I have tried it several tiems as well, and rebooted my computer but it still remains the same and the back round of the text is in red. not sure what its asking?
Elite Member
I have tried it several tiems as well, and rebooted my computer but it still remains the same and the back round of the text is in red. not sure what its asking?
Elite Member
Is there another way i can fix the smitfruad?Originally Posted by VopThis
Senior Member (Canada)
When you clicked on the SmitfraudFix LINK, you must have selected 'Open' which attempts to download the file to a TEMP file location and then could not execute the 'process.exe file from there.
You need to click on the link and 'SAVE' it to your desktop.
Right-click on that desktop file and select 'EXTRACT ALL'.
Follow the install wizard and save the 'extracted' contents to a DEFAULT folder name on your DESKTOP. Run the fix from that FOLDER.
Elite Member
when ever i click on your link ultimate zip extractor appears when i click on the download folder. I saved it ot my desktop but it does the same thing.
Senior Member (Canada)
I cannot visualize what your issues and difficulty are. I can't even get a search match on the terms you used (unidentified application???):
http://www.google.ca/search?hl=en&q=...G=Search&meta=
Can you try downloading to another PC for transfer to a memory stick or similar (extracted folder) or try getting someone local to observe and/or assist for what you are trying to do? WE have not veen making any productive headway here for quite some time now.
Elite Member
I figured it out heres wat it gave me
SmitFraudFix v2.147
Scan done at 236.40, Sat 03/03/2007
Run from C:\Documents and Settings\Frankie\My Documents\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Frankie
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Frankie\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Frankie\FAVORI~1
C:\DOCUME~1\Frankie\FAVORI~1\Antivirus Test Online.url FOUND !
C:\DOCUME~1\Frankie\FAVORI~1\Online Security Test.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\SpyDawn\ FOUND !
C:\Program Files\ZipCodec\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.thelighthousechurch.org/clientImages/24264/lighthouse033.jpg"
"SubscribedURL"="http://www.thelighthousechurch.org/clientImages/24264/lighthouse033.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Senior Member (Canada)
STEP # 2 - Cleaning
Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
Download and install AVG Anti-Spyware 7.5 (AVG AS - previously known as Ewido anti-spyware 4.0) (uninstall any previous version first).
- Click the Download BUTTON. On the next page click the Download now BUTTON.
- Save and then install (Run) from the save location.
- Open/Run AVG Anti-Spyware
- Wait a few moments and AVG Anti-Spyware should Auto update itself (note date of last update). If it doesn't update, click the update ICON at top of screen:
- Click on the Update now LINK at the top of the window
- Click on the Start update button
- Wait for the update to download and install
- This is very important to get the LATEST updates
- Click on the Status ICON
- Under "Your computers Security"
Click change status on Resident shield to inactive (ONLY consider activation of that feature once you are clean)- Click on the Scanner ICON at the top of the window
- Click on the Settings tab then select Recommended Actions and choose Quarantine
- When updating has finished. Close AVG Anti-Spyware.
We will be using this tool in a later step.
Reboot your computer in Safe Mode.______________________________
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________
Clean out your Temporary Internet files. Proceed like this:Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.
- Quit Internet Explorer and quit any instances of Windows Explorer.
- Click Start, click Control Panel, and then double-click Internet Options.
- On the General tab, click Delete Files under Temporary Internet Files.
- In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
- On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
- Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
- Click OK.
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware , and run a full scan:
- Click on the default Status ICON and select the Scan now LINK.
OR
- Click on the Scanner ICON . Select the Scan TAB.
- Select Complete System Scan. AVG Anti-Spyware will now begin to scan your system.
- If AVG Anti-Spyware finds anything it will list them in the Preview WINDOW:
- Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
- Select Apply all actions at the bottom of the window (and the items found will be quarantined – and recoverable, if any items are needed back).
- When the scan has completed, click on the Save Scan Report button and save the scan to your Desktop where it can be easily found.
- Copy and paste the AVG Anti-Spyware scan results into your next post.
- Close AVG Anti-Spyware.
______________________________
SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:
----------No items specified
Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.
______________________________
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________
Reboot in Normal Mode.
Please post (preferably not file attachments, please):
- c:\rapport.txt
- AVG Anti-Spyware log
- A new HijackThis log AND any current observations
Elite Member
Clean out your Temporary Internet files. Proceed like this:
Quit Internet Explorer and quit any instances of Windows Explorer.
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.
Ok im printing it out i will get back to you once i have completed this step. Also for the temporary files i have the cccleaner i have installed a while back should i used that as well?
Elite Member
Here is the AVG scan report!
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 1:33:34 AM 3/4/2007
+ Scan result:
C:\System Volume Information\_restore{54E94CE3-88C7-445D-943C-86BF2B7D90EA}\RP1122\A0791983.dll -> Adware.VirusRescue : Cleaned.
C:\System Volume Information\_restore{54E94CE3-88C7-445D-943C-86BF2B7D90EA}\RP1122\A0791984.exe -> Adware.VirusRescue : Cleaned.
C:\System Volume Information\_restore{54E94CE3-88C7-445D-943C-86BF2B7D90EA}\RP1092\A0747033.dll -> Adware.WorldSecurityOnline : Cleaned.
C:\System Volume Information\_restore{54E94CE3-88C7-445D-943C-86BF2B7D90EA}\RP1122\A0791985.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : Cleaned.
C:\Documents and Settings\Lisa\Cookies\lisa@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Lisa\Cookies\lisa@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Lisa\Cookies\lisa@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Lisa\Cookies\lisa@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Lisa\Cookies\lisa@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Lisa\Cookies\lisa@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Lisa\Cookies\lisa@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Lisa\Cookies\lisa@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
Elite Member
Here is also the smitfraud report in safe mode!
SmitFraudFix v2.147
Scan done at 22:05:07.92, Sat 03/03/2007
Run from C:\Documents and Settings\Frankie\My Documents\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\DOCUME~1\Frankie\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\Frankie\FAVORI~1\Online Security Test.url Deleted
C:\Program Files\SpyDawn\ Deleted
C:\Program Files\ZipCodec\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
