View Full Version : Lingering Smitfraud-c.core service and recurring Virtumonde generic
My existing malware removal thread (http://forums.spybot.info/showthread.php?p=135160#post135160) helped me remove the visible problems bothering my computer, i.e., popups, slowness and other interruptions. Kaspersky online scan and Norton AV showed it clean. Only remaining issues are:
1. Spybot finds but cannot fix Smitfraid-c.coreservices registry key.
2. Spybot fixes Virtumonde generic but it keeps coming back.
Are these harmless (though annoying) vestiges only?
Thanks in advance.
Regards,
Charlie
md usa spybot fan
2007-11-14, 19:50
chasm:
While you are receiving help in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum, it is not advisable to seek help elsewhere. Please wait for a response to your thread there.
Thanks
My helper at Malware Removal referred me to this forum when my problem was reduced to only Spybot S & D finding problems.
Close this if you wish.
chasm
Hi chasm. :)
switch Spybot S&D into advanced mode
navigate to tools - view reports
check all boxes
click view report button to create the report
export the report to a textfile and attach the file to your next post
If the file is too big to attach here, send it to: detections(AT)spybot.info (Replace AT with @) and include links to your topics.
Cheers.
Hi Tashi,
Report is 221 KB so I'll e-mail it separately.
Subsequent S&D run showed only unfixable Smitfraud core services reg key. Virtumonde Generic is not always present.
Regards,
Charlie
spybotsandra
2007-11-19, 15:45
Hello,
Ok. I have e-mailed you back twice.
But you are sending another report without any comments or refering to the things that i wrote.
Without any cooperation or communication a can't help you, sorry.
Your log is clean.
Further you have cut the beginning, so we can't see what item of Smitfraud is found.
Probably this was a false positive.
Please download the latest detection update (2007/11/14):
http://www.safer-networking.org/en/download/index.html
This should fix it.
Or choose the direct installation file:
http://www.safer-networking.org/updates/files/spybotsd_includes.exe
Best regards
Sandra
Team Spybot
My apologies for the long intervals between posting: my access to my daughter's computer (the problem computer) was limited. As far as following your direction,
1. I downloaded the spybot updates as soon as I received them and reran with the same result, i.e., unfixable Smitfraud-C.CoreServices registry key.
2. I cannot explain the 'cutting' of the Spybot log; I did not edit them; I merely attached them. I ran the reports after running Spybot 'Fix Problems' was run. Since then I have run it again before attempting to fix the problem and there appears at the beginning of the log the following:
--- Search result list ---
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings
(Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start
Smitfraud-C.CoreService: [SBI $C0D676DB] Settings (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core
Smitfraud-C.CoreService: [SBI $B462702A] Settings (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\core[/B]
This is followed by what looks like the previous reports I've sent you.
If you're interested, I'll send that log.
Charlie