Jump to content
Sign in to follow this  
frostmourne

Smitfraud-c Toolbar888

Recommended Posts

Assalamualaikum..

aku scan pc aku spybot:search&destroy dan detect Smitfraud-C Toolbar888..

masalahnya spybot tak dapat delete smitfraud ni..

aku dah guna beberapa lagi software lain untuk delete pon tak leh gak.. antaranya aku dah guna avg anti-spyware(tak detect) dan lavasoft ad-aware se (tak detect)..

aku dah search kat google cara2 nak delete pon tak leh gak+aku tak paham.. so, harap member2 kat putera ni tau cara nak solve..

Share this post


Link to post
Share on other sites

1) matikan system restore

2) download software SmitfraudFix

3) boot ke safe mode kemudian run SmitfraudFix & ikut arahan yang diberikan.

4) cuba scan kembali dengan spybot.

thansk..

cara ni aku dah cuba lepas aku search kat google ari tu.. tapi, smitfraud tu still ada lagi sampai skarang..

Share this post


Link to post
Share on other sites

eNcik ProsMon..baNyaKnye viRus dLm pC kO :lol:

sGt MerBaHaya :wacko:

Share this post


Link to post
Share on other sites

ok.. ni scan hijackthis aku..

harap sape2 bleh tolong k ;)

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 11:23:09 PM, on 5/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\HandyCafe\Client\_hndguard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program Files\HandyCafe\Client\hndclient.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\PROGRA~1\HANDYC~1\Client\hndfw.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\All Users\Documents\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.leeman-automatisering.nl/startpagina

O2 - BHO: (no name) - {0309638F-93F8-44D3-84CF-240EB1AB7F1F} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3C947718-039F-4D20-9A7A-BFC619BA9367} - C:\WINDOWS\system32\vtutq.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - (no file)

O2 - BHO: (no name) - {E496C27C-A366-4D63-BED7-20234E4FAE62} - C:\WINDOWS\system32\fjrcmidx.dll (file missing)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [hndclient] C:\Program Files\HandyCafe\Client\_hndguard.exe -rungrd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\ixgbmqvu.dll",realset

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176046814796

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AE42C88C-3CE9-4E5A-8DA0-1C4FF80A1094}: NameServer = 202.188.0.133,202.188.1.5

O20 - Winlogon Notify: gebcyww - gebcyww.dll (file missing)

O20 - Winlogon Notify: vtutq - C:\WINDOWS\system32\vtutq.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 4623 bytes

Share this post


Link to post
Share on other sites

buat sementare waktu nih,ko fix kan entry2 yang ade missing file ni dulu..

yang lain2,ptg ni..Tp dari ape yg aku tengok sekilas nih, PC ko kene infect ngan trojan vundo..

Untuk solutionnyer, pasni..

O2 - BHO: (no name) - {0309638F-93F8-44D3-84CF-240EB1AB7F1F} - (no file)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - (no file)
O2 - BHO: (no name) - {E496C27C-A366-4D63-BED7-20234E4FAE62} - C:\WINDOWS\system32\fjrcmidx.dll (file missing)
O20 - Winlogon Notify: gebcyww - gebcyww.dll (file missing)

********************************************************************

1. donlod VundoFix dan save ke desktop

2. runkan aplikasi tuh, dan click butang "Scan for Vundo"

3. dah siap scan click butang "Remove Vundo", kat prompt yg kuar, click "YES"

4. pas siap, yer akan shutdown PC.

5. on balik PC dan scan balik gune hijackThis dan paste log baru sini..

Edited by johnburn

Share this post


Link to post
Share on other sites

ok..

aku dah guna vundofix.. banyak gak die detect.. so ni hijackthis terbaru pc aku:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 11:12:35 PM, on 5/16/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\HandyCafe\Client\_hndguard.exe

C:\Program Files\HandyCafe\Client\hndclient.exe

C:\PROGRA~1\HANDYC~1\Client\hndfw.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\msiexec.exe

C:\Documents and Settings\PC 01\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.leeman-automatisering.nl/startpagina

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C53CDEF-6D0F-4CEB-9BD6-D9428A0BA344} - (no file)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [hndclient] C:\Program Files\HandyCafe\Client\_hndguard.exe -rungrd

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176046814796

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AE42C88C-3CE9-4E5A-8DA0-1C4FF80A1094}: NameServer = 202.188.0.133,202.188.1.5

O20 - Winlogon Notify: vtutq - C:\WINDOWS\system32\vtutq.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 4387 bytes

Share this post


Link to post
Share on other sites

Vundo tuh da ilang cume entri registri nyer ade lg..

Care nak fix:

1. Jalankan hijackThis dan scan

2. Tandakan kotak entri-entri berikut:

O2 - BHO: (no name) - {5C53CDEF-6D0F-4CEB-9BD6-D9428A0BA344} - (no file)
O20 - Winlogon Notify: vtutq - C:\WINDOWS\system32\vtutq.dll (file missing)
3. Tekan butang "Fix checked" Satu lg entri yg aku rase patut di fixkan adelah
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Nih merupakan file Realtek AC97 Audio, tp leh dianggap spyware gak lar.. So, depend kat ko ler nak fix tak..

Share this post


Link to post
Share on other sites

Vundo tuh da ilang cume entri registri nyer ade lg..

Care nak fix:

1. Jalankan hijackThis dan scan

2. Tandakan kotak entri-entri berikut:

O2 - BHO: (no name) - {5C53CDEF-6D0F-4CEB-9BD6-D9428A0BA344} - (no file)
O20 - Winlogon Notify: vtutq - C:\WINDOWS\system32\vtutq.dll (file missing)
3. Tekan butang "Fix checked" Satu lg entri yg aku rase patut di fixkan adelah
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Nih merupakan file Realtek AC97 Audio, tp leh dianggap spyware gak lar.. So, depend kat ko ler nak fix tak..

ok.. aku dah buat sume yang ko suruh tu.. cuma yang ALCMTR.EXE tu je yang aku tak buang.. tapi, kalau buang, sound ada ke tak..? kang aku buang saje je tak bunyi.. satu lagi, ALCMTR.EXE tu ada kat startup, bleh tak aku buang dan ada apa2 effect tak..?

pasal masalah spyware tu, lepas aku buat sume cara yang ko kasi kat atas ni, aku scan balik guna spybot : search & destroy tapi still detect lagi Smitfraud-C Toolbar888.. camne yek nak buat..?

Share this post


Link to post
Share on other sites

ok.. aku dah buat sume yang ko suruh tu.. cuma yang ALCMTR.EXE tu je yang aku tak buang.. tapi, kalau buang, sound ada ke tak..? kang aku buang saje je tak bunyi.. satu lagi, ALCMTR.EXE tu ada kat startup, bleh tak aku buang dan ada apa2 effect tak..?

pasal masalah spyware tu, lepas aku buat sume cara yang ko kasi kat atas ni, aku scan balik guna spybot : search & destroy tapi still detect lagi Smitfraud-C Toolbar888.. camne yek nak buat..?

Pasal Smitfraud-C Toolbar888 tuh mungkin false positive spybot s&d..

Sbb dulu penah gak berlaku bende nih..

Rujuk sini..

Tp, jike ko still rase PC ko masih diinfect dan seperti post mule2 ko yg ko kate dah pakai SmitfraudFix tuh, pe kate ko pakai balik s/w tuh dan paste lognye sini untuk kepastian..

Edited by johnburn

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...