PDA

View Full Version : Virus Alert! in taskbar



legit_hakr
2006-05-04, 02:14
i have run avg anti virus, spybot search and destroy as well as ad-aware but they dont get rid of it here is my smitfraud rapport.txt

SmitFraudFix v2.39

Scan done at 19:10:26.01, 03/05/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\dvdcap.dll FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E}"="CD-DVD Device"

[HKEY_CLASSES_ROOT\CLSID\{1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E}\InProcServer32]
@="C:\WINDOWS\system32\dvdcap.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E}\InProcServer32]
@="C:\WINDOWS\system32\dvdcap.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

steamwiz
2006-05-05, 01:49
HI

1. Reboot into >>>safe mode (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
2. Double-click smitfraudfix.cmd
3. Select 2 and hit Enter to delete infected files
4. You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection
5. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file
6. A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt ... Post the contents of the C:\rapport.txt file in your next post here... + a hijackthis log.

process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm

steam

tashi
2006-05-11, 09:33
This topic is closed due to lack of a response to helper.