smitfraud.888 toolbar

Hi - this is my first time posting here. I am having startup and adware problems with my HP laptop. Just recently I began recieving lots of popups, mostly from fraud spyware-removal sites such as WinAntiVirusPro. I did a system scan with Spybot and Ad-Aware SE and found lots of junk which they cleaned up, but Vundo and Smitfraud resisted. I downloaded VundoFix and ran it. It claimed to find and fix stuff, but i am not convinced it worked.

On startup, my computer fails to properly run explorer.exe - none of the icons or start bar loads. After several minutes i can open task manager, log myself off, and log back on without a problem. I ran HiJackThis and removed what i thought was unnecessary based on the advice in the sticky on this forum, but the computer still doesn't like booting. I have disabled system restore for the time being, and i ran CCleaner. I will attach the most recent HiJackThis log.

Thank You!!!

 

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy - ONLY IF you were not able to run Windows Defender
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

All the spyware/malware may be gone... but i can't be sure, because startup still doesn't work well. Explorer doesn't like to load, and when i open task manager to log off, it says explorer isn't responding. I will attack to this post and the next my records of what i did, and also the logs from the programs. Any help in making my computer work again would be appreciated.

 

Attachments

Here are the remaining attachments

 

Do you have a valid and current subscription to Norton?

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Notes:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Do not proceed with the rest of the fix if you fail to run combofix
Disable script blocking if you have Norton Antivirus installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.
ComboFix will create a folder called QooBox in C: (C:\QooBox). It will contain any folders that were quarantined. When you are done you can delete this folder - QooBox.

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

 

I have no Norton Subscription. My school offers Norton 2004 or something like that, but installation did not work well. I tried to delete it using Add/Remove programs, but that stalled 90% through, so i tried to manually delete the rest, and some files couldn't be deleted. Its rather a mess.

ComboFix appeared to run just fine. QooBox has been deleted and emptied from the recycle bin. The report is pasted at the bottom of this post.

SmitfraudFix appeared to run just fine. The "rapport" is also posted, after the ComboFix log.

I reset the msConfig to my preferences - only loading vitals and other programs known to be good (AdMuncher). Normal Startup mode caused too much difficulty.

 

First, ALL LOGS need to be posted as attachments.

Second, download Symantec's Norton Removal Tool (SymNRT)
http://www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

Run SymNRT and that should clear up your issues with Norton.

Third, You do not have file extensions shown as requested.

Fourth, Do you still have MacAfee installed?

Fifth, I understand that with an infected system as yours that it can be difficult to accomplish tasks with all programs running. I NEED ALL items checked with msconfig in order to properly fix your computer.

Sixth, run Panda and Bitdefender scans again now that Norton is removed and post the logs (as attachments)

 

Sorry - in your last post you clearly stated "please copy/paste the content of that report into your reply". From now on, I will attach everything.

Norton removal tool worked without incident. Norton no longer runs, nor appears in Add/Remove programs, nor has a file in the directory. Thank you for that.

My bad with the file extensions - thats all fixed.

I have McAfee SiteAdvisor installed. Nothing more.

I am back in Normal Startup Mode. Everytime I boot I have to close HP PhotoGallery Installer, which tries to Install (Presumably, HP PhotoGallery) but ends up getting stuck and freezing. Other than that, and a bunch of other unnecessary stuff loading, it isn't too much of a problem.

I could not click on the "I agree" button for BitDefender nor the "Scan PC now" button for Panda Active Scan. I just downloaded Internet Explorer 7 and am using that. When I right click, all the options for "Open Link" are grayed out, like something is blocking that particular link.

On the bright side - The problems with explorer.exe are fixed. It runs cleanly and quickly on startup now. Also, I have not had a pop-up since I ran ComboFix and VundoFix. I would say we are on the right track, if not fully clean.

Thank you so much for your time and support - you have been a great help.

 

Open Internet Explorer
Click Tools
Click Internet Options
Click Security
Click Reset all zones to default level
Click Apply

Attempt to run Bitdefender and Panda again.

Download an antivirus program - a good free one is here:
http://www.majorgeeks.com/download886.html

Update the antivirus and reboot in SAFE MODE (Tap F8 during startup) then run a full system scan and save the log.

Attach all logs from any of the antivirus scans