I have this problem that no (spy/mal)ware could remove. There is a blinking wheelchair and kind of like a no-entry icon that alternate in blinking in the system tray. If hovered over, it says Virus Alert! Then a balloon pops up and says:

"Your computer is infected. Critical System Error! System detected virus activities. The may cause critical system failure. Please use antimalware software to clean and protect your system from parasite programs. Click here to get all available software."

After some time, a yellow triangle appears in systemtray too and a balloon pops up, saying some wierd virus name and that I am "supposely" infected and that I have to click the balloon to remove it.

This is all false. Someone plz help me remove this "anti-virus/malware" malware.

SmitFraudFix v2.39

Scan done at 12:00:18.43, Sun 05/07/2006
Run from C:\Documents and Settings\Fausto F. Reyes.MCLOCHE\Desktop\Mozilla Downloads\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\twain32.dll FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Fausto F. Reyes.MCLOCHE\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\FAUSTO~1.MCL\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}"="Twain"

[HKEY_CLASSES_ROOT\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}\InProcServer32]
@="C:\WINDOWS\System32\twain32.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}\InProcServer32]
@="C:\WINDOWS\System32\twain32.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Hello, Welcome

redownload smithfraudfix (its updated frequently) , fallow the instruction in this post please.
http://forums.spybot.info/showthread.php?t=4015

Due to lack of responses this thread is closed
If you still need assistance a new log will be needed, send me or Tashi a PM and we will re-open it.

Re-opend on request


I am sorry, may you please reopen the post so that after I do the steps, I post follow-ups. Such questions are: The Smitfraudfix on the link you provided is the one i downloaded, so where can I get the latest version?


I posted a link that includes current version, note that the developer doesnt always update whats reported as the version, so it's best to re-download if it is more that two days old.

Archived