I need to remove Security Toolbar 7.1 , Smitfraud.C,zlob.downloadr.roid, media plex

I need to get rid of Security Toolbar 7.1 , Smitfraud.C 2 entries, zlob.downloadr.roid 2 entries , and Media Plex.
The securtiy toolbar is obviously on my toolbar.
Smitfraud.C 2 entries, zlob.downloadr.roid 2 entries , and Media Plex are all picked up by spybot.

I have gone throught the read me first several times not and no removal. This started last night with the toolbar so I immediately came here to Majorgeeks.

PS I don't know how to attach my file from read me first.

 

Re: I need to remove Security Toolbar 7.1 , Smitfraud.C,zlob.downloadr.roid, media pl

Hi SeaFairy2005,
Welcome to Major Geeks!

If this started last night, you may be able to go back to an earlier restore point which hasn't been infected. Go to Start / All Programs / Accessories / System Tools / System Restore and click on Restore my Computer to an Earlier Time and then click on next. Choose a highlighted date which preceeds the problems that got started and allow it to go through the process of system restore which will cause it to reboot. See if this helps. If this doesn't help, you can return to where you are now by going to System Restore again and clicking on Undo My Last Restore.

After you try this, please go ahead and run through the instructions in the READ & RUN ME FIRST and attach the requested logs.

abri

 

Re: I need to remove Security Toolbar 7.1 , Smitfraud.C,zlob.downloadr.roid, media pl

Thank you abri.
I have gone throught the read me first several times now and no removal.
I did the system restore and toggle and nothing.
PS I don't know how to attach my file from read me first.

 

Re: I need to remove Security Toolbar 7.1 , Smitfraud.C,zlob.downloadr.roid, media pl

Hi SeaFairy2005,
If you have gone through the READ & RUN ME several times, then you will have no trouble posting the requested logs which for you will be Combofix, MGlogs.zip and possibly AVG Antispyware.
Thanks.
abri

 

Re: I need to remove Security Toolbar 7.1 , Smitfraud.C,zlob.downloadr.roid, media pl

Okay I can't find the AVG. I will uplaod it in a few minutes when I find it. Thank you!

 

Re: I need to remove Security Toolbar 7.1 , Smitfraud.C,zlob.downloadr.roid, media pl

I couldn't find the AVG fIle. I tried to go back to read me firdt and saw there was a new SUPER Antispyware so I downloaded it. Ran it and uplaoded the file.
Is this all you need?

 

Re: I need to remove Security Toolbar 7.1 , Smitfraud.C,zlob.downloadr.roid, media pl

Hi SeaFairy2005,

What is C:\wsetup? The following instructions are based on the assumption that you have Windows XP. Since you don't have C:\WINDOWS, please tell me if there is anything different or unusual about your computer.

First disable your guest account if this has not already been done.

Then I would like you to do the following:

1) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

2) Install the current version of Sun Java from: Sun Java Runtime Environment

3) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O22 - SharedTaskScheduler: epistylar - {917f93bf-6714-4e11-8982-59db2e0f88fc} - C:\WSETUP\system32\eeioq.dll

After you click fix, just close hijackthis.


4) Download and install Erunt. Use it to create a backup of your registry.

5) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

6) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

7) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


8) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

Re: I need to remove Security Toolbar 7.1 , Smitfraud.C,zlob.downloadr.roid, media pl

I have no idea what C:\wsetup is. Sorry I am new at this stuff.
For some reason the SUPER Antispyware WORKED and everything is working now!!!!!!!!Sorry for not posting this sooner, I was gone. You are so wonderful for helping me out. Thank you!

 

Re: I need to remove Security Toolbar 7.1 , Smitfraud.C,zlob.downloadr.roid, media pl

Hi SeaFairy,
I'm glad this helped. I would like to check your logs to make sure the files you removed really are gone. Please run GetLogs.bat in the MGTools folder under C:\ by doubleclicking on it. It will produce the MGlogs.zip which can be found as a file directly under C:\ just above the superman icon. Also, please post the Avenger log which is called Avenger.txt. There should be one. Also, if there's a log from SAS, I would like to see that too.

After I've been able to confirm that your computer logs are clean, I will have you do the final cleanup instructions which will involve getting rid of the tools and logs you put on your computer during this thread and also setting a clean restore point.

Thanks.
abri

 

Re: I need to remove Security Toolbar 7.1 , Smitfraud.C,zlob.downloadr.roid, media pl

I went through and deleted MGTools and all that stuff! I did not know I should keep it. I feel so stupid right now.
Should I download MGTools and run it to get the files? I am sorry for all the trouble you are going through to help me and then I delete the info.!

 

Re: I need to remove Security Toolbar 7.1 , Smitfraud.C,zlob.downloadr.roid, media pl

Hi SeaFairy,
You're doing fine. We just like to check the work. Downloading the MGTools in the READ & RUN ME FIRST would be easy enough to do. Just scroll down to the bottom of the page and click on the link that is for your operating system. On the page that opens up, look for the link for MGTools.exe and follow the instructions as before. Attach the MGlogs.zip and then I can check everything to make sure nothing as crept in unawares.
Thanks.
abri