Smitfraud removal help

Discussion in 'Malware Help (A Specialist Will Reply)' started by mindgames, Feb 10, 2006.

  1. mindgames

    mindgames Private E-2

    Hi

    A few months ago my PC became infected with the Smitfraud virus, and it did the whole desktop thing and all the stuff it was meant to do. I managed (I thought) to remove it, and my PC has been working fine since. However, I ran a full Search and Destroy yesterday and it says that there are still 17 Smitfraud items on here, and it can't remove them, even when it runs on start-up. I'm a bit concerned, therefore, that I might still be infected. Ad-aware and AVG don't show anything....

    Any help please?

    These are the offending articles:

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2052111302-764733703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adulthell.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2052111302-764733703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bin.wordsx.cc\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2052111302-764733703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crl.thawte.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2052111302-764733703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\datingforlove.org\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2052111302-764733703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dl.ad-ware.cc\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2052111302-764733703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\love-catalog.net\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2052111302-764733703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\meetyourfriend.biz\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2052111302-764733703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2052111302-764733703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\new.8ad.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2052111302-764733703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.remove.cc\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2052111302-764733703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s2.kav.cc\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2052111302-764733703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\terra.hcworld.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2052111302-764733703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracking.allposters.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2052111302-764733703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\visitfriend.net\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2052111302-764733703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webpidor.biz\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2052111302-764733703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.6o9.com\*!=W=4

    Smitfraud-C.: User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-2052111302-764733703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\www.niger.ru\*!=W=4



    Here is my Hijack This log:


    Edit by chaslang: Inline HJT log remove. Cleaning steps not run.


    Any help much appreciated!
    m
     
    Last edited by a moderator: Feb 10, 2006
    mindgames, Feb 10, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please do not post any logs inline and do not post any HJT logs without having run the READ & RUN ME sticky thread steps first.

    Please download DelDomains and unzip it to your desktop. Find the files from deldomains.zip on your Desktop and RightClick on the deldomains.inf file and select Install.

    (Please note you will need to "Immunize" with Spybot again because deldomains will remove all of the sites Spybot adders.)

    Then check your Spybot scan now.
     
    chaslang, Feb 10, 2006
    #2
  3. mindgames

    mindgames Private E-2

    cheers, they have gone

    thanks!
     
    mindgames, Feb 10, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
     
    chaslang, Feb 10, 2006
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds