Smitfraud-C

Discussion in 'Malware Help (A Specialist Will Reply)' started by vadaken, Aug 9, 2005.

  1. vadaken

    vadaken Private E-2

    Spybot keeps detecting Smitfraud-C for 30 Registry entries. It cannot fix them. I have tried in Safe Mode and also allowed Spybot to run on reboot. The computer seems to be running normal. I did look at some of the other posts about Smitfraud, but they seemed to have more than the one issue. I followed the Read This and didn't find anything.

    Thanks

    Ken
     
    vadaken, Aug 9, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Aug 9, 2005
    #2
  3. vadaken

    vadaken Private E-2

    Hi Chaslong

    I attached the log frm the latest scan.

    Ken
     

    Attached Files:

    vadaken, Aug 9, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yep! It's the same problem as in the link I gave you. The items are in in the Trusted Zone instead of the Restricted Zone.

    What OS is this?
    Do you login with different user accounts? If so, how many?
     
    chaslang, Aug 9, 2005
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Run the fix I gave in message number 10 of the thread: smitfraud and pup

    Then get a new Spybot log.
     
    chaslang, Aug 9, 2005
    #5
  6. vadaken

    vadaken Private E-2

    Operating System is XP Pro. Only one login, but there is a special password protected user account titled "ASP.Net Machine..." in addition to my account.
     
    vadaken, Aug 10, 2005
    #6
  7. vadaken

    vadaken Private E-2

    Chaslong

    The Operating System in the other thread is ME and I have XP Pro. Do I use the same reg fix?

    Thanks

    Ken
     
    vadaken, Aug 10, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No! In fact your registry key where these are being stored is different. I'm starting to wonder how these are getting put into the Trusted Zone. Some application has to be doing this. You said you ran the READ ME FIRST, right? If so, please complete the steps below because I want to see if anything else is playing around with your PC before creating a registy patch to fix your symptoms.

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, Aug 10, 2005
    #8
  9. vadaken

    vadaken Private E-2

    OK. Here is the HJT log.
     

    Attached Files:

    vadaken, Aug 11, 2005
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay your log is clean but you need to get your Windows Updates!

    Download the attached zip file and extract the smitfix.reg file from it to your desktop and then follow the steps below.

    Then double-click on the smitfix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.
     

    Attached Files:

    Last edited: Aug 11, 2005
    chaslang, Aug 11, 2005
    #10
  11. vadaken

    vadaken Private E-2

    Chaslong

    I get a Registry Editor Error Message - Cannot import Smitfix.reg: The specified file is not a registry script. You can only import binary registry files from within the registry editor.

    I know how to import the file from within the Registry Editor, but just wanted to run this by you before I do. I cannot afford to lose access to the computer.

    Ken
     
    vadaken, Aug 11, 2005
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's my fault. I was going to attach it inline but made it a ZIP attachment because it was long. I forgot to edit out the QUOTE lines.

    Try it now! Download from the previous message again. I changed that attachment.
     
    chaslang, Aug 11, 2005
    #12
  13. vadaken

    vadaken Private E-2

    Chaslong

    That did the trick. Thank you very much.

    Ken
     
    vadaken, Aug 11, 2005
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Aug 12, 2005
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds