Computer HardwareXbox GamesGameCubePlaystation 2PSOnePC/Windows GamesGameboy AdvanceDreamcastNintendo 64Gameboy ColorNintendo DSSony PSPXbox 360Nintendo Wii GamesPS3 Games
» lowest prices   » support Neoseeker

News Videos Hardware Reviews New Cheats/Walkthroughs Galleries
Forum Options:my.neoforum register members prefs search faq
Neoseeker Forums » Computer Hardware » Windows OS and Software » spyware spyware

Moderated by: Ren of Heavens
REPLY TO THIS THREAD   START NEW THREAD
| Sharemore
Options: Print   subscribe   remove   PM this thread to a friendNeoPM  
subscribe to thread Topic: spyware spyware
Threads List   « Next Newest   Next Oldest »
Saevus
Neolithic



Saevus' profileSaevus' neohomeNeoPM Saevus
since: Jul 2002
Jun 11, 06 at 1:32pm
spyware spyware

i've got this thing that constantly pops up telling me i've got spyware posing as some sort of ms spyware alert but it's obviously not a legitamite program. my browser homepage is constantly redirected to some psuedo-ms alert screen and constantly i get a fake "hacking" attempt alert (of the same thing everytime) that always redirects me when i close it to some site that want me to buy an "ms" spyware program (antispywarebox.com).

this all stemmed from my idiocy in not renewing my spyware doctor membership and i've since done so but this problem still persists after several system scans.

here is my hijackthis logfile: [!]

i got this far thanks to hraefen and i hope somebody can help me further. :(


-------------------
Swing that bottle
Shatter my ribs and nose
Like a fight on a Friday night
quote   quick quote   edit   quick edit   del  searchposts in thread  report
Hraefn
(moodyrator)
true seeker



Hraefn's profileHraefn's neohomeEmail HraefnNeoPM Hraefn
total posts: 1204
neopoints: 115
since: Jan 2006
Jun 12, 06 at 3:41am
re: spyware spyware

Well, you have a piece of malware that downloads other malware to your computer. It's a bad one, but hopefully we'll get it before it gets worse. The good news is that one anti-malware tool has been recently updated to deal with this variant of Smitfraud (which is the name of the trojan you got). Anyway, please do the following (Note: You may want to copy or print out these instructions as some steps require that you boot in Safe-Mode):
  1. Download SmitfraudFix by S!Ri and extract it to your desktop. A folder name SmitfraudFix will be created on your desktop. Don't run the program yet.

    Note: process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky, Panda) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

  2. Download and install CCleaner (a program to get rid of miscellaneous junk and clear up your temp files). [Note: If you have any work saved in your C:\Temp or C:\Windows\Temp folders, please make a backup copy of them or move them to another location on your computer (like My Documents or your Desktop). Don't run it yet.

  3. Reboot in Safe-Mode.

  4. Once in Safe mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd.
    • Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted "Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.

    • The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file?" by typing Y and hit Enter.

    • A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe-Mode.

  5. When you're again in Safe-Mode, run a scan with HiJackThis. Select the following items and click Fix checked.

    quote
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=1c02&lc=0409
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=1c02&lc=0409
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O9 - Extra button: Advisor - {E779F1D3-115D-4185-8D53-991CCC79FA7B} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
  6. Reboot your computer in Normal Mode.

  7. In Normal Mode, run CCleaner. Choose the Options tab. Inside, hit the Custom tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):


      C:\Windows\Temp
      C:\Temp
      C:\Documents and Settings\<Every user listed>\Local Settings\Temp
      C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\
      C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
      C:\Documents and Settings\<Every user listed>\Local Settings\History
      C:\Documents and Settings\<Every user listed>\Cookies
      C:\Windows\Prefetch


    [Note: Replace <Every user listed> with the name of the actual user folder. Repeat for every user folder available. To see what the names of your user folders are, just go to C:\Documents and Settings. The folders in there are your user folders.]

    After doing this, move back to the Cleaner tab, and inside this, be sure your open to the Windows tab. Inside, check the box labeled Custom Files and Folders (the bottommost checkbox).

    Next, after following all of these steps, you're ready to scan. Run scans in both Cleaner and Issues. In the Cleaner tab, click Analyze, then Run Cleaner. In Issues, click Scan for Issues, then Fix selected issues.
    [Note: It might take several scans in each to remove all of the junk.]

  8. Run a new HiJackThis scan and save the log.

  9. Upload the HiJackThis log here and post a link to the uploaded log in this thread.

  10. Upload your SmitfraudFix log to FreeFileHosting.org (or any file host that supports TXT files) and post a link to the uploaded log in this thread. The name of the SmitfraudFix log is rapport.txt and can usually be found in C:\rapport.txt.


-------------------
ATTENTION! Are you using AOL/Hotmail as your Neoseeker email address? Then read this thread!
█ A suggestion that's not in the RFS index? Please PM me so I can add it.
quote   quick quote   edit   quick edit   del  searchposts in thread  report
Anonymous
Pipefitter's Local 120
Relentless



Anonymous' profileAnonymous' neohomeNeoPM Anonymous
total posts: 9046
neopoints: 687
since: Jun 2005
Jun 12, 06 at 4:45am
re: spyware spyware

i had this smitfraud thing before, it doesnt seem that hard to get rid of, its just all of the steps involved make it irritating.

this thing also downloaded something called spyaxe into my system, but both problems have been resolved.


-------------------
Union

Pride
quote   quick quote   edit   quick edit   del  searchposts in thread  report
Hraefn
(moodyrator)
true seeker



Hraefn's profileHraefn's neohomeEmail HraefnNeoPM Hraefn
total posts: 1204
neopoints: 115
since: Jan 2006
Jun 12, 06 at 6:54pm
re: spyware spyware

Smitfraud is one of the most widespread trojans, with a whole host of variants. Some of these variants and their names are SpyAxe, SpySheriff, SpyFalcon, SpywareStrike, VirtualMaid and recently, AntiSpywareBox. There are probably more which I've either forgotten or am not aware of. You get the idea. The good news is that due to the "popularity" of this trojan, many anti-malware groups are stepping up the fight against it (as shown by the recent upgrade of the SmitfraudFix program). We're still on the defensive, though.

Anyway, I sincerely hope that whoever's making this nasty little bugger gets a taste of his own medicine sometime. =^^=


-------------------
ATTENTION! Are you using AOL/Hotmail as your Neoseeker email address? Then read this thread!
█ A suggestion that's not in the RFS index? Please PM me so I can add it.
quote   quick quote   edit   quick edit   del  searchposts in thread  report
Saevus
Neolithic



Saevus' profileSaevus' neohomeNeoPM Saevus
since: Jul 2002
Jun 12, 06 at 9:51pm
re: spyware spyware

well first off thank you so much hraefen. i followed your instructions and the problem seems to have been remedied.

here are links to the hijackthis log i saved after the cleanup process and the log from the smitfraudfix.

hijackthis
smitfraudfix

hopefully i did everything right. :S


-------------------
Swing that bottle
Shatter my ribs and nose
Like a fight on a Friday night
quote   quick quote   edit   quick edit   del  searchposts in thread  report
[All dates in (PT) time]Threads List   « Next Newest   Next Oldest »
REPLY TO THIS THREAD   START NEW THREAD


search:
Neoseeker Forums » Computer Hardware » Windows OS and Software » spyware spyware



Jump to another forum:

Powered by neoforums v0.9.7g (equilibrium)
Copyright Neo Era Media, Inc. 1999-2009

neoseeker forum community
Neoseeker.com   |   Forum Rules   |   Forum FAQ   |   Neoseeker Terms of Use   |   Supermods On Duty [ server id: ascension ··· elapsed: 0.0778400898]
Affiliated sites:   GameGrep - Football Manager Wiki - Halo Wiki - MGS Wiki - GTA Wiki - Smackdown Wiki - Zelda Wiki - PS2seeker - Xbox seeker - DEVPEN - GFXcess