-
Cannot get rid of Smitfraud-c.toolbar888
Hello,
I'm having problems with Smitfraud-c.toolbar888. I keep on getting rid of it with spybot S&D but as soon as i get rid of it it comes back and it seems to open the doors for other spyware to get in, as it seems everytime i run Spybot S&D i get a few other entries. Internet explorer popups keep appearing but not firefox popups.
I've also noticed that allot of other people on the same forum are having similar problems with smitfraud.
Here is the log file for the eTrust Antivirus Web Scanner:
Scan Results: 181454 files scanned. 13 viruses were detected.
File Infection Status Path
Dummy.class-4253870d-154821a2.class Java/ByteVerify!exploit cannot cure C:\Documents and Settings\Patrick Haunschmidt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\
Dummy.class-70dda3ff-3ef446de.class Java/ByteVerify!exploit cannot cure C:\Documents and Settings\Patrick Haunschmidt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\
Dummy.class-7e4442f4-17da1734.class Java/ByteVerify!exploit cannot cure C:\Documents and Settings\Patrick Haunschmidt\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\
ghaokjbh.dll Win32/Vundo.CR cannot cure C:\WINDOWS\system32\
ilwgtrde.dll Win32/Vundo.CR cannot cure C:\WINDOWS\system32\
khfddcy.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\
lvicpbrw.dll Win32/Vundo.CR cannot cure C:\WINDOWS\system32\
opnnmlm.dll Win32/Chisyne!generic cannot cure C:\WINDOWS\system32\
oqumousf.dll Win32/Vundo.CR cannot cure C:\WINDOWS\system32\
qayuvqce.dll Win32/Vundo.CR cannot cure C:\WINDOWS\system32\
rapdoaqn.dll Win32/Vundo.CR cannot cure C:\WINDOWS\system32\
sbwxtbtj.dll Win32/Vundo.CR cannot cure C:\WINDOWS\system32\
ydknhvaa.dll Win32/Vundo.CR cannot cure C:\WINDOWS\system32\
---------------------------------------------------------------------
And here is the log file for hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 17:01:06, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVGANT~1\avgamsvr.exe
C:\PROGRA~1\AVGANT~1\avgupsvc.exe
C:\PROGRA~1\AVGANT~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Matlab\webserver\bin\win32\matlabserver.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Nero\InCD\InCD.exe
C:\Program Files\Logitech Webcam\LogiTray.exe
C:\PROGRA~1\AVGANT~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Aqua Dock\Aqua Dock.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Chameleon Clock\ChamClock.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\RoboForm\RoboTaskBarIcon.exe
C:\PROGRA~1\Inbox\CToolbar.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\BUFFALO\HDManage\HDManage.exe
C:\Program Files\dtNotes 4\dtnotes.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
c:\PROGRA~1\Inbox\CMail.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Patrick Haunschmidt\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
