cancel
Showing results for 
Search instead for 
Did you mean: 

Smitfraud and Zlob virus probs

juliasdream
Grafter
Posts: 260
Registered: ‎09-06-2007

Smitfraud and Zlob virus probs

I just had a huge list of virus's and malware attacking my computer
AVG picked up 7 and even after having deleted them Spybot picked up a lot more which I also deleted
I am pleased to have back the use of Taskmanager and a few other tools which had been disabled although C: drive no longer appear in My Computer (it shows up in My Comp >R Click > Manage> Disk Management).
but I'm still unable to stop a couple of error messages that persist in popping up every so often.
One reads "Spyware alert"
Security Warning!
Worm Win32.Netbooster detected on your machine. This virus is distributed via the internet..............
type: virus
System effected: Windows 2000, NT, ME, XP, Vista
Security Risk (0-5): 5
Recommendations: Click yes to remove it from your PC immediately.
I dont do this because I believe it is there to mislead and probably takes me to a site that is infected.
The other one is
Windows Security alert
Windows has detected an internet attack attempt....
Click here to download spyware remover for your total protection
I wont click ok because I dont believe its a genuine Windows alert
Oh and theres a red corcle with a white cross in it that constantly flashes next to the clock with a bubble that appears saying "System Alert"
System detected virus activities........
On the other side of the clock are the words VIRUS ALERT!
Every now and then the browser opens up and trys to go to:
http://avg.urlseek.vmn.net/search.php?lg=en&mkt=en&type=dns&tb=ie&tbn=avg&q=www%2Eamazon%2Ecom

It looks like I'm still infected but I have no idea what. Whatever it is is being missed by AVG and Spybot
Can anyone please help?
Thanks
Btw, Itsa a Pentium M 715 running XP SP2
13 REPLIES 13
juliasdream
Grafter
Posts: 260
Registered: ‎09-06-2007

Re: Smitfraud and Zlob virus probs

And I've lost Control Panel again  Cry
samuria
Grafter
Posts: 1,581
Thanks: 3
Registered: ‎13-04-2007

Re: Smitfraud and Zlob virus probs

Its certainly seems infected try doing scans in safe mode ie press F8 at startup and choose safe mode. Often a lot of malware etc doesnt load in safe mode.
Second download free startup cpl from
http://www.mlin.net/StartupCPL.shtml
This gives you a list of startup programs you can untick any to stop them loading and tick them again to load.
Go through all the programs and disable any suspicions ones like any which dont have a directory of a software program. Mot vital ones if there are any will show a program directory like HP, Epson or other well know company.
close the program and then open it again and see if any you unticked have come back. Any malware or virus is likely to turn its self back on if it does then you need to find the progam in taskmanager and kill it so you can untick it again.
You can safely untick all of the startup as its easy to put them back. Once you have done that reboot and see if that clears it.
If it does then you need to delete the ones giving the problem but spybot avg may pick them up if they arnt running
Download free HijackThis from http://www.merijn.org/programs.php
this will give you a list of whats running and if you post the results we can see what the problem is there is some other good spyware removal stuff on the page as well
artificer
Grafter
Posts: 1,850
Registered: ‎11-08-2007

Re: Smitfraud and Zlob virus probs

this might help:

http://www.knoppix-std.org/
http://www.knoppix-std.org/tools.html
clamAV : virus scanner. update your signatures live with freshclam
if you are still able to download and burn an image to cd.  you boot the live cd and use clamav (update the dbase first) to scan the entire windows drive.  i'm not sure about its ability to scan the boot sector, but there are more tools on the disk than just clamav.  i've heard good reports about it.
juliasdream
Grafter
Posts: 260
Registered: ‎09-06-2007

Re: Smitfraud and Zlob virus probs

Quote from: samuria
Its certainly seems infected try doing scans in safe mode ie press F8 at startup and choose safe mode. Often a lot of malware etc doesnt load in safe mode.
Second download free startup cpl from
http://www.mlin.net/StartupCPL.shtml
This gives you a list of startup programs you can untick any to stop them loading and tick them again to load.
Go through all the programs and disable any suspicions ones like any which dont have a directory of a software program. Mot vital ones if there are any will show a program directory like HP, Epson or other well know company.
close the program and then open it again and see if any you unticked have come back. Any malware or virus is likely to turn its self back on if it does then you need to find the progam in taskmanager and kill it so you can untick it again.
You can safely untick all of the startup as its easy to put them back. Once you have done that reboot and see if that clears it.
If it does then you need to delete the ones giving the problem but spybot avg may pick them up if they arnt running
Download free HijackThis from http://www.merijn.org/programs.php
this will give you a list of whats running and if you post the results we can see what the problem is there is some other good spyware removal stuff on the page as well

Thanks
I hope that this is what you meant.
I copied the following from Hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31: VIRUS ALERT!, on 18/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\sony\vaio update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SpyZooka\spyzooka.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
G:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {3BB35E2E-9AE6-4FDE-A691-9E5BDBD93044} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?120963605...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: kvxqmtre - {D72A996F-5839-4BC6-9C3B-A62727981BC5} - (no file)
O21 - SSODL: evgratsm - {294182E7-3A77-465A-B932-1BA339CB3D57} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
--
End of file - 9490 bytes
Njal
Grafter
Posts: 290
Registered: ‎30-07-2007

Re: Smitfraud and Zlob virus probs

Try the good people at:
http://www.malwareremoval.com/
Regards,
Neil
juliasdream
Grafter
Posts: 260
Registered: ‎09-06-2007

Re: Smitfraud and Zlob virus probs

I just ran spybot again also AVG and only got the NNC.MGRS trojan which spybot has deleted.
My only problem now seems to be that the words VIRUS ALERT! appears in the taskbar to the right of the clock
I got back control panel ok but I still cant see drives C: & 😧 in My computer
First I'd like to be rid of the virus alert message in the taskbar
Then I'd like to get back C: and 😧 drive in My Computer
I'd also like to be sure that nothing is still lurking that could let those trojans back in
Any help apreciated
Thanks
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: Smitfraud and Zlob virus probs

Does Spybot delete viruses or just quarantine (I think it may depend on your settings). Can you delete the quarantined items
juliasdream
Grafter
Posts: 260
Registered: ‎09-06-2007

Re: Smitfraud and Zlob virus probs

I'm under the impression they delete trojans.
I think I'm rid of them anyway since computer is acting normal now
The only thing I'd like to learn how to do now is get back C: & 😧 drive to show up in My Computer
If any one can help with that I'd really apreciate it
Thanks
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: Smitfraud and Zlob virus probs

Try right click on My Computer them select Manage and then Disk Management (from memory as I am using Vista) - may help
juliasdream
Grafter
Posts: 260
Registered: ‎09-06-2007

Re: Smitfraud and Zlob virus probs

Quote from: Oldjim
Try right click on My Computer them select Manage and then Disk Management (from memory as I am using Vista) - may help

I tried that but couldnt find a suitable option
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: Smitfraud and Zlob virus probs

This is what I see on an XP machine
samuria
Grafter
Posts: 1,581
Thanks: 3
Registered: ‎13-04-2007

Re: Smitfraud and Zlob virus probs

If its saying virus in the taskbar you still have something running which maynot be picked up by Av as its running and hiding its self. If you can do a virus scan from safe mode or a boot disk this may find it. If you look through taskamager and see whats running you may be able to spot something strange and kill it. If you get the right one it will disappear from the task bar. If it does then you can delete it.
If you post the results from startup cpl we may be able to spot it.
You drives missing download Tweak UI
fromhttp://www.microsoft.com/windowsxp/Downloads/powertoys/Xppowertoys.mspx  that may be able to bring them back. It could be a virus has hidden them
Lucy
Grafter
Posts: 52
Registered: ‎06-04-2007

Re: Smitfraud and Zlob virus probs


Did you remember to disable System Restore?