Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Smitfraud-C

  1. #1
    Junior Member
    Join Date
    Dec 2006
    Posts
    8

    Default Smitfraud-C

    Hello there,

    Um... i am having a problem with Smitfraud-C, i am using Spybot-Search and Destroy 1.4

  2. #2
    Junior Member
    Join Date
    Dec 2006
    Posts
    8

    Default

    Quote Originally Posted by darkblitz View Post
    Hello there,

    Um... i am having a problem with Smitfraud-C, i am using Spybot-Search and Destroy 1.4

    Sorry i pressed enter by mistake and i can't edit my post :(. To return to topic.
    Latest Detection Update:2006-12-01. Everytime i check for problems, i always see Smitfraud (9) Problems even when i fix it and restart my pc, i see it. I fully immunized... I read some posts about it... but it seems it isn't working. I download hijackthis and opened it but i didn't see any of the stuff... Please Help me remove this spyware

    Thanks
    ~darkblitz

  3. #3
    Junior Member
    Join Date
    Dec 2006
    Posts
    8

    Default

    Oh and i forgot... When i unclick quick-launch buttons, my taskbar disappears and i can't get it back unless i click quick-launch buttons back. But i think it's from Smitfraud-C... Anyways thanks.

  4. #4
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,952

    Default

    Hi darkblitz and welcome to Safer Networking Forums

    Please post a HijackThis log to here:
    • Click here to download HijackThis.exe
    • Save HijackThis.exe to your desktop.
    • Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.
    • Run HijackThis.exe
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  5. #5
    Junior Member
    Join Date
    Dec 2006
    Posts
    8

    Default

    Hello Mr_JAk3

    This is Hijackthis Log:
    Logfile of HijackThis v1.99.1
    Scan saved at 5:21:12 PM, on 05/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    C:\PROGRA~1\NETSUP~1\client32.exe
    C:\WINDOWS\system32\IFXSPMGT.exe
    C:\WINDOWS\system32\IFXTCS.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Novadigm\ManagementAgent\nvdkit.exe
    C:\Program Files\HPQ\IAM\bin\asghost.exe
    C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    C:\WINDOWS\scvhost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Student\Desktop\HijackThis(2).exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.0.2:8080
    F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
    F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: SSSIEHelperObj Class - {8F26EAA1-D8B4-41A2-994F-704AEEE25536} - C:\WINDOWS\system32\hlpr.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [PCE Client] C:\WINDOWS\system32\PCENT\PCClient.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
    O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
    O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
    O4 - HKLM\..\Run: [AntiVir] C:\WINDOWS\scvhost.exe
    O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
    O4 - HKLM\..\Run: [icq lite] C:\WINDOWS\scvhost.exe
    O4 - HKLM\..\RunServices: [CS32] C:\WINDOWS\c32cs2.exe
    O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
    O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
    O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe
    O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe
    O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe
    O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe
    O4 - HKLM\..\RunOnce: [Windows Update] C:\WINDOWS\scvhost.exe
    O4 - HKLM\..\RunOnce: [msconfig] C:\WINDOWS\scvhost.exe
    O4 - HKLM\..\RunOnce: [icq lite] C:\WINDOWS\scvhost.exe
    O4 - HKLM\..\RunOnce: [Update Checker] C:\WINDOWS\scvhost.exe
    O4 - HKLM\..\RunOnce: [AntiVir] C:\WINDOWS\scvhost.exe
    O4 - HKLM\..\RunOnce: [] C:\WINDOWS\scvhost.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: IfxWlxEN - C:\WINDOWS\SYSTEM32\IfxWlxEN.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    O23 - Service: Client32 - NetSupport Ltd - C:\PROGRA~1\NETSUP~1\client32.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
    O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Radia Management Agent (rma) - Unknown owner - C:/Novadigm/ManagementAgent/nvdkit.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

  6. #6
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,952

    Default

    Hi again

    Bad news...

    One or more of the identified infections is a backdoor trojan.

    This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

    I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

    Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
    When Should I Format, How Should I Reinstall

    However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
    Should you have any questions, please feel free to ask.

    Please let us know what you have decided to do in your next post.
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  7. #7
    Junior Member
    Join Date
    Dec 2006
    Posts
    8

    Default

    hello Mr_JAk3,

    Thanks for helping me on my situation, and i think it is correct cause sometimes my laptop does weird stuff... or doesn't shut down properly.. something like that. But thank god i don't use any online transactions here. But hmm on spybot it keeps findint smitfraud, is it from smitfraud? or something else? and as i said above:
    "Oh and i forgot... When i unclick quick-launch buttons, my taskbar disappears and i can't get it back unless i click quick-launch buttons back. But i think it's from Smitfraud-C... Anyways thanks."

    Thanks :D

  8. #8
    Junior Member
    Join Date
    Dec 2006
    Posts
    8

    Default

    Hmm... well i got the cd to format my pc from 0... But if i use my hard disk to copy some of my information to it, will it be infected somehow?

    Thanks

  9. #9
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,952

    Default

    So you want to reformat ?

    There is always a chance that you backup infections too. Text files, music, pictures should be good to go. Don't backup any exe or dll files, those may be infected.

    Please make sure that you know what to do before beginning the operation.

    Here are a few links that propably help.

    Reformatting Windows XP by wng_z3r0
    When should I re-format? How should I reinstall?
    Windows XP Clean install

    Then there are a couple of things you should do immediately after installing Windows and before surfing the net...
    • Install an antivirus and firewall (you should download and have those on a CD or USB drive, all ready to be installed).

      These are good (free) firewalls:
      - Kerio
      - Sygate
      - Outpost

      These are good (free) antiviruses:
      - Antivir
      - Avast
      - AVG
    • Get all Windows updates installed!

    Please ask me if you have any questions

    Then here are a few things that you can do in order to make your fresh computer more secure:
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  10. #10
    Junior Member
    Join Date
    Dec 2006
    Posts
    8

    Default

    hmmm thanks Mr_JAk3,

    Well i think i will reformat my laptop when i get my external hard disk from my friend tomorow, well i got programs like spybot, Asquared, CA, and lavasoft Adaware in my programs list. And i got a cd to format my laptop, which contains windows Xp Sp2. But for the firewall... I got a router that has a built-in firewall, will that be enough? Or windows firewall? Hmm but i don't understand how i got the error, maybe from downloading a file somehow.. but if i get it again, shall i do the same thing?(format).

    Thanks Mr_JAk3 So much, i really appreciate your help and all MRU members :D
    After i format my laptop tomorrow, i will reply again.
    Thanks again.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •