Smitfraud-C

[frustrated11]

I am unable to fix Smitfraud-C. I read in another thread that this problem will be fixed in a subsequent update. However, I can't get rid of it. Has it been updated? Is this in fact a false positive?

[tashi]

Hello.
We need a little more information before we can say if it is a f/p or not.

We may ask for a Spybot-S&D log but first:

Open Spybot>Help>About
Let us know the version and latest detection update.

Also what is your Operating System and which other security programs do you have installed.

Cheers.

[frustrated11]

i have spybot 1.4, last updated 01-06-06.

i have windows 2000. the other security programs i have are adaware, hijackthis, ewido, and spysweeper 3.0.

please let me know if you need anything else.

[tashi]

Thank you. No anti virus program?

HJT is a tool btw, not a security program so please do not use it without expert guidance.

<snip>

Edit: we posted at the same time.

Please post the full log and I will ask Lonny to take a look.
Open SpyBot, close all browsers, check for problems and fix everything found. Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

Uncheck[ ] do not report disabled or known legitimate Items.
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.

Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report please.

[frustrated11]

--- Search result list ---
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adulthell.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bin.wordsx.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crl.thawte.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\datingforlove.org\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\e-finder.cc\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\love-catalog.net\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\makechoice.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\meetyourfriend.biz\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t34rulit.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\terra.hcworld.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\toprefsys.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracking.allposters.com\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\visitfriend.net\*!=W=4

Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-15412401-895157793-1247027225-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.niger.ru\*!=W=4


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2006-01-12 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-01-06 Includes\Cookies.sbi (*)
2006-01-06 Includes\Dialer.sbi (*)
2006-01-06 Includes\Hijackers.sbi (*)
2006-01-06 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-01-06 Includes\Malware.sbi (*)
2006-01-06 Includes\PUPS.sbi (*)
2006-01-06 Includes\Revision.sbi (*)
2006-01-06 Includes\Security.sbi (*)
2006-01-06 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-01-06 Includes\Trojans.sbi (*)



--- System information ---
Windows 2000 (Build: 2195) Service Pack 4
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB896688
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB896727
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB905495
/ Internet Explorer 6 / SP1: Windows 2000 Hotfix - KB905915
/ Outlook Express 6 / SP1: Windows 2000 Hotfix - KB897715
/ Windows 2000 / SP4: Windows 2000 Service Pack 4
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB823182
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB823559
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB824105
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB826232
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB828035
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB828741
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB828749
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB835732
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB837001
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB839643
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB839645
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB840987
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841356
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841533
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841872
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB841873
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB842526
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB842773
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB871250
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB873333
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB873339
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB885250
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB885835
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB885836
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB888113
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB890046
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB890859
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB891781
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB893066
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB893086
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB893756
/ Windows 2000 / SP5: Windows Installer 3.1 (KB893803)
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB894320
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB896358
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB896422
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB896423
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB896424
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB899587
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB899588
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB899589
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB900725
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB901017
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB901214
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB902400
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB904706
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB905414
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB905749
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB908519
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB908523
/ Windows 2000 / SP5: Windows 2000 Hotfix - KB912919
/ Windows 2000 / SP5: Update Rollup 1 for Windows 2000 SP4
/ Windows Media Player: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player / SP0: Windows Media Player Hotfix [See Q828026 for more information]
/ Windows Media Player: Windows Media Update 817787


--- Startup entries list ---
Located: HK_LM:Run, BJCFD
command: C:\Program Files\BroadJump\Client Foundation\CFD.exe
file: C:\Program Files\BroadJump\Client Foundation\CFD.exe
size: 368706
MD5: ba9af06103549a96f77036861fde357b

Located: HK_LM:Run, CMPDPSRV
command: C:\WINNT\system32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
file: C:\WINNT\system32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
size: 40960
MD5: 5ea609093dc1dfa8ae828b1c7c8a3024

Located: HK_LM:Run, CPQEASYACC
command: C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
file: C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
size: 409600
MD5: 8f96b6cfce326d0dde5a8d68d5352d68

Located: HK_LM:Run, EACLEAN
command: C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
file: C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
size: 122880
MD5: bf3f57aa9b052a93750ade09a1c4e4b4

Located: HK_LM:Run, IPInSightMonitor 02
command: "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
file: C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
size: 122880
MD5: 7187b64d933c478227e6ccc04c0b68f7

Located: HK_LM:Run, nmapp
command: "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun
file: C:\Program Files\Pure Networks\Network Magic\nmapp.exe
size: 487424
MD5: c8287b18285db7710aa3f52f3179b7b0

Located: HK_LM:Run, Synchronization Manager
command: mobsync.exe /logon
file: C:\WINNT\system32\mobsync.exe
size: 111376
MD5: 9b2f5b9e745deaaa57fb78329ed03061

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 249856
MD5: 1ee09cdc2ff456cedf01f50a9884c976

Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 94208
MD5: 32ba3932acd6dea5c670b918a792f503

Located: HK_CU:Run, AIM
command: C:\Program Files\AIM\aim.exe -cnetwait.odl
file:

Located: HK_CU:Run, msnmsgr
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
size: 6856704
MD5: 05acc06b81fda7e01f7fbeae9dfc5a3d

Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496eee0ddbe485f658693826f44d38

Located: Startup (common), Adobe Gamma Loader.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Startup (common), D-Link AirPlus Xtreme G Configuration Utility.lnk
command: C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
file: C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
size: 512082
MD5: d93e0fa172827c1d1e4db6745ae7c1f6

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: f09fdff42a95cf027d63743b8c1d420a

Located: Startup (common), WinZip Quick Pick.lnk
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 118784
MD5: 67b2e7b6ae3b400d832f0456068ea83d

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, wzcnotif
command: wzcdlg.dll
file: wzcdlg.dll

[frustrated11]

--- Browser helper object list ---
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name: SDHELPER.DLL
Date (created): 1/12/2006 7:55:52 PM
Date (last access): 1/12/2006
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} ()
BHO name:
CLSID name:

{c0a51265-0105-4e1e-a79c-50286d8043ec} ()
BHO name:
CLSID name:



--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINNT\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINNT\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{0000000A-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINNT\Downloaded Program Files\wmsp9dmo.inf
Codebase: http://download.microsoft.com/downlo...2/wmsp9dmo.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} ()
DPF name:
CLSID name:
Installer:
Codebase:
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla

{31564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINNT\Downloaded Program Files\wmvax.inf
Codebase: http://codecs.microsoft.com/codecs/i386/wmvax.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{32564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINNT\Downloaded Program Files\wmv8ax.inf
Codebase: http://codecs.microsoft.com/codecs/i386/wmv8ax.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINNT\Downloaded Program Files\WMV9VCM.inf
Codebase: http://download.microsoft.com/downlo...22/wmv9VCM.CAB
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{49232000-16E4-426C-A231-62846947304B} ()
DPF name:
CLSID name:
Installer:
Codebase:
description:
classification: Open for discussion
known filename: SysInfo.dll
info link:
info source: Safer Networking Ltd.

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINNT\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/microsof...?1124237829784
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINNT\system32\
Long name: wuweb.dll
Short name:
Date (created): 5/26/2005 4:19:32 AM
Date (last access): 1/5/2006
Date (last write): 5/26/2005 4:19:32 AM
Filesize: 173536
Attributes: archive
MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
CRC32: EEF66B50
Version: 5.8.0.2469

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINNT\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsof...?1124237814061
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINNT\system32\
Long name: muweb.dll
Short name:
Date (created): 5/26/2005 4:19:32 AM
Date (last access): 1/5/2006
Date (last write): 5/26/2005 4:19:32 AM
Filesize: 178408
Attributes: archive
MD5: EE37AA2C0700221CD8B02FADCD4C7FB5
CRC32: F5494B06
Version: 5.8.0.2469

{74D05D43-3236-11D4-BDCD-00C04F9A3B61} ()
DPF name:
CLSID name:
Installer:
Codebase:
description: Trend Micro Antivirus online scanner
classification: Legitimate
known filename: XSCAN53.OCX
info link:
info source: Patrick M. Kolla

{88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0)
DPF name:
CLSID name: XML DOM Document 4.0
Installer: C:\WINNT\Downloaded Program Files\msxml4.inf
Codebase: http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
Path: %SystemRoot%\System32\
Long name: msxml4.dll

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINNT\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get.../ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINNT\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/actives...ree/asinst.cab
description:
classification: Open for discussion
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINNT\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 12/19/2005 1:35:32 PM
Date (last access): 1/12/2006
Date (last write): 12/19/2005 1:35:32 PM
Filesize: 135168
Attributes: archive
MD5: 20C07B231040B49AFCE82397BFC35F9C
CRC32: 9301377D
Version: 58.4.0.0

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
Installer: C:\WINNT\Downloaded Program Files\iuctl.inf
Codebase: http://v4.windowsupdate.microsoft.co...492.9377314815
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class)
DPF name:
CLSID name: YahooYMailTo Class
Installer: C:\Program Files\Yahoo!\Common\ymmapi.inf
Codebase: http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
description:
classification: Legitimate
known filename: ymmapi.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Yahoo!\Common\
Long name: ymmapi.dll
Short name:
Date (created): 5/20/2005 7:17:38 PM
Date (last access): 1/11/2006
Date (last write): 7/12/2003 3:54:56 PM
Filesize: 145120
Attributes: archive
MD5: 938E7F8E1F9116BAFC241C521037B265
CRC32: 34B4B129
Version: 2003.7.12.1

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
DPF name:
CLSID name: MsnMessengerSetupDownloadControl Class
Installer: C:\WINNT\Downloaded Program Files\MsnMessengerSetupDownloader.inf
Codebase: http://messenger.msn.com/download/Ms...Downloader.cab
description:
classification: Legitimate
known filename: MsnMessengerSetupDownloader.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINNT\Downloaded Program Files\
Long name: MsnMessengerSetupDownloader.ocx
Short name: MSNMES~1.OCX
Date (created): 3/17/2005 2:48:34 PM
Date (last access): 1/11/2006
Date (last write): 3/17/2005 2:48:34 PM
Filesize: 113152
Attributes: archive
MD5: 92D24B6643919005213F60D5B537196A
CRC32: 31684779
Version: 1.0.0.2

{B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class)
DPF name:
CLSID name: YAddBook Class
Installer: C:\Program Files\Yahoo!\Common\yab_af.inf
Codebase: http://download.yahoo.com/dl/installs/yab_af.cab
description: Yahoo! Address book
classification: Legitimate
known filename: %ProgramFiles%\Yahoo!\Common\yaddbook.dll
info link:
info source: Patrick M. Kolla
Path: C:\PROGRA~1\Yahoo!\Common\
Long name: yaddbook.dll
Short name:
Date (created): 5/20/2005 7:17:42 PM
Date (last access): 1/11/2006
Date (last write): 7/14/2003 2:34:22 PM
Filesize: 208896
Attributes: archive
MD5: 62F761A0DD956C1939D3892A7D2E78AF
CRC32: 88082425
Version: 2003.7.14.1

{D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class)
DPF name:
CLSID name: PhotosCtrl Class
Installer:
Codebase:
description:
classification: Legitimate
known filename: YPhotos.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Yahoo!\Common\
Long name: YPhotos.dll
Short name: YPHOTOS.DLL
Date (created): 5/20/2005 7:17:42 PM
Date (last access): 1/5/2006
Date (last write): 6/9/2003 4:52:08 PM
Filesize: 468128
Attributes: archive
MD5: B367D4316F0C8EFF50FEEABD9F01E5E5
CRC32: B99476A1
Version: 2003.6.9.1

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINNT\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/get...sh/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINNT\system32\macromed\flash\
Long name: Flash.ocx
Short name: FLASH.OCX
Date (created): 6/9/2004 3:59:26 PM
Date (last access): 1/12/2006
Date (last write): 6/9/2004 3:59:26 PM
Filesize: 939224
Attributes: archive
MD5: FC3E17E12C2E31FAC34B416B3DAB829F
CRC32: D1CF3A57
Version: 7.0.19.0

[SidneyKidney]

Hi guys

I think i'm having more Smitfraud-C problems. I followed all the advice that this thread has offered. I have run Spybot S+D several times, downloaded 'DelDomains' as suggested. However, every time my computer restarts and I check using Spybot S+D again I once again have Smitfraud-C! Its driving me nuts! I downloaded Smitfraudfix to remove another sort of Smitfraud but this still remains.

I really hope someone can help me. I will attach 2 images- the first is the shortcut which installs itself on my desktop every time I restart and the second is the icon which appears in the taskbar with the balloon that says "Security Warning: your computer may be infected with harmful or unwanted software!"

I am of course aware that this is just to encourage me to install malware but when clicking it it it brings up something called 'Spyware Detection Alert'- some odd sort of program....

Please help- I cant delete this thijng every time I start up! :(

Sandy

[Zenobia]

You could ask for help in the malware removal forum.

The instructions are here:
http://forums.spybot.info/showthread.php?t=288

Malware Removal:
http://forums.spybot.info/forumdisplay.php?f=22

[Nawitch]

OK, here is how to terminate the Smitfraud ,..,

1. Hard Boot your computer, (example)
"flip the power switch, wait for fan to stop, turn power back on"

Removed

I am unable to fix Smitfraud-C. I read in another thread that this problem will be fixed in a subsequent update. However, I can't get rid of it. Has it been updated? Is this in fact a false positive?

[tashi]

OK, here is how to terminate the Smitfraud ,..,

1. Hard Boot your computer, (example)
"flip the power switch, wait for fan to stop, turn power back on"

Etc... No.

If one can find the file/s, zip and send to: detections(AT)spybot.info (Replace AT with @)

Also include the results of a Spybot-S&D scan.

• Open Spybot-S&D and start a scan ("check for problems").
• After the scan, right-click in the results field and choose either "Save full report to file..." or "Copy full report to clipboard".
• Attach the file (or copy the report) to the email.

Then follow the procedure in this link: "BEFORE you POST" -Preliminary Steps and start a topic in the Malware Removal Forum

Once posted a trained malware remover helper will advise.

BTW, for those who would like to be trained to help others in the removal of malware, please see this topic:

http://forums.spybot.info/showthread.php?t=10777