Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 200
  • Last Modified:

Your private info is collected by W32.Sinnaka.A@mm

My friend Pc has been struck by strange virus and whenever he opens up the Internet Explorer he gets the following screen :

Attention! Your system is under control of remote computer with IP address 227.4.167.118. The remote computer has access to the following folders on your PC:
- \WINDOWS\System32
- \Program Files\Internet Explorer
- \My Documents
- Drive C:\ files
Click here to download official anti-spyware software

Your private info is collected by W32.Sinnaka.A@mm
 
Your IP address:
 82.194.62.22
 
Your Country:
 BH, Bahrain
 
They know you're using:
 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; InfoPath.1)

Operation System:
 OS Windows
 

Risk status for futher investigation:
 VERY HIGH RISK
 
Time of investigation:
 Mon Apr 24 12:03:41 PDT 2006
 

 Please can you assist in identifying and removing the virus?

Thanks
0
mahwal2002
Asked:
mahwal2002
  • 3
1 Solution
 
Nick DennyCommented:
There is removal instructions on Symantecs site here:

http://www.symantec.com/avcenter/venc/data/w32.sinnaka.a@mm.html

although it may not necessarily be that, thats the problem.

So heartily recommend a complete virus and spyware scan with up-to-date definitions.

It actually looks like a browser hijack diverting the start page to a particular page.
Any web page can read originating IP, browser status, country of origin (although not always accurate) etc etc.

See in the browser options what the start page has been changed to.

Good luck...   Nick
0
 
Nick DennyCommented:
Also - whatever you do DO NOT click on the link "Click here to download official anti-spyware software" provided in that page
0
 
Nick DennyCommented:
... and finally - if that doesn't do the trick look here

http://www.spyware-removal-guideline.com/w32-sinnaka-aamm-removal
0
 
Captain_SpywareCommented:
There is another tool which is far more up to date than Smitrem called SmitfraudFix by S!Ri which removes most known variants of the Smitfraud trojan and the associated rogue programs.

Full instructions here:

http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/81/

Hope this helps if Smitrem doesn't deal with the problem anymore.

CS
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now