Problem Removing Smitfraud-C.Toolbar.888.

Hi Shaba,

Three reports follow as I was unsure which you required.

*********
RESIDENT LOG
11/05/2007 14:21:03 Denied value "SSC_UserPrompt" (new data: "") deleted in System Startup global entry!
11/05/2007 15:24:40 Denied value "SSC_UserPrompt" (new data: "") deleted in System Startup global entry!
11/05/2007 15:47:13 Denied value "SSC_UserPrompt" (new data: "") deleted in System Startup global entry!
11/05/2007 17:47:52 Denied value "SSC_UserPrompt" (new data: "") deleted in System Startup global entry!

*********
SPYBOT FIXES REPORT

--- Report generated: 2007-05-11 15:48 ---

Smitfraud-C.Toolbar888: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-220523388-1767777339-839522115-1003\Software\Microsoft\aldd

Smitfraud-C.Toolbar888: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR

Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

Microsoft.WindowsSecurityCenter.UpdateDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0

**********
SPYBOT REPORT
Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

Microsoft.WindowsSecurityCenter.UpdateDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-05-11 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-04-18 advcheck.dll (1.5.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-05-09 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-05-09 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-05-09 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-05-09 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-05-09 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-05-09 Includes\PUPSC.sbi (*)
2007-05-09 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-05-09 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-05-09 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-05-02 Includes\Trojans.sbi (*)
2007-05-09 Includes\TrojansC.sbi (*)
 
Hi

These are fine, feel free to put them to ignore if you like to:


Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

Microsoft.WindowsSecurityCenter.UpdateDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0

These should be gone on next scan:

Smitfraud-C.Toolbar888: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-220523388-1767777339-839522115-1003\Software\Microsoft\aldd

Smitfraud-C.Toolbar888: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR

As for resident log, I think this forum will help you :)
 
Hi Shaba,

I feel the MS Security Center finds are due to the fact that I have switched off auto-update of XP. I prefer to conduct this manually. These will be added to the SpyBot ignore list.

I was surprised by the rediscovery of Smitfraud-C.Toolbar888 that the first scan by SpyBot again found . I was concerned that there may have been residual elements of the earlier infection still remaining. Subsequent SpyBot scans do not find this malware.

Resident continues to block the "SSC_UserPrompt" so I will raise a post in the forum you suggested.

Many Thanks.
 
Hi

"I feel the MS Security Center finds are due to the fact that I have switched off auto-update of XP. I prefer to conduct this manually."

Yes, you're right :)

I hope that you will get answer for that teatimer issue in that forum.
 
Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
 
You must log in or register to reply here.
Back
Top