Options

Smitfraud.c HELP PLEASE

Unknown
edited December 2005 in Spyware & Virus Removal
:( Hi...As I was on the internet the other day I was infected with a virus/spyware....The name of the spyware/virus was named smitfraud.c. A program named Spyaxe pops-up with a message reading Your Computer is Infected!. I noticed also that I have NO audio sound for my computer now. I tried the procedure that someone had suggested within your threads of help. The thread title read: "Trojan-Spy.HTML.Smitfraud.c Removal Guide-Updated. When I went through the progression of using adware and ewido a message appeared at the end of the scan reading:"The File "C:\Documents and Settings\McIntosh/Application\Data\Sun\Java\Deployment\cache\javapi\v1.0\Jar-1199off7-773f8061.zip/Gummy.class" cannot be removed because it is embedded in the archive "C:\Documents and Settings\McIntosh\Application Data\Sun\Deployment\cache\javapi\v1.0\Jar-1199off7-773f8061.zip".

If someone could please advise on how to clean this mess up it would be much appreciated. If you have any suggestions email me at j-mac_999@hotmail.com. Thank You.

Comments

  • TroganTrogan London, UK
    edited December 2005
    Please post a HJT log :)
  • J-MaC_999
    edited December 2005
    HI....Manchester.... I am not familair with an HJT log... Please inform me what that is please
  • TroganTrogan London, UK
    edited December 2005
    Download HijackThis (HJT) from the link below

    http://www.short-media.com/download.php?dc=69

    Create a log and post it here.

    ==
    HJT creates a log, that shows us what BAD things are on your computer. :)
  • J-MaC_999
    edited December 2005
    This is my report from the HJT
  • TroganTrogan London, UK
    edited December 2005
    Hi, please post your log into the message next time and not as an attachment :)
    --

    Please move HJT to its own folder on your C: so backups can be created. Do this before continuing.
    --

    Check the following in HJT and click 'Fix Checked'

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.passport.net/reg.srf?xpwiz=true&lc=1033&langid=1033

    R3 - Default URLSearchHook is missing

    O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hp482A.tmp (file missing)

    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    --

    Reboot your computer and post a new HJT log :)
    --


    You are missing one important program on your computer: An antivirus.
    You need to install an Anti-Virus program as soon as you can and run a complete scan of the computer.
    I suggest one of these (both have relatively small demands on the computer):

    Nod32 : http://www.nod32.com/home/home.htm
    or
    AVG Anti-Virus (Free version available) http://free.grisoft.com/doc/1

    Choose one, instal it, and then run a full scan. Let it quarantine/delete anything it finds.


    Do you have an active Firewall?
Sign In or Register to comment.