ramodagama
New member
I got this today and i have no idea how i got it. Im kind of new to most of this kind of stuff. Everytime i get rid of it it comes back.
Smitfraud-C
- Thread starter ramodagama
- Start date
It would be best if you showed what Spybot is finding,so that someone here could see if it may be a false positive or not.So,could you please do this?
- Open SpyBot.
- Check for problems.
- When finished, right click and choose copy results (not the full report) to clipboard and post that into topic.
ramodagama
New member
Heres the results:
DeepDive: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
DeepDive: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
DeepDive: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
Smitfraud-C.: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MSVPS.MSVPSApp
Smitfraud-C.: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{283A0EE3-2CC1-45AB-8207-B1D7B69C7F83}
Smitfraud-C.: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{283A0EE3-2CC1-45AB-8207-B1D7B69C7F83}
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-01-27 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-08-15 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-08-15 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-08-15 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-15 Includes\KeyloggersC.sbi (*)
2007-08-01 Includes\Malware.sbi (*)
2007-08-15 Includes\MalwareC.sbi (*)
2007-08-08 Includes\PUPS.sbi (*)
2007-08-15 Includes\PUPSC.sbi (*)
2007-08-15 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-08-15 Includes\SecurityC.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-15 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-08-01 Includes\Trojans.sbi (*)
2007-08-15 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
DeepDive: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
DeepDive: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
DeepDive: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
Smitfraud-C.: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MSVPS.MSVPSApp
Smitfraud-C.: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{283A0EE3-2CC1-45AB-8207-B1D7B69C7F83}
Smitfraud-C.: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{283A0EE3-2CC1-45AB-8207-B1D7B69C7F83}
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-01-27 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-08-15 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-08-15 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-08-15 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-15 Includes\KeyloggersC.sbi (*)
2007-08-01 Includes\Malware.sbi (*)
2007-08-15 Includes\MalwareC.sbi (*)
2007-08-08 Includes\PUPS.sbi (*)
2007-08-15 Includes\PUPSC.sbi (*)
2007-08-15 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-08-15 Includes\SecurityC.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-15 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-08-01 Includes\Trojans.sbi (*)
2007-08-15 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
Last edited by a moderator:
hello,
please make another scan with spybot and do the following:
click on the blue icon right of the findings, a double click on the first icon will open the windows registry editor and navigate to the registry location.
Please rightclick the key (keys look like folders) within the registry editor and choose export.
Repeat this for each of the listed findings and sent the .reg files to detections-at-spybot.info (replace -at- with @).
With these registry exports we can see what is entered in those keys and can better determine if it is a false positive or an infection that is not fully detected.
Please also sent a complete Spybot Log with your email to the address above.
please make another scan with spybot and do the following:
click on the blue icon right of the findings, a double click on the first icon will open the windows registry editor and navigate to the registry location.
Please rightclick the key (keys look like folders) within the registry editor and choose export.
Repeat this for each of the listed findings and sent the .reg files to detections-at-spybot.info (replace -at- with @).
With these registry exports we can see what is entered in those keys and can better determine if it is a false positive or an infection that is not fully detected.
Please also sent a complete Spybot Log with your email to the address above.
ramodagama
New member
How long do you have to wait until they reply? It gets annoying when the warnings keep popping up.
tashi
Member of Team Spybot
ramodagama has started a topic in the malware removal forum: http://forums.spybot.info/showthread.php?t=17143
ramodagama
New member
After the removal Spybot says that i have no infections but i still get the same popups.
ramodagama
New member
After a few restarts i found the spywares again but no popups. Here is the results:
DeepDive: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
DeepDive: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
DeepDive: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
Smitfraud-C.: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MSVPS.MSVPSApp
Smitfraud-C.: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{283A0EE3-2CC1-45AB-8207-B1D7B69C7F83}
Smitfraud-C.: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{283A0EE3-2CC1-45AB-8207-B1D7B69C7F83}
Smitfraud-C.MSVPS: Library (File, nothing done)
C:\WINDOWS\duocore.dll
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-01-27 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-08-22 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-08-22 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-08-22 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-22 Includes\KeyloggersC.sbi (*)
2007-08-01 Includes\Malware.sbi (*)
2007-08-22 Includes\MalwareC.sbi (*)
2007-08-22 Includes\PUPS.sbi (*)
2007-08-22 Includes\PUPSC.sbi (*)
2007-08-22 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-08-22 Includes\SecurityC.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-22 Includes\SpybotsC.sbi (*)
2007-08-23 Includes\TED-Smitfraud-C.MSVPS.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-08-01 Includes\Trojans.sbi (*)
2007-08-22 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
DeepDive: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
DeepDive: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
DeepDive: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
Smitfraud-C.: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MSVPS.MSVPSApp
Smitfraud-C.: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{283A0EE3-2CC1-45AB-8207-B1D7B69C7F83}
Smitfraud-C.: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{283A0EE3-2CC1-45AB-8207-B1D7B69C7F83}
Smitfraud-C.MSVPS: Library (File, nothing done)
C:\WINDOWS\duocore.dll
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-01-27 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-08-22 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-08-22 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-08-22 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-22 Includes\KeyloggersC.sbi (*)
2007-08-01 Includes\Malware.sbi (*)
2007-08-22 Includes\MalwareC.sbi (*)
2007-08-22 Includes\PUPS.sbi (*)
2007-08-22 Includes\PUPSC.sbi (*)
2007-08-22 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-08-22 Includes\SecurityC.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-22 Includes\SpybotsC.sbi (*)
2007-08-23 Includes\TED-Smitfraud-C.MSVPS.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-08-01 Includes\Trojans.sbi (*)
2007-08-22 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
hello,
I followed the other thread, is it still correct that this
Smitfraud-C.MSVPS: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3085632509-3235412490-3220655986-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{283A0EE3-2CC1-45AB-8207-B1D7B69C7F83}
is still beeing found?
Actually it is not harmful by itself since it is only a trace of the originial trojan horse. You may not be able to remove this due to access right restrictions on your computer. Please try scanning and fixing as an Administrator or in Windows safe mode.
I followed the other thread, is it still correct that this
Smitfraud-C.MSVPS: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-3085632509-3235412490-3220655986-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{283A0EE3-2CC1-45AB-8207-B1D7B69C7F83}
is still beeing found?
Actually it is not harmful by itself since it is only a trace of the originial trojan horse. You may not be able to remove this due to access right restrictions on your computer. Please try scanning and fixing as an Administrator or in Windows safe mode.
ramodagama
New member
Ok thank you very much. I was wondering if it was harmful or not.