Smitfraud-C issues

[oldman960]

Hi

Let's see if this will show the problem.



Next

• click start
• in the search box type cmd
• right click the cmd that appears at the top of the list and click "Run as Adminstrator"
• A black command window will open
• copy and paste the following command into the black window
  
  ipconfig /all
  
• wait it to finish and a new command prompt to appear
• right click in the windows and click select all
• click the tiny c:\ in the upper left hand corner
• highlight edit, click copy
• open a new reply in this topic and right click in the reply box and click paste
• you should see the text from the command window

[cdauman8]

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Craig>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Craig-Sony
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-22-FB-A6-6F-54
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f02b:333b:24c:957f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, March 12, 2012 7:26:46 PM
Lease Expires . . . . . . . . . . : Saturday, April 20, 2148 12:42:22 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 184558331
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-25-97-18-00-24-BE-38-EB-FC

DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8057 PCI-E Gigabit Ether
net Controller
Physical Address. . . . . . . . . : 00-24-BE-38-EB-FC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C1121A84-3E64-4076-93C4-3FECC133764B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

C:\Users\Craig>

[cdauman8]

I've been running these scans and fixes with my wireless turned off, FYI. If that matters

[oldman960]

Hi cdauman8,

I've been running these scans and fixes with my wireless turned off, FYI. If that matters

In order for MBAM to update it needs an internet connection. Please turn the wireless on and try to update MBAM.

[cdauman8]

No threats found.

[oldman960]

Hi cdauman8,

Everything looks good so we'll remove the tools. Keep Defogger, we will use it shortly.

From your desktop, please delete, if present

• any notepads/logs that we created
• aswMBR
• mbr.dat
• mbr.zip
• TDSSKiller
  
  

You can also delete from the C:\ drive the file called TDSSKiller_* (* denotes version & date)


Next

Click the Start button,in the search box type Run. At the top click run

Copy and paste the following line into the run box and click OK

Combofix /uninstall



Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.



To re-enable your Emulation drivers, double click DeFogger to run the tool.

• The application window will appear
• Click the Re-enable button to re-enable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled. You can delete Defogger.


I suggest you keep MBAM. Keep it updated and use it regularly.


Updates

Java

You have an older version of Java installed.

Click on the Start button > Control Panel

Depending on your setings, either[*] click on the Uninstall a program option under the Programs category. [*]If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.[/list]Uninstall the following program

Java(TM) SE Runtime Environment 6

Do not uninstall any other version of java you may find.


Next, clear the java cache

To clear the Java Plug-in cache:

• Click Start > Control Panel.
• Double-click the Java icon in the control panel.
• On the General tab, Click Settings under Temporary Internet Files.
• On the Temporary Files Settings screen, Click Delete Files.
• check all boxes
• Click OK

Adobe Reader

You have an older version of Adobe Reader. You can download the current version HERE

You may want to consider Foxit Reader instead. It may be a bit lighter on resources. If you choose FoxIt be sure to decline the Foxit Toolbar offered during the install.

Visit their support forum
Foxit Forum

In either case you should uninstall Adobe Reader 9.1.2 first. Be sure to move any PDF documents to another folder first though.


Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Those you have now provided you are using a firewall. Windows 7 has a built in firewall which is pretty good when set up. You can find some very good information HERE .


You should also use Spyware Blaster to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.


-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.

• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.


- Make sure you have reset Windows Updates to your chosen option. Click your start button > Control Panel > System > Windows updates (lower left) > change settings


- Keep your antivirus program updated, as well as any other security programs you have.


-More tips and programs can be found HERE

Please post back if you have any problems.

[cdauman8]

Things seem to be running fine. I couldn't find the defrogger so I didn't do that step. But everything else seems good. Thank you so much. You were beyond impressive.

[cdauman8]

Do I need ERUNT or NTREGOPT still? Do I just delete those?

[oldman960]

Hi cdauman8,

You are welcome.

You can keep ERUNT if you would like to. It can be used to keep a registry backup. If you don't want it it should be uninstalled via Programs and Features.

[oldman960]

Since this issue appears to be resolved ... this Topic has been closed.