SmithFraud that wont go away (Hijack log)

killertatertots · Aug 7, 2008

My mother has the smith virus or whatever it is called. We ran the smithfraud fix and it did not work. we also did another removal tool that said it would fix it and it did not either. it is not showing up in add remove program list.
We ran Hijjack this, here is the log.
Please note we know very little of how things work, so be very simple and clear.

Logfile of Trend Micro HijackThis v2.0.2

TimW · Aug 7, 2008

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide

Note: If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

killertatertots · Aug 7, 2008

Step 1: House Cleaning & Setup - We have no idea which of the things on there are supposed to be and which are not. There is nothing labelled any of the names we saw online that the Smithfraud hides as.

We emptied the recycle bin and quarantined files.

We have no idea how to do the rest of the stuff (java, config), or even what it is referring to. We are absolute beginners.

We cannot install anything, the problem has stopped her IE and foxfire from running, we cannot use the internet.

Step 2-
We did yesterday before running one of the removal tools that failed.

Step 3-
WE cannot download anything, we can no longer use the internet.

she has xp.
Someone read our hijack this logs and said we had a backdoor malware and to change our important passwords, but didnt say how to get rid of it. We cannot afford to take it in to be fixed professionally , but we are now worried since two cleaner tools failed, it is permanently damaged.

TimW · Aug 7, 2008

If you can not get on the internet, then you will need to download the tools to another computer and transfer them to the infected one via cd or thumb drive.....without the logs from the following scans, I can not help you:

MalwareBytes
SuperAntispyware
ComboFix
MGLogs.zip --> from running the MGTools.exe

killertatertots · Aug 9, 2008

thank you for your time, but we have no way to do that.
someone in another forum told us they knew how to clean the machine after seeing our hijack logs but never got back. it has been days.
nothing is working, smithfraudfix, spybot, nothing,we tried all the online tools that are free and say they can fix it and none do.

TimW · Aug 9, 2008

You can not get access to another computer to download the scanning tools? You can't transfer them to your computer? What do you mean by "We can't do that........"

Can you run HJT?
Before you do so, you would need to save it to C:\Program Files\HJT\analyse.exe ---> notice that the exe was renamed to analyse and the saved location.

But if you can't get on the internet...how are you getting to this forum?

You must be using a different computer.....therefore my initial question.

If you are being helped in another web forum...it is a waste of our resources.

killertatertots · Aug 9, 2008

The other computer we are using, at my house, doesnt have any way to burn the information to bring to her house.
We have Hijack this on her computer, and ran it, and posted the log it gave us, but we dont know what to do with it, we have no idea what any of it means.
We posted to multiple forums and noone has been able to help, they just say to reformat or take it in, neither of which we can afford to do.
What do you mean about the analyze.exe? do you mean to run hijack as that?

TimW · Aug 9, 2008

Then if you can't burn cd's you can use a thumb/jump drive to transfer things.

Yes, I want you to move HJT to the C:\Program Files folder and rename the exe to analyse.

Then attach it as it will be more helpful than the log you posted inline. Malware can recognize HJT.exe and hide from it. "(

killertatertots · Aug 9, 2008

We cannot afford to buy a drive just for this.
I will do the change to the hijack thing when i go to her house tommorrow and repost it.
thanks

TimW · Aug 9, 2008

Just be aware that a usb flash drive at 2 mgs runs about $24.

killertatertots · Aug 14, 2008

We cannot wait any longer, we are going to have to try to come up with the money to get professional help.

TimW · Aug 14, 2008

Then you should have tried getting me at least the HJT log ....installed and renamed as instructed.....transfered the COmboFix program and run it.
I suspect that anywhere you take it, they are going to tell you they have to reformat and reinstall your OS....and you will lose your personal data.

Log in or Sign up

SmithFraud that wont go away (Hijack log)

killertatertots Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

killertatertots Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

killertatertots Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

killertatertots Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

killertatertots Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

killertatertots Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member