smithfraud virus + pc locking up in safe mode = me punching babies

NYSpeed Automotive NYSpeed Off Topic
1

ok so the other day i was searching for shit on google … spelling error + me not paying attention = me winding up getting slammed w/ porn pop ups … and i knew i was fucked …

no worries tho … cause i have Mcafe … well, the aol version of mcafee …

its always just been chillin down in the corner …

but after all the pop ups, i get the pop up that says "hey bitch, mcafee detected shit, go scan your shit …

click the little icon for it … this shouldnt take long …

um yea … apparently despite being a valid aol member, who has registered in order to use aol’s mcafee, it refuses to log me in !!!

try again and again, reregister all my screennnames … no dice

time to hit up the free virus scans … they find NOTHING … untill i run trendmicro … it finds a bunch of shit, but locks up every time it goes to remove the probs it found

so i go hunting around the interweb, find the fix for smitfraud virus’s … download the stuffs, follow directions, attempt to restart in safe mode for teh second part of the instructions … safe mode gets as far as the login screens … and thats where it locks up …

fuck it, ill do it in full mode …

that fails … not all the problems are fixable in full mode, so the virus returns to normal afterwards …

cliffs:

i want to punch babies
i want to stab the makers of the free virus scans - cause they are worthless right now
aol products work just as good as always … i especially love having to use aol explorer to try to register aol’s mcafee … its as good as a quadrapalegic hooker
yay for having to creat an msn explorer account because the virus’s kept aol and IE from starting … i REALY like having msn’s extra crap around the sides make the webpage undersized and WITHOUT scroll bars so i can see everything

edit: yay for trendmirco closing itself for no reason just now … was hoping it would work this time, but instead it decided to suck at life some more

/rant

help appreciated

2

try AVG :slight_smile: hands down best virus software I’ve ever used. f’ mcafee IMO

oh, and I’ve never heard of that virus personally, but something to try… if it’s a java virus atleast… go into the java tools under control panel and empty your cache (that might take care of it)

edit: google is your friend :stuck_out_tongue:
edit:2 n/m… let me look

edit:3 google is your friend again lol

http://www.antivirusworld.com/articles/virus/smitfraud.php

3

Virus’s do like to protect themselves ya know. :slight_smile:

4

HijackThis is pretty good if you know how to use it

5

3 letters

A V G

give it a try if you didnt yet.

6

http://www.avast.com/

7

hotmale.com?

8

i use the AVG free version and love it

9

thats what u get for

A : )using aol
B : )using mcaffe

i got avd 7 if u want it, gimmie ur email and ill shoot it over, its the pre ver too.

10

avg found one infected file

it was deleated

i still have the virus

email is nissan240sxpos@aol.com

11

a

12

download HijackThis, run the scan, and save the logfile and post it on here. ill take a look at it. all the crazy virus’s i’ve had, ive fixed with hijackthis

13

Logfile of HijackThis v1.99.1
Scan saved at 6:44:59 PM, on 6/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
D:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
D:\Program Files\Common Files\AOL\1135210767\ee\services\sscFirewallPlugin\ver1_205_1_1\aolavupd.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\dcomcfg.exe
D:\WINDOWS\system32\atmclk.exe
D:\WINDOWS\System32\igfxtray.exe
D:\WINDOWS\System32\hkcmd.exe
D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
D:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
D:\Program Files\Common Files\AOL\1135210767\ee\aolsoftware.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\Program Files\mcafee.com\antivirus\oasclnt.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\America Online 9.0\waol.exe
d:\program files\common files\aol\1135210767\ee\services\sscAntiSpywarePlugin\ver1_205_1_1\AOLSP Scheduler.exe
d:\program files\common files\aol\1135210767\ee\aolssc.exe
D:\Program Files\Grisoft\AVG Free\avgwb.dat
D:\Program Files\America Online 9.0\shellmon.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BIMKXV20\hijackthis[1]\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - D:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - D:\Program Files\Security Toolbar\Security Toolbar.dll
O4 - HKLM…\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM…\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM…\Run: [Pure Networks Port Magic] “D:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe” -Run
O4 - HKLM…\Run: [QuickTime Task] “D:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM…\Run: [LogitechGalleryRepair] D:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM…\Run: [LogitechImageStudioTray] D:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM…\Run: [ISUSPM Startup] “D:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup
O4 - HKLM…\Run: [ISUSScheduler] “D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM…\Run: [HostManager] D:\Program Files\Common Files\AOL\1135210767\ee\AOLSoftware.exe
O4 - HKLM…\Run: [sscRun] D:\Program Files\Common Files\AOL\1135210767\ee\services\sscFirewallPlugin\ver1_205_1_1\SSCRun.exe
O4 - HKLM…\Run: [OASClnt] D:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM…\Run: [EmailScan] D:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM…\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU…\Run: [MSMSGS] “D:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [AOL Fast Start] “D:\Program Files\America Online 9.0\AOL.EXE” -b
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - D:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - D:\Program Files\Common Files\AOL\1135210767\ee\services\sscFirewallPlugin\ver1_205_1_1\aolavupd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - D:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe

14

ok, im checking the log out now. do you have AIM? would be easier to communicate with u

15

i have aim, but ive been outside all day, so thats not gonna work to well

16

1st thing first, have u tried doing a system restore to see if it’d help?

17

you can try this first:

Right click your desktop, choose properties, under the desktop tab click the “Customize desktop” button under the Web tab remove all the pages entries from there except the “My Current Home Page” and OK your way out.

if that doesnt work, start the hijackthis program, scan the computer, then check the following items:

-O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - D:\WINDOWS\system32\hp100.tmp

-O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)

-O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

i didnt really see much wrong with the logfile, but do all that, then see if that does anything. if u still have problems, restart your computer, then run hijackthis and post another log. we’ll see if anything new pops up

18

atmclk.exe is part of the problem … will play with thise more later tho …

19

have you tried running a spyware scanner yet? I did some reading earlier and it said that the virus you have is an adware joint

20

When all else fails, format and forget. :stuck_out_tongue: