Smitfraud-C.generic

[diver79]

No problem, no need to do it now. You can wait until you've recovered, I just needed to know if you were still in need of assistance.

diver79

[woofs2china]

I am feeling better. The plan was to do it while the children napped today. I have left the computer as is with that screen showing. Here is the picture.

[diver79]

Thats great! Computer looks like its recovered too

The partition that came with the infection is no longer present.

Please run a scan with Malwarebytes to check for any additional leftovers.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  Update Malwarebytes' Anti-Malware
  Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Quick Scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
• When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

[woofs2china]

It said it didn't find anything. Phew!

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.27.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Stephen Woof :: STEPHENWOOF-PC [administrator]

Protection: Enabled

2/27/2012 6:50:18 PM
mbam-log-2012-02-27 (18-50-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193037
Time elapsed: 2 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[diver79]

Excellent, there is still some cleanup left to do before we finish.

Will post instructions for this tomorrow.

diver79.

[diver79]

Hi Jennifer,

Congrats! Your PC is free from infection. Follow the steps below to clean up infected restore points.

Create a new, clean System Restore point

• Create a new, clean System Restore point which you can use in case of future system problems:
• Press Start >> Right click on Computer, and select Properties.
• Click on the System Protection link, located on the right hand side menu.
• Select Create , type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:

• Next click Start >> in the Search Programs and Files search box type cleanmgr and press OK
• Select the C: drive and click OK.
• Ensure the following boxes are checked;
  • Recycle Bin
  • Temporary Files
  • Temporary Internet Files
• Select the Clean Up System Files button.
• Select the C: drive again and select OK.
• Select the More Options tab and under System Restore and Shadow Copies click the Clean up button.
• Select Delete, Press OK and Delete Files to confirm

Additional Security Tips.
Update your Antivirus programs and other programs regularly.
Secunia Personal Software Inspector - Copyright © Secunia. This app will monitor programs on your computer for known vulnerabilities. You can set it to auto-update for you, or just prompt you if an update is available. I highly recommend it.
F-secure Health Check - Copyright © F-Secure Corporation. F-Secure Health Check is a free application that tells you if your computer is protected and helps you fix possible security issues.

You can now delete any of the programs we installed earlier.

Unless you have any other issues this topic will be closed.

[woofs2china]

Thank you SO much for all your work and time. Although you did an excellent job, I plan on never needing your services again!

J Woof