SmitFraud problems - /system32/winexz32.dll

Hey -

My friend stupidly tried to install a CD_key generator for a game and now my computer is having some problems.

I ran Spybot S&D and Symantec Antivirus 9.0.0.338 several times and seemed to be succeeding in removing much of the spyware that was creeping in. However, it couldn't remove the winexz32.dll from my WINDOWS/system32/ directory because it was hooked into memory. I then tried cleaning in safe mode and removed a few more entries. Eventually I actually got Spybot to return no threats, but the popup when I open a browser is still there.

A friend recommended I scan with Adaware, so I tried that. Using Adaware I was able to identify the file, but my computer will auto restart before a scan can complete - and any attempt to remove the file by cancelling the scan early and trying to quarentine was also ineffective.

However, I was able to find that the trojan was located at winexz32.dll, which I've heard comes from the SmitFraud Trojan. I've gone through the general and specific removal guides on these forums, but have so far still been unsuccessful in removing the file or the popup.

I'm attaching -
smitfiles.txt :: newfiles.txt :: hijackthis.log

The strange thing is that my computer performance hasn't suffered noticeably, and none of the programs this virus/trojan normally installs made it on my computer.

Anyway, whatever help I can get would be great. I can of course just format this weekend if it comes to that, but I'd like to just beat this thing.

-Thanks

 

Great news!

I was reading another tutorial for a different problem, and it said that renaming the infected file in safe mode might help to get rid of it.

So I tried that and it worked!

Now both the popup and the winlog.exe errors are GONE!

Even though I didn't say much on here and haven't gotten a response I'd like to thank Major Geeks for their great tutorials and FAQ's. They really got the job done.