Infected with Smitfraud and Vundo

Discussion in 'Malware Help (A Specialist Will Reply)' started by avscannow, Jan 23, 2008.

Thread Status:
Not open for further replies.
  1. avscannow

    avscannow Private E-2

    Hi please help! I accidentally left my computer on when I went on vacation for 3 weeks and when I came back I had all these pop-ups and pop up warnings of spyware and viruses. I reset my computer and it got worse. I've been reading up on the forums here and think I'm infected with the vundo virus but upon further inspection I think I've got the smitfraud infection as well. I followed the first section and tried to clean up as much as I could, ran the vundo remove program but still no luck. Also noticed the Privacy tab on the Internet Explorer Settings keep going back to the Accept All Cookies setting everytime I close out IE Explorer and re open it, it sets itself back to that setting.
    Here are 4 of my logs from HiJackThis,VundoFix,Virtuvundo Be Gone, and Registry Mecahnic. I couldn't find the CCleaner logs. Please let me know if you need anything else. Thanks:


    Edit: removed logs for guide below to be run
     
    Last edited by a moderator: Jan 23, 2008
    avscannow, Jan 23, 2008
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Welcome to Majorgeeks!

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide

    So logs that you will get to attach are:

    MGlogs.zip (which has 5 logs inside it, including Hijackthis, just attach the whole Zip )
    AVG log. ( Which is the report scan txt file )
    Combofix logs.

    http://img117.imageshack.us/img117/829/60272555mm4.jpg

    plus a guide on how to attach the logs HOW TO: Attach Items To Your Post
     
    DavidGP, Jan 23, 2008
    #2
  3. avscannow

    avscannow Private E-2

    Sorry about that. I ran into a few issues trying to follow the steps. I was able to run the combofix program and got the log file but I'm having issues with Spybot, AVG and MGtools.
    First the Spybot program. I'm following the install instructions but I can only go to the point where it says install, I click it and I keep getting an error message saying: 'Error Sending Request. The server name or address could not be resolved.' It's having issues with a file called: 'updallocator.php (1of1)' and says, status: Resolving www.safer-networking.org

    In addition to having issues installing the Spybot program, I've been having update issues with the AVG program. Everytime I try to update it keeps telling me: 'Error failed to connect to server updateasfreeinfo.grisoft.com' Also, I was able to install the program and I followed the instructions on how to set the program but when I ran it, there was no logs in the 'report' section to save. ???? So I don't have any logfile to upload.

    So, I went ahead and tried to install the MGtools program and this program won't install either. It gives me a pop up error that says: 'The application failed to initialize properly (0xc0000135). Click on OK to terminate application.' This error occurs when the command window shows this:

    The C:\MGTools\temp\GRKflag.txt exists. Deleting it!
    Zipping hijackthis.log
    updating: hijackthis.log <188 bytes security> <deflated 63%>

    Another thing is, after running the AVG program, I restarted my computer, AVG popped up with a malware infection and it was in the avgas.exe file!!!!
    I can't even post the proper logs because of these issues. Is my computer so jacked up with infections that these programs won't install and operate correctly????? Please help, I'm on the fritz with this.
     
    avscannow, Jan 24, 2008
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Since you were able to run ComboFix ...please copy the log to another media (memory stick/cd) and attach it via a different computer.
     
    TimW, Jan 24, 2008
    #4
  5. avscannow

    avscannow Private E-2

    I attatched the combofix log as well as the vundofix and vundobegone logs if that helps any. I will keep trying to figure out the install issue with spybot and the update issue with avg.
     
    Last edited: Jan 25, 2008
    avscannow, Jan 24, 2008
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    now we need to use a new tool.

    * Download and save to RenV.exe from following link to Desktop (
    must be on the Desktop)
    * Now Copy the bold text in the below code box to notepad. Save it as Log.txt to your desktop. (It must be on your Desktop).

    Code:
    C:\Documents and Settings\Owner\Desktop\Buisness Folder\DLF\1\DVD 2 DivX  2 VCD Complete Package version 2\DVD 2 DivX  2 VCD Complete Package version 2\VCD - DivX to MPEG-1-VCD GUIDE v2.0\Programs\iFilmEdit 1.4c .exe
C:\Documents and Settings\Owner\Desktop\Buisness Folder\DLF\1\Playstation\PLAY playstion Games on the computer .exe
C:\Documents and Settings\Owner\Desktop\Buisness Folder\DLF\VideoConverters\DVD 2 DivX  2 VCD Complete Package version 2\VCD - DivX to MPEG-1-VCD GUIDE v2.0\Programs\iFilmEdit 1.4c .exe
C:\Program Files\mcafee.com\Agent\mcupdate .exe
C:\Program Files\mcafee.com\Agent\MCUPDA~1 .EXE
C:\Program Files\mcafee.com\Agent\MCUPDA~2 .EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe
C:\WINDOWS\SYSTEM\hpsysdrv .exe
C:\WINDOWS\SYSTEM32\ps2 .exe
C:\WINDOWS\SYSTEM32\usb .exe
C:\WINDOWS\SYSTEM32\USBIcon .exe
    * Now using your mouse, drag Log.txt onto RenV.exe
    * When finished, RenV.exe will produce a new log names Log.txt on your Desktop I will ask for this log later.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now download The Avenger by Swandog469, and save it to your Desktop.

    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Check the 'Input script manually' box.
    * Click on the magnifying glass icon.
    * Copy everything in the Quote box below, and paste it in the box that opens:

    * Now click the 'Done' button.
    * Click on the traffic light icon and OK the prompt.
    * You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.
     
    TimW, Jan 25, 2008
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am closing this thread as you posted twice and are also working with Chas.
     
    TimW, Jan 27, 2008
    #7
Thread Status:
Not open for further replies.

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds