I think I have a trojan.

I have followed the instructions and completed the scans in the "Read and run me first" thread.
I think I may be infected with SmitFraud.

I have been getting lots of error messages and I thought it was because I was running Windows Millenium.

I couldnt download a Firewall or Antivirus (everything I downloaded after I reinstalled the OS was corrupt), Internet Explorer kept closing and when I try to open"Help" I get an error message. If I try to open System Information I get an error message also.

I have disabled 2 items in "Startup":-

Rundll32.exe powrprof.dll, LoadCurrentPwerScheme

Mstask

Things seem to be working better. I am not getting as many error messages and Internet Explorer is staying open.
I managed to download and install BitDefender 9 ProfessionalPlus last night and it was working fine, (but when I started the PC this morning it keeps disabling).
I have also been able to download the scans etc.

I have run the following and added some of the logs.
CounterSpy (I had to run this last because it wouldnt respond when I tried earlier).
BitDefender
PandaActiveScan
GetRunKey
ShowNew.

I have also tried to run SmitRem after reading the "ShowNew" Logfile.
It wouldnt run properly but I think this is because it isnt compatible with ME.

The ShowNew Log says this: "Locating all files created in C:\WINDOWS\System\Components within the last 90 days.
This folder is now being used by Trojan.FakeAlert.CX aka SmitFraud No matches found"

I have enabled the startup items for the Hijackthis Log, but the only entries I dont understand are the 2 at the top. Should I attach this too?

I would appreciate any help to get my PC running properly again.

Thanks Kath.

 

Thanks for the quick reply.
I will post the other logs now.
Regards Kath.

 

I have just tried to send another Logfile. IE closed with an error message so in case you didnt receive it I will send it again.
It is the Logfile from SmitRem which I thought didnt run properly but I found this whilst locating the other ones I sent.
It looks like it may have removed something!
Fingers crossed.
Kath.

 

I have attached the RunKey.txt Log to this post.
Do you think it might be the pc at fault rather than a virus?
Do you know of any other reason why I cant download an antivirus without it being corrupt?
Kath.

 

Hi again
I have downloaded Firefox and it seemed to work fine for a while.

I uninstalled the BitDefender AV as it wasnt working properly (kept disabling by itself) and downloaded DefenderPro firewall and Antivirus (2 seperate programs).

When I tried to install them an error message said that they were corrupt and it may be possible to bypass the check using the /NCRC command.

I did this and they worked fine for a while, then when I started the PC again an error message appeared saying that the files were corrupt.

Now when I try to start the firewall or the AV I get a message saying that the License key has expired or the file is corrupt.

I currently have no working firewall or AV but have kept CounterSpy after installing it for the first lot of scans.

Help! What am I doing wrong?

Any help would be greatly appreciated.

Thanks Kath.

 

Hi
Many thanks for all your help.

I have attached a newHJT log and a RunKeys log, but unfortunately I couldnt get the Sophos Anti-rootkit scan to work.

I wasnt sure if it was corrupt so I downloaded it a second time to try again but it didnt make any difference.

I went to the file it was in and clicked on the Sargui.exe file as I presumed this was the one which would open it all.

I kept getting this error message "The SAR2.DLL file is linked to missing export kERNEL32.DLL: Verify version info W".

I havent a clue what this means.

Is the Sophos scan compatible with ME?

The AV and firewall were a trial. I didnt even need a key after I downloaded them and the trial hadnt run out.

I now have another working firewall installed (McAfee) but the virus scan (which is part of it) wont work.

I am not sure where to go from here.

Any more suggestions?

Kath.

 

Whoops! I got so carried away with writing I forgot to add the logfiles.
Here they are.
Sorry!
By the way, why is the logfile for HJT still called hijackthis if I have renamed it to analyse.exe?
Kath.

 

Hi
The Mcafee firewall is a trial.

I will follow your suggestions and hope it helps.

If things dont improve and I decide to reinstall the OS will this get rid of any malware if its there?


As I have only just reinstalled it there isnt anything on the PC that I need to keep.

Many thanks for all your help.

Regards Kath.

 

Yes its an original.
I also have an original windows 98 cd as I upgraded from that.
I wish I hadnt bothered now.
Do you think windows 98 is better than ME?
I know that its very old now but this laptop wont take XP.
I have tried to use my brothers original XP cd with SP2 on it but when I did the system requirements test it said there were a couple of things it needed though I cant remember what now.
You mentioned an Fdisk,format. Are these the same thing?
I have formatted an hard drive once!
Not sure if I have the confidence to do it again though.
Kath.

 

Hi
The more I think about it the more I realise that it might be the ME disk that is at fault.

When I was installing it I got a couple of error messages but closed the error message box and the installation resumed.

Is there any way to check if the disk is ok?

Do you think maybe something didnt install properly and if so is there anyway to put this right?

Regards Kath.

 

Okay, will do.

Many thanks for your help.

Regards Kath.