Zlob aka SmitFraud - 17pholmes.exe

Hello, My Desktop got hit by one or more trojan horses in the past few days. It started with "17pholmes.exe". Initially, both my desktop & task bar disappeared. My AVG Free Edition Anti Virus found "17pholmes.exe" & quarantined it. Spybot found some other thinks before finding SmitFraud on my most recent scan.

The only way I could open any programs is using Windows Task Manager Run command. Until I openned My Computer the desktop & the Task bar keep disappearing. My Computer is open in the background. I just closed both My Computer & Explorer & the desktop icons are still there.

I have taken the first step to run Rapport.txt. I do see "!!!Attention, following keys are not inevitable infected!!!". Can this be true?

As soon as I attach the rapport.txt file I will go do the 2nd step.
Thanks,
Willy

 

Thanks Tim. I printed out the read & run me first. I need to finish doing some of that is listed. I just attached the new rapport.txt to this thread.

since running step 2 my desktop is back to normal. I am still getting a message on startup that the Task Scheduler did not run. I need to read how to get it activated.

Willy

 

I have attached:
SASLog-03-10-2008-21-15-11.txt (13.3 KB)
ComboFix.txt (6.0 KB)
MGlogs.zip (57.4 KB

Thanks for the assistance,

Willy

 

Tim, to my knowledge I did not intentially stop Combofix or MGLogs.zip.
I followed your outline below. It may be possible that I missed the HJT instructions the first time around. I did not look for it now. I can see if there was something about the HJT that I overlooked. May not be able to do that tonight.
Thanks for the help, Willy

 

i'm on a webinar so will run it later. I ran spybot this morning & it did not find anything.
thanks,
willy