HELP REMOVE SMITFRAUD-C PLEASE !!

Posted 12/17/2006 11:16 PM
#40677
User avatar

blizaine Member

Date Joined Nov 2016
Total Posts: 5
okay iv been trying my hardest with several diferent ways to remove it but got confused with all but this one but now i am stuck ....i ran spybot search & destroy and it has located the following ... <br/> <br/> <br/> --- Search result list --- <br/>Smitfraud-C.: Settings (Registry key, nothing done) <br/> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc <br/> <br/>Smitfraud-C.: Library (File, nothing done) <br/> C:\WINDOWS\system32\rpcc.dll <br/> <br/>Smitfraud-C.: Settings (Registry key, nothing done) <br/> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts <br/> <br/>Microsoft.WindowsSecurityCenter.AntiVirusOverride: Settings (Registry change, nothing done) <br/> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0 <br/> <br/>Microsoft.WindowsSecurityCenter.FirewallOverride: Settings (Registry change, nothing done) <br/> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0 <br/> <br/> <br/> <br/> <br/> <br/>...I then ran Hijack This ...and the following list came up ..... <br/> <br/> <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 2:56:14 PM, on 12/17/2006 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe <br/>C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe <br/>C:\WINDOWS\system32\secures4.exe <br/>C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe <br/>C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe <br/>C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe <br/>C:\WINDOWS\system32\netdde.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\system32\wscntfy.exe <br/>C:\Program Files\Internet Explorer\IEXPLORE.EXE <br/>C:\WINDOWS\system32\rundll32.exe <br/>C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe <br/>C:\Program Files\Windows NT\Accessories\WORDPAD.EXE <br/>C:\Documents and Settings\Administrator\Desktop\HijackThis.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ <br/>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll <br/>O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP <br/>O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized <br/>O4 - HKLM\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" <br/>O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" <br/>O4 - HKLM\..\Run: [SvcManager] secures4.exe <br/>O4 - HKCU\..\Run: [Nord] C:\WINDOWS\system32\nordsys.exe <br/>O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab <br/>O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab <br/>O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab <br/>O20 - AppInit_DLLs: <br/>O20 - Winlogon Notify: pasksa - pasksa.dll (file missing) <br/>O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll <br/>O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) <br/>O20 - Winlogon Notify: xartcd5 - xartcd5.dll (file missing) <br/>O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe <br/>O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe <br/>O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/>...I am stuck on exactly what items i should be selecting to delete ...could sumone pls help me
Posted 12/18/2006 2:10 AM
#40682
User avatar

blizaine Member

Date Joined Nov 2016
Total Posts: 5
is there no one that can help ?????
Posted 12/18/2006 4:54 AM
#40685
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hi blizaine <br/> <br/><br /><br /> <br/><br /><br /> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Please download the latest version (the file contains both English and French versions): <br/><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana"><SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">http://siri.geekstogo.com/SmitfraudFix.zip<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/> <br/>Mirrors: Alternate official download locations for Smitfraudfix.zip <br/><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana"><SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">http://siri.urz.free.fr/Fix/SmitfraudFix.zip<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana"><SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB">http://telechargement.zebulon.fr/259-smitfraudfix.html<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma; mso-bidi-font-size: 8.5pt">Extract the content (a folder named SmitfraudFix) to your Desktop. <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma; mso-bidi-font-size: 8.5pt"><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma; mso-bidi-font-size: 8.5pt"> <o:p></o:p> <br/> <br/><SPAN lang=EN style="mso-ansi-language: EN"><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><SPAN lang=EN-GB style="mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: #222222; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: #0030ca; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Please print out or copy this page to Notepad<SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: #0030ca; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> as you will be in Safe Mode and unable to refer to this page.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma; mso-bidi-font-size: 8.5pt"><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB; mso-bidi-font-family: Tahoma; mso-bidi-font-size: 8.5pt">Open the SmitfraudFix folder and double-click smitfraudfix.cmd<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Select 2 and hit Enter to delete infect files.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="COLOR: black">A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="COLOR: black"> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Note:<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/>process.exe is detected by some antivirus programs<SPAN style="mso-spacerun: yes"> as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Rightclick on hijackthis exe file and rename it to hjt exe <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Post a fresh hijackthis log using hjt exe with rapport txt, and tell how your computer are behaving<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><SPAN lang=EN-GB style="COLOR: black; mso-ansi-language: EN-GB"><o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/19/2006 9:40 AM
#40728
User avatar

blizaine Member

Date Joined Nov 2016
Total Posts: 5
...okay heres the new log after running the fix <br/> <br/> <br/> <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 1:34:17 AM, on 12/19/2006 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe <br/>C:\Program Files\Windows Defender\MsMpEng.exe <br/>C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\explorer.exe <br/>C:\Documents and Settings\Administrator\Desktop\HijackThis.exe <br/> <br/>O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized <br/>O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" <br/>O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide <br/>O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" <br/>O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB <br/>O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab <br/>O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll <br/>O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe <br/>O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
Posted 12/19/2006 11:45 AM
#40729
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
<SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">Please download: <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><SPAN style="mso-spacerun: yes"> [color=#1991cf>http://swandog46.geekstogo.com/avenger.zip</FONT>[/url]<o:p></o:p> <br/> <br/> <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">by Swandog46 to your Desktop. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <o:p></o:p> <br/> <br/><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt">Start up Avenger. <SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt"> <br/><SPAN class=postbody>Check the 'Input script manually' option. <br/><SPAN class=postbody>Click the Magnifying Glass icon. <br/><SPAN class=postbody>In the box that opens, copy,then paste all the text in the quote box below. <o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt">Quote:<o:p></o:p> <br/> <br/>[table style="MARGIN-LEFT: 15pt; WIDTH: 100%; mso-cellspacing: 0cm; mso-padding-alt: 4.5pt 4.5pt 4.5pt 4.5pt" cellSpacing=0 cellPadding=0 width="100%" border=0] <br/>[tr ][td style="BORDER-RIGHT: #ffffff 0.75pt inset; PADDING-RIGHT: 4.5pt; BORDER-TOP: #ffffff 0.75pt inset; PADDING-LEFT: 4.5pt; BACKGROUND: #e0f4ff; PADDING-BOTTOM: 4.5pt; BORDER-LEFT: #ffffff 0.75pt inset; PADDING-TOP: 4.5pt; BORDER-BOTTOM: #ffffff 0.75pt inset"]<SPAN class=spnmessagetext><SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN class=spnmessagetext><SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: EN-GB"> <o:p></o:p> <br/> <br/><SPAN class=spnmessagetext><SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: EN-GB">Files to delete:<SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: EN-GB"> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">C:\WINDOWS\system32\rpcc.dll<SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: EN-GB"><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'Arial Unicode MS'"><o:p></o:p> <br/>[/td][/tr][/table]<SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt">Then click on 'Done'. <SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.5pt"> <br/><SPAN class=postbody>Click the Traffic Light icon to start the program. <br/><SPAN class=postbody>Then press OK at the prompts to reboot your PC. <br/> <br/><SPAN class=postbody>After the reboot,<SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt">After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Arial; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt"><o:p> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><FONT color=black>Rightclick on[/color] hijackthis exe [color=black>file] <FONT color=black>it to[/color] hjt [color=black>exe</FONT> <br/> <br/><o:p></o:p> [/color] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">[color=black>Post]hjt</b> exe with <FONT face=Arial>C:\avenger.txt[/color], and tell how your computer are behaving<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><BR style="mso-special-character: line-break"> <br/></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/19/2006 8:26 PM
#40750
User avatar

blizaine Member

Date Joined Nov 2016
Total Posts: 5
okay i followed the steps and when i click the green light icon a message appears ...selected file does not appear to be valid script.. and the error code is 1813
Posted 12/27/2006 5:46 AM
#41003
User avatar

snoopysbuddy Member

Date Joined Nov 2016
Total Posts: 1
Here's what I did to remove smitfraud-c. First, use spybot. Make sure to search for and download all updates before running the scan. The spybot scan will detect smitfraud-c and will remove all parts of it except for the rpcc.dll file. The easiest way is to remove it manually using Windows XP recovery console. <br/> <br/>To do so, take Windows XP setup CD and boot from it. Once the setup program comes up, you will have the option to press "R" (I think it's "R") to use the Recovery Console. Log on and when you get to the command prompt you can navigate to the \windows\system32 directory and delete the file. In case you don't know DOS commands, enter the following three commands in the prompt: <br/> <br/>cd \windows\system32 <br/>del rpcc.dll <br/>exit <br/> <br/>That should do it. Enjoy.
Posted 6/5/2008 8:15 PM
#62673
User avatar

Boring_Benji Member

Date Joined Nov 2016
Total Posts: 2
I removed Smitfraud easy with SuperAntiSpyware but my desktop is mess up:-( I got a big white box wich I do not know how to remove and when I try to change my desktop background this message pop up: <br/> <br/>Windows Internet Explorer: <br/>Cannot find the file:///C:/Windows/privacy_danger/index.htm'. Make sure the path or internet address is correct. <br/> <br/>What has that to do with my background??? <br/> <br/>The same massage appear when I lock and unlock the start thing (What its called in english) down in the bottom of my screen.
Posted 8/25/2008 8:58 PM
#65293
User avatar

Big Liam Advanced member

Date Joined Nov 2016
Total Posts: 42
Here's what will fix the problem: <br/> <br/> <br/>Download and run Spybot S&D, run it in safe mode to remove the first obvious traces of Smitfraud. <br/> <br/> <br/> <br/>Once that has completed, reboot and run spybot in safe mode again, just to be on the safe side. <br/> <br/> <br/> <br/>Once you are confident that Spybot has done its bit, download and run the following removal tool: http://www.bleepingcomputer.com/files/smitfraudfix.php <br/> <br/> <br/> <br/>Wait until your subscription with Bullguard has run out, then don't bother to renew it, just buy Kaspersky instead, I'm going to. <br/> <br/> <br/> <br/>I can't beleive Bullguard sat by and did SWEET F.A. while Smitfraud launched an attack on my machine... NOT IMPRESSED. <br/> <br/> <br/> <br/>I managed a full system recovery because I have a bit of experience with these sort of things, I can only imagine you guys with no experience completely trashing your systems with a trojan/viral infection that has been around for a while now that BG can't deal with. Call your local computer repair man and help pay his mortgage next month for him to remove it for you. <br/> <br/> <br/> <br/>I hope the 'tech guys' at BG are reading this one. Sorry, but you just lost a customer. <br/> <br/> <br/> <br/>In the meantime, I hope this post helps you if you're a poor BG subscriber who just got infected with Smitfraud. Goodbye BG, Hello Kaspersky..
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, December 8, 2016, 8:57 AM (GMT +1)
There are a total of 61,163 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 3 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Crawlerz.
There are currently no users on-line.