|
C:\WINDOWSsystem32ld5698.tmp
|
|
|
ozzymary
Suspended permanently
|
2. January 2006 @ 16:59 |
Link to this message
|
|
C:\WINDOWS\system32\ld5698.tmp how can i get rid of this trojan forever, please help
i found it by running a search but when i open containing folder it wont leave me delete the trojan. any ideas?
i have the trojon in avast virus chest what do i do with it from here
This message has been edited since posting. Last time this message was edited on 3. January 2006 @ 08:11
|
|
Advertisement
|
|
|
|
|
-kemisti-
AfterDawn Addict
|
2. January 2006 @ 22:11 |
Link to this message
|
That's smitfraud:
And ozzymary that fix MUST do in safe mode, it won't work otherwise.
If you don't do it in safe mode, it's your choice, not mine. That file won't be removed in reg mode.
Download -> http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Save on desktop and doubleclick it, it will then create smitRem-folder on desktop.
Boot in safe mode ( tap F8 while booting), open smitRem-folder and doubleclick
RunThis.bat. Follow instructions. Reboot, send a fresh HjT-log and contents of c:\smitfiles.txt.
This message has been edited since posting. Last time this message was edited on 2. January 2006 @ 22:43
|
|
ddp
Moderator
|
3. January 2006 @ 07:11 |
Link to this message
|
|
This message has been edited since posting. Last time this message was edited on 3. January 2006 @ 07:14
|
|
-kemisti-
AfterDawn Addict
|
3. January 2006 @ 07:47 |
Link to this message
|
|
@ddp: That's not required. Smitrem is enough to remove that file and other smitfraud files/folders. And those instructions are pretty old, much more variants have been created since those instructions were "released".
|
|
ozzymary
Suspended permanently
|
3. January 2006 @ 08:10 |
Link to this message
|
|
aT>-kemisti THANKS FOR ALL your help yesterday on my compaq (witch is running fine ) and today for the gateway.last night the screen turned and said some stupid stuff and would not go away .so i reinstalled windows but still there. used avast to take it to virus chest and then i deleted it. i ran avg and did not find it ..... i dont know how i got this at all....can you give me the link for hijak this .so when i do this tonight i could show my log here thanks agian (i mean on the other pc . @ ddp i just was a little mad at what happened .iam not a kid eather i am 29 years old . i see a lot of posts with bad words with a blank or missing letter
|
|
ozzymary
Suspended permanently
|
3. January 2006 @ 08:16 |
Link to this message
|
|
This message has been edited since posting. Last time this message was edited on 3. January 2006 @ 08:19
|
|
ddp
Moderator
|
3. January 2006 @ 08:29 |
Link to this message
|
|
the person was complaining about the language who also has kids. creaky would have done the same thing as me as he has kids too that watch what he does & doesn't need their education broaden in that way.
|
|
-kemisti-
AfterDawn Addict
|
3. January 2006 @ 08:30 |
Link to this message
|
|
|
|
ozzymary
Suspended permanently
|
3. January 2006 @ 11:15 |
Link to this message
|
|
ok here is the log what should i delete
Logfile of HijackThis v1.99.1
Scan saved at 4:10:40 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\greg\Desktop\HijackThis.exe
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp9A6D.tmp
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
|
ozzymary
Suspended permanently
|
3. January 2006 @ 15:16 |
Link to this message
|
|
can anyone help me out here
|
|
Jeanc1
Suspended permanently
|
3. January 2006 @ 15:31 |
Link to this message
|
|
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp9A6D.tmp
That's a Trojan ! Delete it !
|
|
ozzymary
Suspended permanently
|
3. January 2006 @ 15:47 |
Link to this message
|
|
thanks alot iam having a lot of problems with this pc. now i have a ! running in the right hand corner i think its spy axe and wont go away it says computer infected with malware how do i get rid of this
|
|
Advertisement
|
|
|
|
ozzymary
Suspended permanently
|
3. January 2006 @ 16:56 |
Link to this message
|
new log
Logfile of HijackThis v1.99.1
Scan saved at 9:51:16 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\greg\Desktop\HijackThis.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {42D242E2-9872-6CF3-89C4-74682D57A0DE} - http://85.255.113.214/1/gdnCL2332.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
