Options

Smitfraud/HSA

Unknown
edited August 2005 in Spyware & Virus Removal
I've tried the various techniques, but can't seem to get anywhere. I can't get rid of the trojans. I've attached my HT log. Any help would be greatly appreciated. Thanks

Comments

  • Shadow2018Shadow2018 Northwest Missouri
    edited July 2005
    Please copy and paste your log into the reply field.
  • gkoran
    edited July 2005
    I am no longer able to get online. On the screen I get something along the line of 'Warning your computer is infected. No longer able to function in normal mode.Smitfraud yada yada." I also am getting the connection icon that shows I have a slow/bad connection & am not able to acces the internet or email. I was using Security Manager as my Firewall & have deleted it, because I was getting a firewall alert saying my ISP# wasn't able to authenticate. I was on w/ comcast and all the settings seem to be in order. I think now I'm really in trouble. Is there any hope for me?
    Thanks Gordon
  • Shadow2018Shadow2018 Northwest Missouri
    edited July 2005
    Can you boot into safe mode? To access safe mode reboot and tap the F8 button at the start up screen. Select safe mode from the menu.
  • gkoran
    edited July 2005
    Shadow2018 wrote:
    Can you boot into safe mode? To access safe mode reboot and tap the F8 button at the start up screen. Select safe mode from the menu.


    I will try when I get home & let you know tomorrow. If I'm successful should I run all of the spyware cleaning software that I have? I also tried yesterday to clean off some of the problems by checking boxes & deleting files from Hyjack This. So I may have even more problems. Certainly didn't solve the situation.
    Thanks again Gordon
  • gkoran
    edited July 2005
    gkoran wrote:
    I will try when I get home & let you know tomorrow. If I'm successful should I run all of the spyware cleaning software that I have? I also tried yesterday to clean off some of the problems by checking boxes & deleting files from Hyjack This. So I may have even more problems. Certainly didn't solve the situation.
    Thanks again Gordon

    I was able to boot up in safe mode.
    I ran Adaware and MS Antispy. I also ran HT. I will have to find a way to save the log & get it here to post. Any other suggestions in the mean time?
  • Shadow2018Shadow2018 Northwest Missouri
    edited July 2005
    A floppy disk would work well if you have a drive to put it in.

    If safe mode is working ok then print these instructions and take them home (?) with you to your computer. I do not know which variant of smitfraud you have but it is worth a try.

    http://www.short-media.com/forum/showthread.php?t=32218

    You will need the file in step 7 to regain use of your desktop in normal mode. So you will need to find a way to get it.

    If you are using XP, try booting into safe mode with Networking. If this is possible then run this online scan and find a way to post the results from the online scan.

    http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm
  • gkoran
    edited July 2005
    I will certainly give it a shot, thanks.
    Shadow2018 wrote:
    A floppy disk would work well if you have a drive to put it in.

    If safe mode is working ok then print these instructions and take them home (?) with you to your computer. I do not know which variant of smitfraud you have but it is worth a try.

    http://www.short-media.com/forum/showthread.php?t=32218

    You will need the file in step 7 to regain use of your desktop in normal mode. So you will need to find a way to get it.

    If you are using XP, try booting into safe mode with Networking. If this is possible then run this online scan and find a way to post the results from the online scan.

    http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm
  • gkoran
    edited July 2005
    gkoran wrote:
    I will certainly give it a shot, thanks.

    I followed the prescribed procedures. Still not able to get online.
    I have posted my HT log.

    Logfile of HijackThis v1.99.0
    Scan saved at 7:46:11 PM, on 07/27/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
  • Shadow2018Shadow2018 Northwest Missouri
    edited July 2005
    I only see a few running processes here. Do you have the rest of your log?
  • gkoran
    edited July 2005
    Is this any better?
    Logfile of HijackThis v1.99.0
    Scan saved at 7:46:11 PM, on 07/27/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\System32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\GORDON KORAN_2\Desktop\Spy Ware 2\HijackThis.exe

    F2 - REG:system.ini: UserInit=userinit.exe
    N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\GORDON KORAN_2\Application Data\Mozilla\Profiles\default\ov1r4srs.slt\prefs.js)
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\fltmgr.dll
    O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  • Shadow2018Shadow2018 Northwest Missouri
    edited July 2005
    Download LSPFix. Move this to your infected computer and extract the files. Run LSPFix. This could be the reason you can't access the net. Let me know the results.
  • gkoran
    edited July 2005
    Shadow2018 wrote:
    Download LSPFix. Move this to your infected computer and extract the files. Run LSPFix. This could be the reason you can't access the net. Let me know the results.

    I'll give it a shot. If it works, I'll try logging on. It's much easier to work on this from home. Thanks
  • gkoran
    edited August 2005
    gkoran wrote:
    I'll give it a shot. If it works, I'll try logging on. It's much easier to work on this from home. Thanks

    Did more damage than good (rookie you know)
    Anyway, did a system restore, now everything works great.
    Switched to MacAffie firewall.
    Thanks for all of your help shadow2018,
    greaty appreciated. I'lll probably be asking again at some point.
    Cheers Gordon
  • Shadow2018Shadow2018 Northwest Missouri
    edited August 2005
    Odds are that even running system restore you are still infected to some degree. Post a HJT log and we'll make sure you are clean.
Sign In or Register to comment.