PDA

View Full Version : please help me remove smitfraud-c.coreservice



ihatepests
2007-12-22, 06:24
kaspersky report

Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 42447
Number of viruses found 2
Number of infected objects 10
Number of suspicious objects 0
Duration of the scan process 00:57:47

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Dale Acamo Jr\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Dale Acamo Jr\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Dale Acamo Jr\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Dale Acamo Jr\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Dale Acamo Jr\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Dale Acamo Jr\Local Settings\History\History.IE5\MSHist012007122120071222\index.dat Object is locked skipped

C:\Documents and Settings\Dale Acamo Jr\Local Settings\Temp\~DF4F70.tmp Object is locked skipped

C:\Documents and Settings\Dale Acamo Jr\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Dale Acamo Jr\ntuser.dat Object is locked skipped

C:\Documents and Settings\Dale Acamo Jr\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ307271$\spuninst\spuninst.exe Object is locked skipped

C:\WINDOWS\$NtUninstallQ307271$\spuninst\spuninst.inf Object is locked skipped

C:\WINDOWS\$NtUninstallQ307271$\usbuhci.sys Object is locked skipped

C:\WINDOWS\$NtUninstallQ308677$\spuninst\spuninst.exe Object is locked skipped

C:\WINDOWS\$NtUninstallQ308677$\spuninst\spuninst.inf Object is locked skipped

C:\WINDOWS\$NtUninstallQ308677$\userenv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ309521$\dxmasf.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ309521$\lsasrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ309521$\msdxm.ocx Object is locked skipped

C:\WINDOWS\$NtUninstallQ309521$\sfcfiles.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe Object is locked skipped

C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.inf Object is locked skipped

C:\WINDOWS\$NtUninstallQ311889$\spuninst\spuninst.exe Object is locked skipped

C:\WINDOWS\$NtUninstallQ311889$\spuninst\spuninst.inf Object is locked skipped

C:\WINDOWS\$NtUninstallQ311889$\termsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ312368$\spuninst\spuninst.exe Object is locked skipped

C:\WINDOWS\$NtUninstallQ312368$\spuninst\spuninst.inf Object is locked skipped

C:\WINDOWS\$NtUninstallQ312368$\syssetup.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ314862$\qmgr.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe Object is locked skipped

C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.inf Object is locked skipped

C:\WINDOWS\$NtUninstallQ315000$\netsetup.exe Object is locked skipped

C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe Object is locked skipped

C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.inf Object is locked skipped

C:\WINDOWS\$NtUninstallQ315000$\ssdpapi.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ315000$\ssdpsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ315000$\upnp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ323172$\reg00003 Object is locked skipped

C:\WINDOWS\$NtUninstallQ323172$\reg00005 Object is locked skipped

C:\WINDOWS\$NtUninstallQ323172$\reg00008 Object is locked skipped

C:\WINDOWS\$NtUninstallQ323172$\reg00009 Object is locked skipped

C:\WINDOWS\$NtUninstallQ323172$\reg00010 Object is locked skipped

C:\WINDOWS\$NtUninstallQ323172$\reg00011 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\images.zip/IMG34814.pif Infected: Backdoor.Win32.IRCBot.awd skipped

C:\WINDOWS\images.zip ZIP: infected - 1 skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped

C:\WINDOWS\system32\drivers\core.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Loader.exe Infected: Backdoor.Win32.IRCBot.avw skipped

C:\WINDOWS\Temp\mo467ly.exe Infected: Backdoor.Win32.IRCBot.awd skipped

C:\WINDOWS\Temp\Perflib_Perfdata_798.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\wkssvr.exe Infected: Backdoor.Win32.IRCBot.awd skipped

C:\WINDOWS\z1z1.exe Infected: Backdoor.Win32.IRCBot.awd skipped

C:\WINDOWS\zas.exe Infected: Backdoor.Win32.IRCBot.awd skipped

C:\WINDOWS\zas2.exe Infected: Backdoor.Win32.IRCBot.awd skipped

C:\WINDOWS\zass.exe Infected: Backdoor.Win32.IRCBot.awd skipped

C:\WINDOWS\zasss.exe Infected: Backdoor.Win32.IRCBot.awd skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Blade81
2007-12-30, 17:57
Hi


Though you didn't post HijackThis log I can say that one or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post (if you decide to take cleaning path then post HijackThis log).

Blade81
2008-01-04, 13:17
Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.