Smitfraud-C and TinyBar.C

[Blade81]

Hi

Creating & executing batch file
-------------------------------

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
copy C:\Program Files\Windows NT\Accessories\wordpad.exe c:\WINDOWS\system32\dllcache
exit

Double-click on fixes.bat file to execute it.

After that make sure you have zip extracted (not running the script straight from temporary location) and run registry search script again.

 

[jrarely]

No dice. Created and ran the .bat file, then re-ran the vbs script from my desktop. Same error.

 

[Blade81]

Hi

Let's try with another tool then

Download and run Registry Search by Bobbi Flekman here. Follow the instructions behind the link and use Patrol again as a search string. Post back the results.

 

[jrarely]

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 3/4/2009 8:53:41 PM for strings:
; 'patrol'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\Scan Directory with PestPatrol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\Scan Directory with PestPatrol\Command]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adwarepatrol.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adwarepatrol.com\www]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PestPatrol Corporate Edition]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PestPatrol Corporate Edition]
"Publisher"="PestPatrol, Inc."
"HelpLink"="http://PestPatrol.com/Forum/"
"HelpTelephone"="CorpSupport@PestPatrol.com"
"URLInfoAbout"="http://PestPatrol.com/Support/"
"DisplayIcon"="C:\\Program Files\\PestPatrol\\PestPatrol.exe,-0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"Pants Patrol (TrueType)"="PANTSPAT.TTF"

[HKEY_LOCAL_MACHINE\SOFTWARE\PestPatrol]

[HKEY_LOCAL_MACHINE\SOFTWARE\PestPatrol\Machine]

[HKEY_LOCAL_MACHINE\SOFTWARE\SaferSite\PestPatrol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/PestPatrol/install.log]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/PestPatrol/install.log]
"C:\\Program Files\\PestPatrol\\PPEngine.dll"=dword:00000000
"C:\\Program Files\\PestPatrol\\unzip32.dll"=dword:00000000
"C:\\Program Files\\PestPatrol\\PestPatrol.exe"=dword:00000000
"C:\\Program Files\\PestPatrol\\PestPatrolCL.exe"=dword:00000000
"C:\\Program Files\\PestPatrol\\PPControl.exe"=dword:00000000
"C:\\Program Files\\PestPatrol\\PPMemCheck.exe"=dword:00000000
"C:\\Program Files\\PestPatrol\\bmstrstr.dll"=dword:00000000
"C:\\Program Files\\PestPatrol\\KPexc.dat"=dword:00000000
"C:\\Program Files\\PestPatrol\\PPFile.dat"=dword:00000000
"C:\\Program Files\\PestPatrol\\PPInfo.dat"=dword:00000000
"C:\\Program Files\\PestPatrol\\Spyware.dat"=dword:00000000

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com\www]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adwarepatrol.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adwarepatrol.com\www]

[HKEY_USERS\S-1-5-21-4028982723-4060818117-2911195797-1008\Software\Microsoft\Search Assistant\ACMru\5603]
"001"="Pest Patrol"
"002"="PestPatrol"

[HKEY_USERS\S-1-5-21-4028982723-4060818117-2911195797-1008\Software\Microsoft\Shared Tools\Panose]
; Contents of value:
; 
"Pants Patrol"=hex:00,00,04,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-4028982723-4060818117-2911195797-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\web]
"c"="C:\\Documents and Settings\\Shaw\\Desktop\\my docs\\bigtitpatrol.com\\bigtitpatrol.com.web"

[HKEY_USERS\S-1-5-21-4028982723-4060818117-2911195797-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\PestPatrol]

[HKEY_USERS\S-1-5-21-4028982723-4060818117-2911195797-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com]

[HKEY_USERS\S-1-5-21-4028982723-4060818117-2911195797-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com\www]

[HKEY_USERS\S-1-5-21-4028982723-4060818117-2911195797-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adwarepatrol.com]

[HKEY_USERS\S-1-5-21-4028982723-4060818117-2911195797-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adwarepatrol.com\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com\www]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adwarepatrol.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\adwarepatrol.com\www]

; End Of The Log...

 

[Blade81]

Hi again,

Download ERUNT
Save it to your desktop. Run and install this program.

In the box that opens ONLY choose
System registry.

Then click OK.

Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.


Save text below as fix.reg on Notepad (save it as all files (*.*)) on the Desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\Scan Directory with PestPatrol]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PestPatrol Corporate Edition]

[-HKEY_LOCAL_MACHINE\SOFTWARE\PestPatrol]

[-HKEY_LOCAL_MACHINE\SOFTWARE\SaferSite\PestPatrol]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wise Solutions\Wise Installation System\Repair\C:/Program Files/PestPatrol/install.log]

[HKEY_USERS\S-1-5-21-4028982723-4060818117-2911195797-1008\Software\Microsoft\Search Assistant\ACMru\5603]
"001"=-
"002"=-

[-HKEY_USERS\S-1-5-21-4028982723-4060818117-2911195797-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\PestPatrol]

It should look like this ->

Doubleclick fix.reg, press Yes and ok.

 

[jrarely]

Looks like that did the trick. Thanks for your help. Spybot runs cleanly and no Pest Patrol warnings.

 

[Blade81]

Good to hear that helped Guess we can archive the topic now, can't we?

 

[jrarely]

Yes. Thanks again.

 

[Blade81]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.