this virus effected my system very much after that only my computer perfomance have been slower day by day, i then installed spybot and after that spybot removed win anti virus from my system.I thought that now i am free of that previous virus but yesterday i saw win anti virus logo in my control panel and when i move my mouse to that it shows that (this anti virus is active on your system). Now my computer is much faster than before but blue screen remains for a while after restarting the computer. sorry i am not sending you avg event log i think it has been cleaned by cc cleaner i am sending u fresh hjt log. please advise me what to do next and how to delete win anti virus logo from control panel.

thanks

shalini

 

[howard_hopkinso]

Your HJT log looks ok. I requested an AVG Antispyware log. Please supply one.

Regards Howard

This thread is for the use of jack9 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[jack9]

avg

hi howard,


i am unable to upload avg history log .
history.xml:Invalid File ,history.csv:Invalid File



shalini

 

[howard_hopkinso]

You`re not confusing AVG Antispyware with the AVG antivirus programme are you? They are entirely separate programmes.

Regards Howard

This thread is for the use of jack9 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[jack9]

i am using avg anti virus free edition and spyware blaster.should i use avg antispyware also.

regards

shalini

 

[howard_hopkinso]

Yes, I need to see an AVG Antispyware log.

Regards Howard

This thread is for the use of jack9 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[jack9]

ok, i will send avg antispyware log soon.

regards

shalini

i am sending you my avg antispyware log please check it.

regards

shalini

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


Click start/run and type regedit into the run box and press the enter key. When the Window appears navigate to the following reg keys and right click on them in the right hand pane, select delete.

HKEY_USERS\S-1-5-21-854245398-838170752-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C95FE080-8F5D-11D2-A20B-00AA003C157A}

HKEY_USERS\S-1-5-21-854245398-838170752-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1FABE79-25FC-46DE-8C5A-2C6DB9D64333}

HKEY_USERS\S-1-5-21-854245398-838170752-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157A}

HKEY_USERS\S-1-5-21-854245398-838170752-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1FABE79-25FC-46DE-8C5A-2C6DB9D64333}

HKEY_USERS\S-1-5-21-854245398-838170752-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B}

Close regedit.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

TATAUninstall.exe

Close task manager.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\TATAUninstall.exe

Reboot into normal mode and rehide your protected OS files.

Post fresh AVG Antispyware and HJT logs.

Regards Howard

This thread is for the use of jack9 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[jack9]

fresh logs

i had deleted the registry keys as directed by you. now i am sending you fresh avg antispyware and hjt log .please check these logs.

thanks a lot

shalini

 

[howard_hopkinso]

Your HJT log is now clean.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and anything nasty that`s in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of jack9 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[jack9]

howard-need your help urgently-the system has started hanging frequently.a small red icon appeared today in the quick icon tray which says that the system is infected and demands downloading registery cleaner-i am sure it is the winproantivirus about which i had mentioned to u earlier-ran the avgspyware but it hanged midway-tried rebooting but had great difficulty -tried running in safe mode but hanged again -after 15 min.managed to reboot in normal mode and managed to use systemrestore -the red icon has dissapeared from qlaunch tray but i dont know how long it will work -prior to all this your instructions including system restore had been followed fully.i think this win pro antivirus which is a malware\spyware has embedded itself in the system folder with some other name and is causing all the problems-iam scared that it may ultimately end in crashing the system-kindly help-regards SHALINI

hello-after the last sys.restore ,seems to be running fine-the red dot has dissapeared -posting fresh hjt log& avg antispyware log-kindly have a look-can u find winanti lurking anywhere .i am also sending u log of avg antivirus fresh report of virus vault.


thanks for all the help


shalini

 

[howard_hopkinso]

Your HJT log is now clean.

Delete all files from your AVG virus vault.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of jack9 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[jack9]

i have deleted all files from my virus vault, at present my sytem is running fine, thanks again for all help.

thanks a lot.

shalini