Smitfraud-C/PSGuard/Spywarestriker

Some days ago I was "attacked" by some Spywarestrike anti-spyware program (loooked like it) and installed some icon on my desktop and a annoying bubble and icon at the task bar. The whole thing was quite irritating. I belive this happend when I, by mistake, downloaded a codeks in order to whatch a video.
I've tried to remove this by using Spy Search and destroy, Ad-aware, Ewido etc, without any success. Well that is - I've managed to get rid of the bubble at the task bar, and the beeping sound every 10 seconds.
I launched the programs in safe mode. I'm not certain that everything is OK. I followed the instructions given here in the "SpywareStrike, Smitfraud, SpySheriff, SpyAxe & PSGuard Removal".

When running an online scan of Kaspersky I get a message that my PC is infected.
I even bought and installed the Spyware Doctor program in order to get rid of this, but it didn't help much.
I've got Norton Internet security/anti virus running.

When looking under c:\program files I found a program called "Spywarestriker", which I deleted, and then emptied the garbage can before rebooting to normal modus.

I'm no longer certain if my PC is infected. The Spy Search and destroy finds "Smifraud-C" but is not able to delete it.

I've attached the scan results of smitfiles and the Panda scan.

All suggestion/tips and information...highly appreciated.

 

smitRem was just updated, so please download and run this again then attach the log.

If you have completed all of the steps in the READ ME follow the below.

Please see the below thread, then attach a current HJT log.
http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

 

I've done as you said. Doenloaded the last version of smitfile.

Here are the files from smitfile and Hijackthis.

 

Please see the below thread on how to install and run Ewido Security Suite.

• Running Ewido Security Suite ...

 

Now I've downloaded the Ewido, and updated it before rebooting in safe mode. The log is attached.
Note that I can't be sure that there were no internet connections available when running the scan in safe mode...this is due to the fact that I've got a laptop with wireless internet connection...and I'm in an area where other network is running....but this might not be a problem.

Is the scan looking OK?

 

Attach a fresh HJT log from normal mode.

 

Here are the results of the hijackthis scan in normal mode.

 

Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

• Temporary Files
• Temporary Internet Files
• Recycle Bin

And Click OK.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above, reboot and let me know how things are running.

 

I've done as listed in the instructions.

I've re-enabled system restore and the end.

From my point of view everything is running OK. No extra icons, sounds/beeping or any other changes.

Spybot search and destroy didn't find anything besides 2 listing regarding Windows Security center which it always does...for some strange reason. Never seem to get rid of that....well know I checked this matter better and found:

"Windows Security Center.FirewallDisableNotify" , if this is found, the Security Center does not notify about the firewall.
This could have been disabled by your personal firewall to avoid double messages. If your personal firewall is up and running, you can ignore this detection."
I've got Norton personal firewall installed, so no problem I guess. I'll make Sb S&D ignore this next time.


Thanks a lot for all assistance on this matter. I really appreciate your effort in helping me.
I've learned quite a lot of this - belive me!

Have a nice day!

 

You can have Spybot ignore those entries, they are no threat just showing you have those options disabled in the security center.

You should see this article on How to Protect yourself from malware!

Surf Safely!