Help! Infected with Smitfraud.c and others?

[confusedpharm]

Actually, just started a new problem ... Each time I open a file, program, or any when the computer does any process a box displays the following:

The application or DLL C:\WINDOWS\system32\nevibuni.dll is not a valid Windows image. Please check this against your installation diskette.

How do I get rid of this? Everything seems to be working appropriately, except for the box that always pops up?

Thanks

 

[shelf life]

hi,

ok good. cant find any reference to that .dll so we will assume its not part of a legit application. navigate to the:

C:\WINDOWS\system32 dir. and see if you can find:
nevibuni.dll

if so go to the website below and browse for the file again and upload it to the website using the send button. you can copy/paste the results in your reply:

http://www.virustotal.com/

 

[confusedpharm]

Here is the response when uploaded:

0 bytes size received / Se ha recibido un archivo vacio

Also, to find the file, I had to show hidden files and folders, and "un"hide proteceted OS files, and extensions for known file types.

Also, when I look at its properties, It is 0bytes, and opens with unknown application.

Do you think that I can delete?

Thanks

 

[confusedpharm]

Just an FYI,
I went ahead and sent it to my recycle bin. No more problems and all seems to be working well. ANything else that I need to do? WHat was the script you had me use with combofix?

Thanks again

 

[shelf life]

hi,

your welcome. good, deleting that .dll would have been my next suggestion.
the script was to have combofix remove some items. couple things to do; make anew restore point. the how and why:

One of the features of Windows ME,XP and Vista is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore folder. Therefore, clearing the restore points is a good idea after malware is removed.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

not only is it important to keep Windows updated, also keep other apps updated. Check links in item 1 below. for your reference:

Reducing Your Risk
The Short Version:

1) Keep your OS,(Windows) browser (IE, FireFox) and other Software up to date to "patch" vulnerabilities.
2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons.
3) Install and keep them all updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless.
4) Refrain from clicking on links or attachments you receive via E-Mail, IM, Chat Rooms or Social Sites, no matter how tempting or legitimate the message may seem. Are you sure of the source that sent them?
5) Don't click on ads/pop ups or offers from websites requesting that you install software to your computer. Do you trust the website?
6) Don't click on offers to "scan" your computer.
7) Set up and use limited accounts for everyday use, rather than administrator accounts.
8) Install a third party software firewall.
9) Consider using an alternate browser and E-mail client.
10) If your habits include: warez,or p2p file sharing then you are much more likely to encounter malicious code. Do you trust the source?

longer version in link below.
happy safe surfing out there