Smitfraud and puper infection

It has been a really long 3 days with this garbage. I have succesfully gotten rid of about:blank. Thanks to HS. However, I have a black screen with avg and all the clasic symptoms of smitfraud. I have followed all of the steps required and requested. I have run Housecall, Ewido, Norton, CWS, Spybot and Ad aware. Just a lil scared to do HJT without guidance.

PLeeeease help.

Thanks!

 

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

After doing ALL of the above if you still have a problem:


http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Here is new hjt log. I have completed ALL steps here READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal.

Also having issues with Outlook Express.

Thanks for your help.

 

The first thing I notice in your log is that your running McAfee and Norton. This is not recommended as running 2 antivirus programs will cause conflicts on your computer. Pick one and uninstall the other!

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Be sure you have the viewing of hidden files and folders enable per the tutorial. Now search for the following file and delete when found.

ShowWnd.exe

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

Ok I did that and thank you so far. Here is hjt file and I have uninstalled McAfee. I have run Pest Control and it has picked up various components on registry for avgold. Also my Outlook Express is not loading any messages.

Thanks again.

 

Ok I did that and thank you so far. Here is hjt file and I have uninstalled McAfee. I have run Pest Control and it has picked up various components on registry for avgold. Also my Outlook Express is not loading any messages.

Thanks again.

 

I notice you have several antispyware programs running. I would get rid of some because you have too much protection and it could be causing conflicts and not finding something. Also, your TH version is out dated.

Scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8081;http=localhost:8081

Again, make sure All Browser Windows are Closed when you Click FIX.

After you complete the above, reboot and let me know if any further problems remain.

 

Thanks. Got rid of Spy Sweeper and Spybot. Still have that new registry being created. Also pest Patrol keeps finding this HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{72267f6a-a6f9-11d0-bc94-00c04fb67863}. I keep trying to delete to nothing happening.

Attatched is new hjt log.

Thanks

Amanda

 

Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)

Double-click on the fix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge, click YES!

After you complete the above, reboot and let me know if any problems remain.

 

Ok I did that and here is new log.

Inline log attached!

Grrrr.....boohoo...pc still slow

 

Scan with HJT and have it fix the below entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8081;http=localhost:8081
(Keep this if you need it!)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)


After you have removed the above entries, procede with the following:

1) Download TrojanHunter

2) Install TrojanHunter, At the end of the install setup will prompt you to update definitions. Please do so!

3) Once installed and updated, select drive C:\ and do a Full Scan. Remove all found infections, reboot and post your results and if any problems remain.

 

Ok so I fixed all of the files as told. Also downloaded Trojan Hunter. Says system is clean. Pest patrol is still picking up same file???? Will attatch new hjt. Outlook is still acting up and system is a little better. I am sooo grateful for your help.

Running Panda

3 infected files

Incident Status Location

Virus:Eicar.Mod No disinfected C:\Program Files\PestPatrol\Help.chm[HowCanITestDetection.html]
Adware:Adware/Antivirus-gold No disinfected C:\WINDOWS\screen.html
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\system32\wp.bmp

 

First, do a search for the following files and delete if found:

wp.exe

wp.html

desktop.html

Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)

Double-click on the fix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge, click YES!

 

I followed those steps. Pc is a lil slow. Is this infection multiplying or keep changing? Is this normal? I am pulling my hair out.
Panda is still picking up 3 infections.

I deleted the favorites folder...health. Will reboot and run hjt
Thanks.

 

Panda has found NO infections. Thank you, thank you. Internet is running better and here is HJT log.

 

Scan with HJT and have it fix the below entry:

O18 - Filter: text/html - (no CLSID) - (no file)

After you fix the above entry, reboot and let me know if any problems remain.

 

Seems good to me. Except for the issue with Outlook Express. I can receive messages but not load. Is that a software prob??? Should I go to that forum???


Thanks sooo much for all your help.

Amanda

 

Your HJT log is clean!

For the OE problem I would recommend posting that in the Software Forum.

You should first follow the steps in this article on How to Protect yourself from malware!