need help. i cant get rid of smitfraud-c and others

Discussion in 'Malware Help (A Specialist Will Reply)' started by Dysentery, Jan 2, 2006.

  1. Dysentery

    Dysentery Private E-2

    Hi, I need help removing smitfraud, spysheriff, and spyaxe (i think) and i think i might have a virus. I'm not sure if i have all three or what but my computer is going very slow and the cpu is running at 100% constantly. Every time i opened internet explorer my mcafee would detect a PUP and my homepage was redirected to antivirus websites. I was also recieving messages at the bottom right corner saying a virus was detected but mcafee wasnt detecting it. I completed all the steps on this page http://forums.majorgeeks.com/showthread.php?t=35407 and this page http://forums.majorgeeks.com/showthread.php?t=74265 but i dont think it helped really at all. When I run spybot it still detects smitfraud-c and says it cant fix the problems and i need to restart but it still says the same thing after i restart. Also, the program spyfighter detected a couple things but i cant remember what they were and my computer is going so slow now the scan is not really working well.
     

    Attached Files:

    Dysentery, Jan 2, 2006
    #1
  2. Dysentery

    Dysentery Private E-2

    hey its been like 5 hours with no reply... can some1 reply so i can get going with this and fix it.
     
    Dysentery, Jan 2, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    When you added your second message to this thread you probably more than doubled the time it took to get an answer. It moved you further down in the queue. We go from oldest to newest. Adding the message made yours newer. We are very busy here as you can see and sometimes it takes longer that others to get answers. This is volunteer work done part time in our free time. We ask two things for this: patience and that directions be followed.

    The instructions in Smitfraud, SpySheriff, SpyAxe & PSGuard Removal

    request the smitfiles.txt and PandaActiveScan logs to be attached.

    Also the READ & RUN ME also requests the PandaActiveScan log and also the BitDefender log.

    Please attach all logs!

    You should also uninstall SpyFighter it is a rogue tool that is not helping you. We also requested in step 0 of the READ & RUN ME that you uninstall Viewpoint Manager. Did you decide that you want to keep it.

    What version of LimeWire are you running? If it is not the newest available, it probably contains malware.
     
    Last edited: Jan 2, 2006
    chaslang, Jan 2, 2006
    #3
  4. Dysentery

    Dysentery Private E-2

    I uninstalled spyfighter and viewpoint manager and my limewire version is 4.9.37
     

    Attached Files:

    Dysentery, Jan 3, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Limewire is on version 4.10.

    You did not post the BitDefender log.

    Was the Panda log from before or after running SmitRem?

    If after, you need to run SmitRem again and make sure the files in the Panda log get deleted. Make sure you run in safe mode as instructed.

    If before, it may be a good idea to run again.

    How are things working right now?
     
    chaslang, Jan 4, 2006
    #5
  6. Dysentery

    Dysentery Private E-2

    Alright so I basically did everything over again because i was confused about at what points in time i did the different scans. This time I put my computer in safe mode and redid all the scans on this page http://forums.majorgeeks.com/showthread.php?t=35407 except bit defender and panda scan then i rebooted in safe with minimal network and did the bitdefender and then tried to do the panda scan but was unable to because i got an error and then rebooted in safe without networking and did the smitrem. I dont think the smitrem is working either because while its running all the lines say either file not found or access denied.

    And now ill answer your last post. I said my limewire was 4.9.37 because thats what it says on the icon on the desktop and i assumed it was right but i guess as you say its 4.10. I dont remember if the panda scan was before or after and its not leting me run it anymore because of the error downloading. Things are actually working pretty much perfectly for some reason now, I have no idea why because I havent done anything at all since it was going 100% cpu and extremely slow. Maby its because (i think) my computers default is to start up in selective startup and maby when it was going slow when i was in normal mode but im not sure. But i dont think anything besides the speed has gotten better... I dont think ive gotten rid of any more spyware or anything. My mcafee is still detecting PUPs and cleaning viruses occassionally and spybot still detects smitfraud.
     

    Attached Files:

    Dysentery, Jan 4, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You misunderstood me. I telling you that you are using an old version of Limewire. The current release is 4.10.

    You still did not uninstall SpyFighter. It is a rogue tool and is not to be trusted. See info on it here: http://www.spywarewarrior.com/rogue_anti-spyware.htm

    You should also uninstall Viewpoint Manager and/or Viewpoint unless you use it. I doubt it. Most people have no idea what it is or where it came from. It is a waste of system resources and installed by AOL software (their browser or AIM).

    You still have not followed step 7 of the READ ME to install HJT properly. Please fix this. You are running it from exactly where we say not to run it:
    C:\DOCUME~1\JONSAM~1\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe

    Please install it properly then continue to the below.

    Please download DelDomains and unzip it to your desktop. Find the files from deldomains.zip on your Desktop and RightClick on the deldomains.inf file and select Install.

    (Please note you will need to "Immunize" with Spybot again because deldomains will remove all of the sites Spybot adders.)

    Now see if Spybot still detects Smitfraud by running a new scan.


    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighter.exe" monitor <--- should be gone if you uninstalled
    O4 - HKLM\..\Run: [SpyFighterUpdate] "C:\Program Files\SpyFighter\AutoUpdate.exe" silent <--- should be gone if you uninstalled
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - blank (file missing)
    O15 - Trusted Zone: http://us.mcafee.com
    O18 - Protocol: bw+0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {4B2C5081-2CE5-490D-BB98-0F7A46EBEC30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete    :
    C:\Program Files\SpyFighter <--- Delete the whole folder but should be gone if you uninstalled

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.

    Reminder Note: Once we have determine you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
    chaslang, Jan 4, 2006
    #7
  8. Dysentery

    Dysentery Private E-2

    Do they make u pay for the newest version of limewire? Does my version have spyware on it?

    I uninstalled spyfighter

    I uninstalled viewpoint manager before your last post from add or remove programs. Maby I did the scan before that or something...

    After installing deldomains my spybot didnt detect smitfraud anymore so i guess it was gone already from before.

    Everything seems to be working normally now... ill see if i get any more mcafee PUP or trojan warnings.
     

    Attached Files:

    Dysentery, Jan 4, 2006
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I don't know the answer to you Limewire question? I know many previous versions were infected but "new" (I don't know when they stopped the malware) are not supposed to be. I don't use it. Check on their site to see if you need buy it.

    Running Deldomains removed what Spybot was detecting as SmitFraud.

    You did not fix the O18 lines from my last post. Did you forget? Try again. Then just look for yourself to see if they are fixed.

    Or did that stupid Logitech Desktop Messenger add them all back in already?

    If they come back again, add the below to the list and fix again:
    O4 - HKCU\..\Run: [LDM] \Program\
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
     
    Last edited: Jan 4, 2006
    chaslang, Jan 4, 2006
    #9
  10. Dysentery

    Dysentery Private E-2

    Alright i removed all those lines i missed last time .. i thought i was only supposed to remove the lines with the purples messages next to them the first time. Should I disable system restore now?
     
    Dysentery, Jan 4, 2006
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes! If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

    After that, you should work thru the below link:

    How to Protect yourself from malware!
     
    chaslang, Jan 4, 2006
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds