PDA

View Full Version : Computer infected possibly with Smutfraud-c



Frank Wilson
2007-09-20, 15:58
I have a machine that has been infected with malware, most likely a trojan, that Spybot appears to be unable to clean.

Symptons;

Connects computer to various web sites, even when not loged on to the net, such as;
hxxx:// wxx.firstceleb.com/mpop/
hxxx:// c5.zedo.com/jsc/c5/ffe.htm/


Computer is running MS Windows 2000 sp4

Actions taken;

Run Updated Spybot S&D in Windows mode Spybot detects Smutfraud-C Clean using "Fix Selected Problems;

Rerun Spybot on startup per instructions; Rerun Spybot on startup Spybot reports "no problem found" but problem immediately reocures.

Recheck for Spybot updates; No new updates

Reboot to "Safe Mode" Run Spybot in "Safe Mode" Smutfaud-c reported. RunFix Selected problems; all in "Safe Mode"

Reboot computer to Normal Windows; problem reocures within 10 minutes.

Update on efforts to clean;

Have run Spybot S&D several more times have checked for updates each time.

Now also infected "SpySheriff" however it is calling itself "Magicantispy.21" but appears to be the same as "SpySheriff"

Getting indications of changes Microsoft IE regestry changes.

Any Suggestion on what to do to clean infection?

tashi
2007-09-20, 18:39
Hello Frank Wilson.

As posted here: http://forums.spybot.info/showthread.php?t=18082 please see the stickied procedure for this forum:

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Copy/paste the logs requested into a new topic, I will close this one as helpers look for zero response.

Best regards. :)