PDA

View Full Version : Lingering Smitfraud-c.core service and recurring Virtumonde generic



chasm
2007-11-14, 16:13
My existing malware removal thread (http://forums.spybot.info/showthread.php?p=135160#post135160) helped me remove the visible problems bothering my computer, i.e., popups, slowness and other interruptions. Kaspersky online scan and Norton AV showed it clean. Only remaining issues are:
1. Spybot finds but cannot fix Smitfraid-c.coreservices registry key.
2. Spybot fixes Virtumonde generic but it keeps coming back.

Are these harmless (though annoying) vestiges only?

Thanks in advance.
Regards,
Charlie

md usa spybot fan
2007-11-14, 19:50
chasm:

While you are receiving help in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum, it is not advisable to seek help elsewhere. Please wait for a response to your thread there.

Thanks

chasm
2007-11-14, 20:27
My helper at Malware Removal referred me to this forum when my problem was reduced to only Spybot S & D finding problems.

Close this if you wish.

chasm

tashi
2007-11-15, 04:32
Hi chasm. :)


switch Spybot S&D into advanced mode
navigate to tools - view reports
check all boxes
click view report button to create the report
export the report to a textfile and attach the file to your next post


If the file is too big to attach here, send it to: detections(AT)spybot.info (Replace AT with @) and include links to your topics.

Cheers.

chasm
2007-11-15, 15:08
Hi Tashi,
Report is 221 KB so I'll e-mail it separately.

Subsequent S&D run showed only unfixable Smitfraud core services reg key. Virtumonde Generic is not always present.

Regards,
Charlie

spybotsandra
2007-11-19, 15:45
Hello,

Ok. I have e-mailed you back twice.
But you are sending another report without any comments or refering to the things that i wrote.
Without any cooperation or communication a can't help you, sorry.

Your log is clean.
Further you have cut the beginning, so we can't see what item of Smitfraud is found.

Probably this was a false positive.
Please download the latest detection update (2007/11/14):
http://www.safer-networking.org/en/download/index.html
This should fix it.
Or choose the direct installation file:
http://www.safer-networking.org/updates/files/spybotsd_includes.exe

Best regards
Sandra
Team Spybot

chasm
2007-11-20, 17:22
My apologies for the long intervals between posting: my access to my daughter's computer (the problem computer) was limited. As far as following your direction,
1. I downloaded the spybot updates as soon as I received them and reran with the same result, i.e., unfixable Smitfraud-C.CoreServices registry key.
2. I cannot explain the 'cutting' of the Spybot log; I did not edit them; I merely attached them. I ran the reports after running Spybot 'Fix Problems' was run. Since then I have run it again before attempting to fix the problem and there appears at the beginning of the log the following:

--- Search result list ---
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings
(Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

Smitfraud-C.CoreService: [SBI $C0D676DB] Settings (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core

Smitfraud-C.CoreService: [SBI $B462702A] Settings (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\core[/B]

This is followed by what looks like the previous reports I've sent you.

If you're interested, I'll send that log.

Charlie