Spybot lists Smitfraud-C.CoreService

[leejames75]

Just run spybot again and the following appear under the C.CoreService

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Core

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Core

 

[leejames75]

Spybot fixes

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Core


Please note all logs were done in SAFE MODE


Regards

Lee James

 

[leejames75]

Here is a log from SmitFraudFix


SmitFraudFix v2.186

Scan done at 10:00:50.83, 23/05/2007
Run from C:\Documents and Settings\Richard Wilkinson\Desktop\Utilities\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B8896F53-9EE0-4692-8D8F-53D2A68F41FD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B8896F53-9EE0-4692-8D8F-53D2A68F41FD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B8896F53-9EE0-4692-8D8F-53D2A68F41FD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

 

[leejames75]

Decided that enough is enough and have deleted the NFTS partions and reformatted them and reinstalled XP on the infected machines.

Had them up and running and full windows UPDATES including SP2 in under 4 hours.

Reinstalled the other software as well whilst Windows Updates were installed.

Nice clean responsive machines and SPYBOT comes back with a clean scan on both.

Also done defrags in SAFE MODE, they are now very responsive machines.

I guess it is better to reinstall. Plus no members of staff moaning about lack of working machines.

**********************************************************
******************** POST CLOSED **************************
**********************************************************

 

[tashi]

Wow, three pages before a helper responded. :laugh:

"BEFORE you POST" Steps to take Before Requesting Assistance

I guess it is better to reinstall. Plus no members of staff moaning about lack of working machines.

Please see: Personal computers

This topic has been archived.

Good luck.