Jump to content

Build Theme!
  • Infected?


We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91551 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Smitfraud detected, scanned with Smitfraudfix

  • This topic is locked This topic is locked
1 reply to this topic

#1 Jim786


    Authentic Member

  • Authentic Member
  • PipPip
  • 28 posts

Posted 23 September 2009 - 08:38 PM

Hello, I recently got keylogged and looked for the problem using Mcafee and found a program called Smitfraud, I was told by a friend this is where the problem is and was redirected to this forum, Im following the instructions on the removal and it says to post my rapport.txt file here for further assistance. I was hoping someone here could help me. Thank you. SmitFraudFix v2.424 Scan done at 20:30:58.06, Wed 09/23/2009 Run from F:\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\AstSrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\WINDOWS\system32\cmd.exe hosts C:\ C:\WINDOWS C:\WINDOWS\privacy_danger FOUND ! C:\WINDOWS\inet20001\ FOUND ! C:\WINDOWS\system C:\WINDOWS\Web C:\WINDOWS\system32 C:\WINDOWS\system32\adobepnl.dll FOUND ! C:\WINDOWS\system32\atmclk.exe FOUND ! C:\WINDOWS\system32\dcomcfg.exe FOUND ! C:\WINDOWS\system32\ioctrl.dll FOUND ! C:\WINDOWS\system32\kernels64.exe FOUND ! C:\WINDOWS\system32\mscornet.exe FOUND ! C:\WINDOWS\system32\msdrives\ FOUND ! C:\WINDOWS\system32\mssearchnet.exe FOUND ! C:\WINDOWS\system32\netwrap.dll FOUND ! C:\WINDOWS\system32\nvctrl.exe FOUND ! C:\WINDOWS\system32\paytime.exe FOUND ! C:\WINDOWS\system32\svchosts.dll FOUND ! C:\WINDOWS\system32\wbeconm.dll FOUND ! C:\WINDOWS\system32\wiatwain.dll FOUND ! C:\WINDOWS\system32\1024\ FOUND ! C:\WINDOWS\system32\LogFiles C:\Documents and Settings\Farhan C:\DOCUME~1\Farhan\LOCALS~1\Temp C:\Documents and Settings\Farhan\Application Data Start Menu C:\DOCUME~1\Farhan\FAVORI~1 Desktop C:\Program Files Corrupted keys Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="" "SubscribedURL"="" "FriendlyName"="" o4Patch !!!Attention, following keys are not inevitably infected!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri Agent.OMZ.Fix !!!Attention, following keys are not inevitably infected!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" tuttkn.dll ,C:\\DOCUME~1\\Farhan\\LOCALS~1\\Temp\\11911750614mxx.dll" "LoadAppInit_DLLs"=dword:00000001 Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe" RK [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" DNS Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport DNS Server Search Order: HKLM\SYSTEM\CCS\Services\Tcpip\..\{EEFC6111-E381-4DBC-9379-A73FBD8CDB10}: NameServer= HKLM\SYSTEM\CCS\Services\Tcpip\..\{F4B6D2A1-CE59-4394-8EDC-1F137D9EC5B5}: DhcpNameServer= HKLM\SYSTEM\CS1\Services\Tcpip\..\{EEFC6111-E381-4DBC-9379-A73FBD8CDB10}: NameServer= HKLM\SYSTEM\CS1\Services\Tcpip\..\{F4B6D2A1-CE59-4394-8EDC-1F137D9EC5B5}: DhcpNameServer= HKLM\SYSTEM\CS2\Services\Tcpip\..\{EEFC6111-E381-4DBC-9379-A73FBD8CDB10}: NameServer= HKLM\SYSTEM\CS2\Services\Tcpip\..\{F4B6D2A1-CE59-4394-8EDC-1F137D9EC5B5}: DhcpNameServer= HKLM\SYSTEM\CS3\Services\Tcpip\..\{EEFC6111-E381-4DBC-9379-A73FBD8CDB10}: NameServer= HKLM\SYSTEM\CS3\Services\Tcpip\..\{F4B6D2A1-CE59-4394-8EDC-1F137D9EC5B5}: DhcpNameServer= Scanning for wininet.dll infection End -- Sorry but how long until I can get a response?

Edited by extremeboy, 28 September 2009 - 02:27 PM.


Register to Remove

#2 LDTate


    Forum God

  • Root Admin
  • 57,168 posts

Posted 28 September 2009 - 04:01 PM

Being helped here

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days


If you would like to paypal.gif for the help you received.

Proud graduate of TC/WTT Classroom


Related Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users