Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Spyware,Addware etc

Started by Umar , Dec 09 2007 12:32 PM

  • This topic is locked This topic is locked
14 replies to this topic

#1 Umar

Umar

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 09 December 2007 - 12:32 PM

Hi,

Hope u guys r doing great.

I am getting this error message
warning: possible spyware or adware infection! ... Click here! A yellow bar.
There was a tool bar too earlier with 4 tabs.Yes VOIPWET
On launching Internet Explorer it takes minutes to start
Some time it also says internet explorer has encountered a problem needs to close --- as u know

Here is the log report

Logfile of HijackThis v1.99.1
Scan saved at 10:23:33 AM, on 12/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WXP\System32\smss.exe
C:\WXP\system32\winlogon.exe
C:\WXP\system32\services.exe
C:\WXP\system32\lsass.exe
C:\WXP\system32\svchost.exe
C:\WXP\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WXP\system32\spoolsv.exe
C:\WXP\Explorer.EXE
C:\WXP\system32\igfxtray.exe
C:\WXP\system32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Winamp\winampa.exe
C:\WXP\SOUNDMAN.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\WXP\system32\pctspk.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WXP\system32\wscntfy.exe
C:\WXP\System32\svchost.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hijackthis\HijackThis.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: OFK System - {FDCD4D78-718F-4943-A6FB-478DD1AD406B} - C:\WXP\vipextmnq.dll
O3 - Toolbar: The voipwet - {5EAE7E5F-8F3A-44C0-9E54-A7B170A8CE09} - C:\WXP\voipwet.dll (file missing)
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WXP\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WXP\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: igfxcui - C:\WXP\SYSTEM32\igfxsrvc.dll
O21 - SSODL: jetctrl - {5757969B-30F3-492D-BA2E-9EA2DA428D0A} - C:\WXP\jetctrl.dll
O21 - SSODL: kopmet - {AACA072A-D546-428B-93E6-F824DB4A610F} - C:\WXP\kopmet.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WXP\system32\pctspk.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Would really appreciate your help.

    Advertisements

Register to Remove

#2 EnigmaChick

EnigmaChick

    Computer Geek

  • Authentic Member
  • PipPipPipPip
  • 922 posts

Posted 09 December 2007 - 11:40 PM

I'm still in training so I'll get back to you when I get permission to do so.
I'm waiting for a average computer that can't be infected with malware unless it's intentionally ........ 5 years later: I am still waiting

If you want to help this site running and offering free help, please consider giving a donation

#3 EnigmaChick

EnigmaChick

    Computer Geek

  • Authentic Member
  • PipPipPipPip
  • 922 posts

Posted 10 December 2007 - 06:43 PM

Welcome to What The Tech, sorry if there was a delay, it's a busy forum.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

Now please reboot and post a new HijackThis(HJT) log.

I don't see evidence of a firewall in your log, are you using Windows Firewall? If you're not sure please follow these instructions.

Click on the Windows Start button in the left hand corner of your screen.
Go to Control Panel or settings Control Panel
Double click on Windows Firewall
The two main options are On and Off. Tell me whether there's a checkmark next to On or Off.

Logs to include in your reply
SmitfraudFix
HJT
I'm waiting for a average computer that can't be infected with malware unless it's intentionally ........ 5 years later: I am still waiting

If you want to help this site running and offering free help, please consider giving a donation

#4 Umar

Umar

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 11 December 2007 - 12:35 AM

Thanks for your kind response. :thumbup:

Done as said.On clicking option 1 nothing happens.Doesnt give any text file,just disappears.
Yes the windows firewall is turned on.

On my friends recomendation i installed Spybot search and destroy.

My internet explorer takes few minutes to load as it is doing some thing like accessing something.
Later once loaded works fine,but initially on loading it,it jams for some time,which is really frustrating me.How can one afford to wait on every single window launch.

Yes one more thing that yellow bar(Voipwet) though it doesnt come so frequently now but shows once a while especially with yahoo,i cant log out as it stays on the log out option.It is in toolbars option also.

Log report......

Logfile of HijackThis v1.99.1
Scan saved at 10:12:34 PM, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WXP\System32\smss.exe
C:\WXP\system32\winlogon.exe
C:\WXP\system32\services.exe
C:\WXP\system32\lsass.exe
C:\WXP\system32\svchost.exe
C:\WXP\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WXP\system32\spoolsv.exe
C:\WXP\Explorer.EXE
C:\WXP\system32\pctspk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WXP\system32\wscntfy.exe
C:\WXP\system32\igfxtray.exe
C:\WXP\system32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Winamp\winampa.exe
C:\WXP\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\WXP\System32\svchost.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hijackthis\HijackThis.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: OFK System - {FDCD4D78-718F-4943-A6FB-478DD1AD406B} - C:\WXP\vipextmnq.dll
O3 - Toolbar: The voipwet - {5EAE7E5F-8F3A-44C0-9E54-A7B170A8CE09} - C:\WXP\voipwet.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WXP\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WXP\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WXP\SYSTEM32\igfxsrvc.dll
O21 - SSODL: jetctrl - {5757969B-30F3-492D-BA2E-9EA2DA428D0A} - C:\WXP\jetctrl.dll
O21 - SSODL: kopmet - {AACA072A-D546-428B-93E6-F824DB4A610F} - C:\WXP\kopmet.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WXP\system32\pctspk.exe

Thanks for your time and patience.

#5 EnigmaChick

EnigmaChick

    Computer Geek

  • Authentic Member
  • PipPipPipPip
  • 922 posts

Posted 13 December 2007 - 06:19 PM

Please either print or save these instructions because I'll be asking you to disconnect from the Internet.

Please manually disconnect from the Internet and then follow these instructions:

Disable Avast by doing the following.

If you have a shortcut on the Desktop to the program open it from there otherwise,
Click the Start button
Navigate to All Programs
Navigate to the folder called avast! Antivirus
Click on avast! Antivirus
Once the program is open click on the status for Resident Protection
You'll be presented with a scroll bar, scroll it to the left hand side until the status reads Disabled
Then click the x in the upper right hand corner to close the program.
Make sure before you close the program that Resident Protection is displaying a status of Disabled

Disable Windows Firewall by doing the following.

Click on the Windows Start button in the left hand corner of your screen.
Go to Control Panel or settings Control Panel
Double click on Windows Firewall
The two main options are On and Off. Place a checkmark next to Off.

Please disable Spyware Terminator, if you don't know how to do this then that's ok, it's just a precaution in this case.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm


If SmitfraudFix doesn't run properly again please give as much information about what happened as you can, so I can try and work out what the problem is.

Now please enable Avast by doing the following.

Open the program the same way you did before.
Click on the Disabled Status and move the slider until you have it to a level of protection you want or had before.
Then close the program the same way you did before.
Make sure before you close the program that Resident Protection is displaying a status of Standard or higher.

Now please enable Windows Firewalll by doing the following.

Click on the Windows Start button in the left hand corner of your screen.
Go to Control Panel or settings Control Panel
Double click on Windows Firewall
The two main options are On and Off. Place a checkmark next to On.

If you disabled Spyware Terminator, please enable it.

Now manually reconnect to the Internet, reboot and post a new HJT log.

Logs to include in your reply
SmitfraudFix
HJT
I'm waiting for a average computer that can't be infected with malware unless it's intentionally ........ 5 years later: I am still waiting

If you want to help this site running and offering free help, please consider giving a donation

#6 Umar

Umar

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 14 December 2007 - 10:20 AM

Please get me out of this.....

Done as said

Gives a red colored screen
It says
Process.exe file missing !
Unzip all the archive in a folder.

Press any key to continue ...

On pressing any key or key1 it disappears.
Doesn't give any text file...

My restricted sites box is full.
There are countless restricted sites.
Sites like securepccleaner.com and many others keep up popping even all these sites are in the restricted list.
I am in the middle of doing something and all of sudden they pop up...which is really annoying as you can understand.......

#7 EnigmaChick

EnigmaChick

    Computer Geek

  • Authentic Member
  • PipPipPipPip
  • 922 posts

Posted 14 December 2007 - 08:41 PM

The reason you can't run SmitfraudFix properly is because you are running it from the zip file. You need to extract the contents of the file to the Desktop and then run it.

So after extracting the contents of the zip file to the Desktop please follow these instructions.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

Now please reboot and post a new HijackThis(HJT) log.

Logs to include in your reply
SmitfraudFix
HJT
I'm waiting for a average computer that can't be infected with malware unless it's intentionally ........ 5 years later: I am still waiting

If you want to help this site running and offering free help, please consider giving a donation

#8 Umar

Umar

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 15 December 2007 - 11:07 PM

Unzipped in a separate folder still doesn't give any file..

This is all it says

SmitFraudFix v2.267

Fichier Reboot.exe absent !
Dezippez la totalit‚ de l'archive dans un dossier.

Reboot.exe file missing !
Unzip all the archive in a folder.

Press any key to continue . . .

#9 EnigmaChick

EnigmaChick

    Computer Geek

  • Authentic Member
  • PipPipPipPip
  • 922 posts

Posted 16 December 2007 - 07:14 PM

It sounds like either the download of SmitfraudFix was corrupted or the zip file was at some point. Please delete all instances of it(including the zip file) , download it again and make sure you extract it to the Desktop.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

Now please reboot and post a new HJT log.

Logs to include
SmitfraudFix
HJT
I'm waiting for a average computer that can't be infected with malware unless it's intentionally ........ 5 years later: I am still waiting

If you want to help this site running and offering free help, please consider giving a donation

#10 Umar

Umar

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 18 December 2007 - 11:21 AM

Deleted,reinstalled still the same.
The screen disappears.....

#11 Umar

Umar

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 18 December 2007 - 11:23 AM

Deleted,reinstalled still the same.
The screen disappears.....


Do we have some other way ........

#12 Umar

Umar

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 19 December 2007 - 09:45 AM

Deleted,reinstalled still the same. The screen disappears..... Do we have some other way ........

#13 EnigmaChick

EnigmaChick

    Computer Geek

  • Authentic Member
  • PipPipPipPip
  • 922 posts

Posted 22 December 2007 - 09:25 PM

There is a version of SmitfraudFix that is an .exe file rather than a .zip file, I think this one may work for you.
I realise this whole process has probably been frustrating but please stay with us and we'll try to work it out and get rid of the malware on your computer.
Please delete all current instances of SmitfraudFix and follow these instructions.


Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.exe
Double Click SmitfraudFix.exe on your Desktop. A folder named SmitfraudFix will be created on your Desktop.

Posted Image

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter

Posted Image

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. It will create a file named:
c:\rapport.txt


IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Please post:
C:\rapport.txt

Reboot and post a new HJT log.

Logs to include in your log
SmitfraudFix
HJT

Edited by EnigmaChick, 22 December 2007 - 09:26 PM.

I'm waiting for a average computer that can't be infected with malware unless it's intentionally ........ 5 years later: I am still waiting

If you want to help this site running and offering free help, please consider giving a donation

#14 EnigmaChick

EnigmaChick

    Computer Geek

  • Authentic Member
  • PipPipPipPip
  • 922 posts

Posted 29 December 2007 - 10:22 PM

If you still need help, please follow the instructions in my previous post.
I'm waiting for a average computer that can't be infected with malware unless it's intentionally ........ 5 years later: I am still waiting

If you want to help this site running and offering free help, please consider giving a donation

#15 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 31 December 2007 - 07:00 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·