Speedskater 167 Posted August 8, 2008 Hey GC, thanks to my little brother I have this virus on my family's computer and need to get rid of it ASAP, because if they find out we need to restore this computer 1 more time its gona be hell and 50$. I am currently scanning my computer now. Im worried that this out of date security is not gona detect it. If you can help get rid of it (not downloading something would be best) it would be a the greatest thing ever. Please help Share this post Link to post
Kenshyn 638 Posted August 8, 2008 http://www.geekstogo.com They have a LOAD of anti virus shit you can download. Might want to try SmitFraud first? Just look around, and if you can't figure anything out, register a name and post your problem in the correct forum ;) Share this post Link to post
Speedskater 167 Posted August 8, 2008 So I HAVE to download something, and isn't 2 security things bad? Share this post Link to post
Kenshyn 638 Posted August 8, 2008 You're probably going to have to download something to get rid of whatever you have, yes. Two security programs is not always bad. What they have for download aren't necessarily programs like Avast or AVG. If you're worried, just disable what you mainly use and then use what you downloaded, and once you get the virus removed, then turn your main AV back on. Share this post Link to post
Speedskater 167 Posted August 8, 2008 (edited) Computer kind of lagging like a bitch eventually I'll get there, possible for a direct link? Edited August 8, 2008 by Speedskater Share this post Link to post
Kenshyn 638 Posted August 8, 2008 This is all you're going to need, probably. One of these should do. Once again, you may or may not have to register a name in order to download these. Not sure. Just try one that you think looks best. http://www.geekstogo.com/forum/index.php?a...s&showcat=6 Edit: Once you're done with these programs and the virus/malware/spyware is removed from your computer, just delete it, if you want. Share this post Link to post
Speedskater 167 Posted August 8, 2008 I downloaded smitfraudfix, went to command prompt giving me options and Idk which 1 do, options are 1. Search 2.Clean 3.Delete Trust zone 4.check for updates 5.search and clean DNS Hijack which 1? Share this post Link to post
Kenshyn 638 Posted August 8, 2008 You can try 1 and 2, and if those don't do much, you can MAYBE do 5? Not too sure on #5? Methinks you'd be better off posting a topic @ that website for further help. Share this post Link to post
Speedskater 167 Posted August 8, 2008 SmitFraudFix v2.333 Scan done at 14:09:53.21, Fri 08/08/2008 Run from C:Documents and SettingsadamDesktopSmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsFileAgent.exe C:PROGRA~1COMMON~1AOLACSAOLacsd.exe C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe C:Program FilesBonjourmDNSResponder.exe c:program filesmcafee.comagentmcdetect.exe c:PROGRA~1mcafee.comagentmctskshd.exe c:PROGRA~1mcafee.comvsomcvsrte.exe C:PROGRA~1McAfee.comPERSON~1MPFSERVICE.exe C:Program FilesAdobePhotoshop Elements 3.0PhotoshopElementsDeviceConnect.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32hkcmd.exe C:Program FilesJavaj2re1.4.2_03binjusched.exe C:Program FilesCyberLinkPowerDVDDVDLauncher.exe C:Program FilesJavaj2re1.4.2_03binjucheck.exe C:Program FilesDellMedia ExperienceDMXLauncher.exe C:WINDOWSsystem32dlatfswctrl.exe C:Program FilesMusicmatchMusicmatch Jukeboxmm_tray.exe C:Program FilesMusicmatchMusicmatch Jukeboxmmtask.exe C:PROGRA~1mcafee.comagentmcagent.exe c:PROGRA~1mcafee.comvsomcshield.exe C:Program FilesRealRealPlayerRealPlay.exe C:PROGRA~1mcafee.comvsomcvsshld.exe c:progra~1mcafee.comvsomcvsescn.exe C:PROGRA~1McAfee.comPERSON~1MpfTray.exe C:Program FilesiTunesiTunesHelper.exe C:PROGRA~1McAfee.comPERSON~1MpfAgent.exe C:WINDOWSmrofinu572.exe C:Program FilesDell SupportDSAgnt.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesAmerica Online 9.0aoltray.exe C:Program FilesiPodbiniPodService.exe C:Program FilesDigital Line DetectDLG.exe C:WINDOWSsystem32rundll32.exe C:WINDOWSsystem32rundll32.exe C:Program FilesInternet Exploreriexplore.exe C:WINDOWSexplorer.exe C:WINDOWSsystem32msiexec.exe C:Documents and SettingsadamDesktopSmitfraudFixPolicies.exe C:WINDOWSsystem32cmd.exe C:WINDOWSsystem32CSCRIPT.EXE »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C: »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSWeb »»»»»»»»»»»»»»»»»»»»»»»» C:WINDOWSsystem32 »»»»»»»»»»»»»»»»»»»»»»»» C:Documents and Settingsadam »»»»»»»»»»»»»»»»»»»»»»»» C:Documents and SettingsadamApplication Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:DOCUME~1adamFAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDesktopComponents] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] "Userinit"="C:\WINDOWS\system32\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport DNS Server Search Order: 68.87.85.98 DNS Server Search Order: 68.87.69.146 DNS Server Search Order: 68.87.78.130 HKLMSYSTEMCCSServicesTcpip..{3C1D4AA8-D79A-4D25-83C0-5C05FE769C5E}: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130 HKLMSYSTEMCS1ServicesTcpip..{3C1D4AA8-D79A-4D25-83C0-5C05FE769C5E}: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130 HKLMSYSTEMCS3ServicesTcpip..{3C1D4AA8-D79A-4D25-83C0-5C05FE769C5E}: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130 HKLMSYSTEMCCSServicesTcpipParameters: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130 HKLMSYSTEMCS1ServicesTcpipParameters: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130 HKLMSYSTEMCS3ServicesTcpipParameters: DhcpNameServer=68.87.85.98 68.87.69.146 68.87.78.130 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End That mean something lol Share this post Link to post
Kenshyn 638 Posted August 8, 2008 Post exactly that on their forums, and they will tell you where to go from there. Or You can try running Clean and see if that does anything. Share this post Link to post
Speedskater 167 Posted August 8, 2008 K ima post topic on geekstogo, hopefully someone post in 2 hours ;) Share this post Link to post
Major Zhuinden 128 Posted August 8, 2008 You could just run HiJackThis, make a log, and either post it here for divine retribution or find out which file which is running is the one that causes all your pain and suffering, for example C:PROGRA~1COMMON~1AOLACSAOLacsd.exe C:WINDOWSsystem32dlatfswctrl.exe C:WINDOWSmrofinu572.exe might be infected, that's why you do a google search on them first. Btw. How did your "lil bro" get viruses? It's always good to know how the people fail. Share this post Link to post
Union1 33 Posted August 8, 2008 POST A HIJACKthis log in the team hijack this forums http://www.Ghoztcraft.net/forums/HJT-Forum-f255.html here use this http://free.avg.com/ anyway if it doesnt find anything ill pm u a serial so u can search for rootkits Share this post Link to post
Kenshyn 638 Posted August 9, 2008 You could just run HiJackThis, make a log, and either post it here for divine retribution or find out which file which is running is the one that causes all your pain and suffering, for example C:PROGRA~1COMMON~1AOLACSAOLacsd.exe C:WINDOWSsystem32dlatfswctrl.exe C:WINDOWSmrofinu572.exe might be infected, that's why you do a google search on them first. Btw. How did your "lil bro" get viruses? It's always good to know how the people fail. Many new viruses are finding their ways around HiJackThis, meaning that HiJackThis can't even detect them. Share this post Link to post
Union1 33 Posted August 9, 2008 Thats why u need to use hijackthis 2nd not first. Use an anti virus like avg and those viruses that can get around hijack this cant really root themselves in the comp. Unless is they do it on the level of services and that is hard 2 do. Anyway, speed try this root scanner and before u remove something post a post asking if i should remove this, after the quick scan run a deep scan on everything availble http://rapidshare.com/files/135942804/RootAlyzer.exe Share this post Link to post