smitfraud.C and CMD service Malware removal help

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:40:38 PM 10/17/2006

+ Scan result:



C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000839.dll -> Adware.Aws : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000840.dll -> Adware.CommAd : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000841.exe -> Adware.CommAd : Cleaned.
HKLM\SOFTWARE\MalwareWipe.com -> Adware.Malwarewipe : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP5\A0000660.dll -> Adware.Searchcolours : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP3\A0000515.dll -> Adware.Systemdoctor : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP3\A0000516.exe -> Adware.Systemdoctor : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP3\A0000520.exe -> Adware.Systemdoctor : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000815.exe -> Downloader.Zlob.apm : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000836.dll -> Logger.VBStat.e : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000837.dll -> Logger.VBStat.e : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000838.dll -> Trojan.BHO.g : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000835.exe -> Trojan.Starter.65 : Cleaned.


::Report end
 
Logfile of HijackThis v1.99.1
Scan saved at 2:53:58 PM, on 10/17/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [qhssili.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\qhssili.dll,eaoplz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160802216912
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe


Thanks again!
-Adam
 
One remaning item
Start Hijackthis and place a check next to these items If there.
O4 - HKLM\..\Run: [qhssili.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\qhssili.dll,eaoplz

====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Let us know of any problems
 
Still ok ?

If so Purge System Restore
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Then Reboot. < Dont skip that step.
Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279
 
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

If you should need to post another log for the same PC let one of us know via a PM (personal message).
 
You must log in or register to reply here.
Back
Top