smit fraud 888 thing - in big trouble - help?

[tattoosavage]

My main pc has contracted this damned 'smit fraud 888' thing, that has destroyed my use of IE, and now stopped me accessing the net AT ALL from that pc. I coudlnt even access my mail to register here!

I know the net connection is ok, as I have had to get my old laptop out and create a new emial account to use, in order to register here.

My main pc is my work pc, as I am a freelance worker.
I am more than a little desparate to get it back up and running.

I have tried spybot, which as I have read here, finds it, but cant delete it completely.
Tried AdAware.
Tried AVG.

Please help me, I cant face losing a months work, especially 2 days before my scheduled back up.
Im at my wits end, and need a simple guiding hand if thats possible.

Many thanks.
Mark.

[pskelley]

Hello Mark and welcome to the forum. Let me point to this information first:
http://forums.spybot.info/showthread.php?t=8668 what is happening is folks see that in Spybot and assume that is the problem. Sounlds like you have problems, but that it not what it is. One problem you have is you missed the directions PINNED to the top of the page where you posted:

"BEFORE you POST" Mandatory Steps Before Requesting Assistance
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at own risk.
Please read and follow all instructions and post all required logs or reports, anything less will slow your process.
Use "Post Reply" to post the information in the instructions and stay in the same topic.

I will do my best to help you if you will follow the directions.

Thanks

[tattoosavage]

Hello and thankyou.

ok.....
I have read the first link. Not sure if I understood it all, but I see whats being said. maybe its a false alarm. Thing is, im

actually having lots of performance issues and the horrid pop-ups trying to sell me bogus anti this or that software.
Will try and follow all this. Please be patient with me, Im a user, not a fiddler, I just want to work :-/


Working my way through second links "before you post" stuff....

I have XP and sp2 and all updates (as of last week I beleive)
Have spybot 1.4 loaded as usual and updates checked for every week.

1 -
Online scan - problem here - I have lost all net connection on this pc. (only link to world is this laptop :-( )
I did however try this the first hour I had this prob just before connection died, and it completed ok, but crashed when I tried to find or save the log.

2 -
Booted into safe mode

3 -
Ran spybot.

microsoft windows wirefall bypass
smitfraud-c toolbar888
Nurech
Cimuz
Smitfraud-c.ebay.bill
telekomBill.fake

bloody hellfire, thats a lot more appeared in the last 24 hours since pc failed connecting to net ! :-(

Tried to fix, it said they were all done, but then spybot just sat there, wouldnt close by any means. Most progs seem to be doing this now. :-(

Tried to reboot, but pc not responding. Can move mouse and click buttons, but no actual actions happend. As if buttons are not connected to anything.
Had to reboot via Case Reset button.

Ran spybot agian...
Whilst spybot is running, AVG pops up with two threats found. Its as though my connection to the net has been hijacked and is just continually downloading crap to my pc :-(

spybot continues....
found microsoft firewall bypass (again)
Smit-C toolbar888 (again)


4 -
Not heard of this, will have a go....
Will have to download it, then transfer it to main pc thats sick. Also have to save and transfer any log files back that way, in order to post them.


Heres the HJT log....

Logfile of HijackThis v1.99.1
Scan saved at 22:31:06, on 28/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\SMSC\Seticon.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\vcd1.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic

Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bonefish.btinternet.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by BT Openworld
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {200F97BA-B275-4459-AB03-EB4BE36B63BF} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {9E93A147-E3F9-47AB-BAF0-915CCAAA7034} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\rlqmteml.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\ivtmaxon.dll",realset
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: AVG Free.lnk = C:\Program Files\Grisoft\AVG Free\avgw.exe
O4 - Startup: Shortcut to WALLPAPR.lnk = C:\Documents and Settings\Bones\My Documents\Wallpaper\WALLPAPR.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic

Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ou7viewer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ou7viewer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\syy.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} (RegUserCfgUI Class) -

http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupdate.microsoft.co...?1110984510968
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) -

http://download.zonelabs.com/bin/pro...anner37390.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://142.22.58.150/activex/AxisCamControl.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - FILE://E:\TRIAL\INTRLNCH\INTRALAUNCH.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -

http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) -

http://messenger.zone.msn.com/binary...t.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAF118C0-BB58-488D-BDEE-88C30F85A143}: NameServer = 10.0.0.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia

Shared\Service\Macromedia Licensing.exe
O23 - Service: Card Adapter (NETDown) - Unknown owner - C:\WINDOWS\vcd1.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional

2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional

2005\RpcSandraSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

[pskelley]

I apologize for the wait for this post, the Safer Networking site was down until I went to bed and I could not post until this morning.

Hello Mark, I will do my best to explain. This Smitfraud-C.Toolbar888
is the false positive, read the information in the link I posted:
http://forums.spybot.info/showthread.php?t=8668

It has little or nothing to do with the trojan infection you have which is very serious and very, very hard to remove. My suggestion to you at this point is to consider reformatting your computer. I have yet to remove this trojan, you can see it in your HJT log by looking at 010 items in the HJT log.
I have watched this trojan removed a few times and I have seen how hard it is to remove. You have said you read the "Before you Post" instructions:
http://forums.spybot.info/showthread.php?t=288 and yet you have posted a formatted log?

Quote:

Note: In notepad under Format, uncheck "Word Wrap" Produce all HJT logs like this, single spaced.

The proceedure to remove this as I have seen it is complex and directions would have to be followed exactly.

Here is information about reformatting the computer:

http://spyware-free.us/tutorials/reformat/
http://www.cyberwalker.net/faqs/how-...stall-faq.html
http://www.google.com/search?hl=en&q...ll&btnG=Search

Thanks

[tattoosavage]

well, firstly my apologies about the formatting. I clearly missed that bit.

Thanks for your reply, and no worries about response time, Im just happy to have someone willing to give me a little time to help me.

I guess my only real option then is to reformat. (my worst case scenario for this right now)
But if this damn thing is so hard to destroy, I can see that due to reinfection, and time it could take, not to mention me having to follow things to the letter, a rebuild could be more effective for the same amount of hassle.

I guess Ill start backing up while the pc is still able to :-(

Question...

If I back up my docs folder, plus email addy book, emails, save games etc, am I in danger of infecting my back up drive?
As I said, I work from home, so can afford to lose this months work. (ironically, a day or two before my monthly backup :-(

[pskelley]

Hello Mark, no prblem, I just wish I knew more about this particular trojan. I just started showing up a short while ago and I have watched several experts struggle with the removal with some success. It is a complex removal, requiring many tools and the burden for execution is of course of the user. I keep hoping someone will create a fix but this has not happened yet. I can say I would attempt the removal but I want you to know what you are getting into. If you want to see links to a few of the topics, let me know and I will PM them to you. I personally have avoided this infection while I watched other stuggle with it, and would not have responded to your topic had I saw the HJT log first. The 010 items are the clue in the log as I said.

The last time I have to reformat was Windows 98SE OEM and I saved my photos only, but here is a load of information at google if it helps.
http://www.google.com/search?hl=en&q...ly&btnG=Search

If you have files you must save, you should be able to scan them with your antivirus program.

Thanks...Phil

[tattoosavage]

no probs :-)

Glad you did reply though !

Ill go ahead and rebuild. Its always a huge pain in the um, but it can only be a good thing to have a clean up and sort out.

I need to bring over all mydocs and pics to an external backup drive.

I have a partition with all my music on, I trust I can leave that alone ?

When I have backed up all my stuff, should I only scan it with avg, or spybot as well ? (can that be done? Im afraid im not sure if this infection is spyware or a virus)

thanks.

[pskelley]

see if any of this infomation helps:

http://www.dslreports.com/faq/10063
http://www.dslreports.com/faq/10451
http://www.google.com/search?hl=en&q...ly&btnG=Search

Thanks

[tattoosavage]

cool, thankyou.

Ive unplugged the network cable, and started backing up. I guess Ill have to reinstall my games too, even though they are on a diff drive, as xp wont know they are there will it ?

[tattoosavage]

Im now formating my drive.....

I feel sick......

:-(