Help Removing Smitfraud-C.gp

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by stuffeditup, Apr 29, 2008.

  1. stuffeditup

    stuffeditup Private E-2

    Hi I have run Smitfraud, spybot and adaware, and Hijack this but I still have 3 instances of the Smitfraud-C.gp. This started in google and I do not know what he managed to download before I got home.

    Seriously I need help before he starts using my Laptop and stuffs this up

    Hijack Log
     
    Last edited by a moderator: Apr 29, 2008
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Welcome to Major Geeks!

    Please uninstall HJT as it will be properly installed when you do the following:

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
  3. stuffeditup

    stuffeditup Private E-2

    Well I think I may have done it since running the SAS program and removing the infections then running Spybot the Smitfraud seems to be gone.

    So do I continue running the rest or stop here. Also the MGtools.exe did not download I only recieved a attachment.php.

    One last thing how is he getting these things in his computer. He had a straight Smitfraud a few weeks ago then this one, and he had only visited YouTube, Weatherbom and Adelaide airport the day before he got it.
    We run Spybot, AVG spyware and antivirus, and I have left the SAS antispyware running as well now.

    Thanks in advance
     

    Attached Files:

  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I would suggest that you do the rest of the requested step .....what exactly happened when you downloaded MGTools?

    If you want a clue as to where it is coming from:
    SAS log:
    Known Threat Sources
    C:\Documents and Settings\Terry\Local Settings\Temporary Internet Files\Content.IE5\KTAHAX87\ajax[1].htm
    C:\Documents and Settings\Terry\Local Settings\Temporary Internet Files\Content.IE5\H9SKL4WX\errorhandler[1].htm
     
  5. stuffeditup

    stuffeditup Private E-2

    Ok Tim,
    I had already gone ahead and run the Malawarebytes AntiMalaware, but I stopped before running the CCleaner as I was a bit wary of the 1/100 computers failing.

    Anyway back to the download of MGTools.

    All that downloads is a PHP file.

    attachment.php

    I have included the mbam log which fould a few more spots of trouble and I ran Spybot again. At the moment he can use the Internet and the computer and I will be checking those files are gone when I get home. Also looking at those files does thos mean he still runs IE5 not version 6 as I thought.
    And if all this fails would a complete Harddrive format work, all of our document were backed up last week so it is an easy thing for me to do.
     

    Attached Files:

  6. stuffeditup

    stuffeditup Private E-2

    Add another on, I thought we were clear. ( I still haven't run the Ccleaner yet)
    But we have found that most of the Internet is clear, but when he hits YouTube it all goes to hell again.
    I have upgraded him to IE7
    I also could not find the 2 files??
    C:\Documents and Settings\Terry\Local Settings\Temporary Internet Files\Content.IE5\KTAHAX87\ajax[1].htm
    C:\Documents and Settings\Terry\Local Settings\Temporary Internet Files\Content.IE5\H9SKL4WX\errorhandler[1].htm
     
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You ran MalwareBytes but didn't have it fix anything. It shows you are infected....and without logs or having fixed anything with MWB's I cant advise you on what to do. If you feel it would be no trouble to reformat.....go ahead.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds