Frank Wilson
2007-09-20, 15:58
I have a machine that has been infected with malware, most likely a trojan, that Spybot appears to be unable to clean.
Symptons;
Connects computer to various web sites, even when not loged on to the net, such as;
hxxx:// wxx.firstceleb.com/mpop/
hxxx:// c5.zedo.com/jsc/c5/ffe.htm/
Computer is running MS Windows 2000 sp4
Actions taken;
Run Updated Spybot S&D in Windows mode Spybot detects Smutfraud-C Clean using "Fix Selected Problems;
Rerun Spybot on startup per instructions; Rerun Spybot on startup Spybot reports "no problem found" but problem immediately reocures.
Recheck for Spybot updates; No new updates
Reboot to "Safe Mode" Run Spybot in "Safe Mode" Smutfaud-c reported. RunFix Selected problems; all in "Safe Mode"
Reboot computer to Normal Windows; problem reocures within 10 minutes.
Update on efforts to clean;
Have run Spybot S&D several more times have checked for updates each time.
Now also infected "SpySheriff" however it is calling itself "Magicantispy.21" but appears to be the same as "SpySheriff"
Getting indications of changes Microsoft IE regestry changes.
Any Suggestion on what to do to clean infection?
Symptons;
Connects computer to various web sites, even when not loged on to the net, such as;
hxxx:// wxx.firstceleb.com/mpop/
hxxx:// c5.zedo.com/jsc/c5/ffe.htm/
Computer is running MS Windows 2000 sp4
Actions taken;
Run Updated Spybot S&D in Windows mode Spybot detects Smutfraud-C Clean using "Fix Selected Problems;
Rerun Spybot on startup per instructions; Rerun Spybot on startup Spybot reports "no problem found" but problem immediately reocures.
Recheck for Spybot updates; No new updates
Reboot to "Safe Mode" Run Spybot in "Safe Mode" Smutfaud-c reported. RunFix Selected problems; all in "Safe Mode"
Reboot computer to Normal Windows; problem reocures within 10 minutes.
Update on efforts to clean;
Have run Spybot S&D several more times have checked for updates each time.
Now also infected "SpySheriff" however it is calling itself "Magicantispy.21" but appears to be the same as "SpySheriff"
Getting indications of changes Microsoft IE regestry changes.
Any Suggestion on what to do to clean infection?