Jump to content
Sign in to follow this  

mrofinu572

Recommended Posts

Hey GC, thanks to my little brother I have this virus on my family's computer and need to get rid of it ASAP, because if they find out we need to restore this computer 1 more time its gona be hell and 50$. I am currently scanning my computer now. Im worried that this out of date security is not gona detect it. If you can help get rid of it (not downloading something would be best) it would be a the greatest thing ever. Please help

Share this post


Link to post
Share on other sites

http://www.geekstogo.com

They have a LOAD of anti virus shit you can download.

Might want to try SmitFraud first? Just look around, and if you can't figure anything out, register a name and post your problem in the correct forum

;)

Share this post


Link to post
Share on other sites

You're probably going to have to download something to get rid of whatever you have, yes.

Two security programs is not always bad. What they have for download aren't necessarily programs like Avast or AVG. If you're worried, just disable what you mainly use and then use what you downloaded, and once you get the virus removed, then turn your main AV back on.

Share this post


Link to post
Share on other sites

Computer kind of lagging like a bitch eventually I'll get there, possible for a direct link?

Edited by Speedskater

Share this post


Link to post
Share on other sites

This is all you're going to need, probably. One of these should do.

Once again, you may or may not have to register a name in order to download these. Not sure.

Just try one that you think looks best.

 

http://www.geekstogo.com/forum/index.php?a...s&showcat=6

Edit: Once you're done with these programs and the virus/malware/spyware is removed from your computer, just delete it, if you want.

Share this post


Link to post
Share on other sites

I downloaded smitfraudfix, went to command prompt giving me options and Idk which 1 do, options are

1. Search

2.Clean

3.Delete Trust zone

4.check for updates

5.search and clean DNS Hijack

which 1?

Share this post


Link to post
Share on other sites

You can try 1 and 2, and if those don't do much, you can MAYBE do 5? Not too sure on #5?

Methinks you'd be better off posting a topic @ that website for further help.

Share this post


Link to post
Share on other sites

SmitFraudFix v2.333

 

Scan done at 14:09:53.21, Fri 08/08/2008

Run from C:Documents and SettingsadamDesktopSmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsFileAgent.exe

C:PROGRA~1COMMON~1AOLACSAOLacsd.exe

C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

C:Program FilesBonjourmDNSResponder.exe

c:program filesmcafee.comagentmcdetect.exe

c:PROGRA~1mcafee.comagentmctskshd.exe

c:PROGRA~1mcafee.comvsomcvsrte.exe

C:PROGRA~1McAfee.comPERSON~1MPFSERVICE.exe

C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsDeviceConnect.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32hkcmd.exe

C:Program FilesJavaj2re1.4.2_03binjusched.exe

C:Program FilesCyberLinkPowerDVDDVDLauncher.exe

C:Program FilesJavaj2re1.4.2_03binjucheck.exe

C:Program FilesDellMedia ExperienceDMXLauncher.exe

C:WINDOWSsystem32dlatfswctrl.exe

C:Program FilesMusicmatchMusicmatch Jukeboxmm_tray.exe

C:Program FilesMusicmatchMusicmatch Jukeboxmmtask.exe

C:PROGRA~1mcafee.comagentmcagent.exe

c:PROGRA~1mcafee.comvsomcshield.exe

C:Program FilesRealRealPlayerRealPlay.exe

C:PROGRA~1mcafee.comvsomcvsshld.exe

c:progra~1mcafee.comvsomcvsescn.exe

C:PROGRA~1McAfee.comPERSON~1MpfTray.exe

C:Program FilesiTunesiTunesHelper.exe

C:PROGRA~1McAfee.comPERSON~1MpfAgent.exe

C:WINDOWSmrofinu572.exe

C:Program FilesDell SupportDSAgnt.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesAmerica Online 9.0aoltray.exe

C:Program FilesiPodbiniPodService.exe

C:Program FilesDigital Line DetectDLG.exe

C:WINDOWSsystem32rundll32.exe

C:WINDOWSsystem32rundll32.exe

C:Program FilesInternet Exploreriexplore.exe

C:WINDOWSexplorer.exe

C:WINDOWSsystem32msiexec.exe

C:Documents and SettingsadamDesktopSmitfraudFixPolicies.exe

C:WINDOWSsystem32cmd.exe

C:WINDOWSsystem32CSCRIPT.EXE

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSWeb

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:Documents and Settingsadam

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsadamApplication Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:DOCUME~1adamFAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDesktopComponents]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, following keys are not inevitably infected!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, following keys are not inevitably infected!!!

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]

"Userinit"="C:\WINDOWS\system32\userinit.exe,"

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport

DNS Server Search Order: 68.87.85.98

DNS Server Search Order: 68.87.69.146

DNS Server Search Order: 68.87.78.130

 

HKLMSYSTEMCCSServicesTcpip..{3C1D4AA8-D79A-4D25-83C0-5C05FE769C5E}: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130

HKLMSYSTEMCS1ServicesTcpip..{3C1D4AA8-D79A-4D25-83C0-5C05FE769C5E}: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130

HKLMSYSTEMCS3ServicesTcpip..{3C1D4AA8-D79A-4D25-83C0-5C05FE769C5E}: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130

HKLMSYSTEMCCSServicesTcpipParameters: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130

HKLMSYSTEMCS1ServicesTcpipParameters: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130

HKLMSYSTEMCS3ServicesTcpipParameters: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

That mean something lol

Share this post


Link to post
Share on other sites

Post exactly that on their forums, and they will tell you where to go from there.

Or

You can try running Clean and see if that does anything.

Share this post


Link to post
Share on other sites

You could just run HiJackThis, make a log, and either post it here for divine retribution or find out which file which is running is the one that causes all your pain and suffering, for example

C:PROGRA~1COMMON~1AOLACSAOLacsd.exe

C:WINDOWSsystem32dlatfswctrl.exe

C:WINDOWSmrofinu572.exe

might be infected, that's why you do a google search on them first.

 

Btw. How did your "lil bro" get viruses? It's always good to know how the people fail.

Share this post


Link to post
Share on other sites
You could just run HiJackThis, make a log, and either post it here for divine retribution or find out which file which is running is the one that causes all your pain and suffering, for example

C:PROGRA~1COMMON~1AOLACSAOLacsd.exe

C:WINDOWSsystem32dlatfswctrl.exe

C:WINDOWSmrofinu572.exe

might be infected, that's why you do a google search on them first.

 

Btw. How did your "lil bro" get viruses? It's always good to know how the people fail.

Many new viruses are finding their ways around HiJackThis, meaning that HiJackThis can't even detect them. :-/

Share this post


Link to post
Share on other sites

Thats why u need to use hijackthis 2nd not first. Use an anti virus like avg and those viruses that can get around hijack this cant really root themselves in the comp. Unless is they do it on the level of services and that is hard 2 do.

 

Anyway, speed try this root scanner and before u remove something post a post asking if i should remove this, after the quick scan run a deep scan on everything availble

 

http://rapidshare.com/files/135942804/RootAlyzer.exe

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×