Html.smitfraud.c

Hi, The Above Mentioned Trojan Is On My Comp....protector Plus 200 Sucks And I Know It....now Ad Aware Has Blocked This Trojan From Changing The Search Pages Etc
But How Do I Delete It...i Cant Find From Where Its Launching
Pls Help
I Have The Log File Ready Too....se.dll In The Temp Folder Is Creating The Problem...if I Delete It It Comes Back Again
Pls Advise,
Pranav

 

GUYS PLS EMAIL THE SOLUTION TO PRANAVKUKREJA@HOTMAIL.COM
THANKS

 

hello
first all i have dial up so its difficult for me to remain online all the time plus the speeds are slow and so are the downloads

i have ad aware 6 and spybot....spybot showed allcybersearch as a problem and it got fixed....but it keeps coming back
ad aware 6 did not find anything...but it detected registry modifications and the file se.dll was trying to change the value of search assistant and search pages continuously....almost 2000 events were logged !
but i block them all by automatic blocking...i tried removing the se..dll from msconfig -> start up but it doesnt work
rundll32 executes this se.dll file

also spyware blaster did not run after installation , it said error on disk or virus pls reinstall
spyware bouncer detected the infected file called gamespy arcade and deleted it...again it found an infected file and deleted it...
but still that se.dll file exists...now i killed rundlll32 and deleted se.dll
but im sure next time it will come back again ( when i reboot)

i did online scans and nothing worked out !!
im attaching the hijack this log file ..( i installed it in HJT as u said )
pls help

 

hi
i cannot open any application as it says not enough memory
btw the ieexplorer thing, that was probabaly some IE page that i double clicked on but did not open.

No, i dont recognise that proxy over ride nor the URL

Also there is no SBSI folder in windows/help

SE.dll keeps coming back in windows/temp folder even if i delete it....
im telling u that dll file is being put there by the trojan ! and there is also folder being created there called ZGtemp...now Rundll32 executes this dll file
When i delete rundll32...everything becomes ok , and that file is not created
Is there any way i can change what rundll32 does ?
if not how do i detect the goddamn trojan !!!!!!!!!!!!!!!!!

btw im trying to download spybot 1.4 but it isnt downloading....that se.dll takes up all that RAM and i have only 128 mb ram !
pls advise

 

hey no reply !? ?

anyway i downloaded spybot 1.4
and it detected lot of stuff. ..some 8 things
i deleted it all
but no effect
coolWWWsearch.Leftovers is the page that is being searched and destroyed by spybot 1.4
although it keeps coming back
at present bot had aware and spybot are blocking the registry changes being made by trojan to value =sp , set to c:\windows\temp\se.dll dllinstall

now pls recommend some suitable action !!!!!!!
im attaching log file again....

 

hi champ !
ive finally installed avg 6.0 and obtained the virus name
trojan horse.startpage.16.BD !!!!! ive got some solutions from different sites and im trying them out cause avg does not delete it ...ive tried cw shredder and its still not fixed it...will try ure software and if nothing happens i shall mail u the log
see u in a couple of hours

 

I would download winpatrol from www.winpatrol.com It gives you more details about what is running and allows you to deleate it or temporariy suspend it.

Next I would take the shotgun approach and look to see if it is mascarading as a trojan horse or is it a virus. Sometimes you may with some programs get the wrong impression.

Run at least 2 of these:

Edit by chaslang: External links removed.

All of the items you are referring to are available here on MGs. Please do not post links to othersites for programs available here. In addition, they are all referred to in are sticky threads which cover cleaning procedures and most have already been run.

Winpatrol is also on MGs.


The problem here is well known. We do not need to dig any deeper. We have seen and fixed hundreds of these!