Your private info is collected by W32.Sinnaka.A@mm

My friend Pc has been struck by strange virus and whenever he opens up the Internet Explorer he gets the following screen :

Attention! Your system is under control of remote computer with IP address 227.4.167.118. The remote computer has access to the following folders on your PC:
- \WINDOWS\System32
- \Program Files\Internet Explorer
- \My Documents
- Drive C:\ files
Click here to download official anti-spyware software

Your private info is collected by W32.Sinnaka.A@mm
 
Your IP address:
 82.194.62.22
 
Your Country:
 BH, Bahrain
 
They know you're using:
 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; InfoPath.1)

Operation System:
 OS Windows
 

Risk status for futher investigation:
 VERY HIGH RISK
 
Time of investigation:
 Mon Apr 24 12:03:41 PDT 2006
 

 Please can you assist in identifying and removing the virus?

Thanks
mahwal2002Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Nick DennyCommented:
There is removal instructions on Symantecs site here:

http://www.symantec.com/avcenter/venc/data/w32.sinnaka.a@mm.html

although it may not necessarily be that, thats the problem.

So heartily recommend a complete virus and spyware scan with up-to-date definitions.

It actually looks like a browser hijack diverting the start page to a particular page.
Any web page can read originating IP, browser status, country of origin (although not always accurate) etc etc.

See in the browser options what the start page has been changed to.

Good luck...   Nick
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Nick DennyCommented:
Also - whatever you do DO NOT click on the link "Click here to download official anti-spyware software" provided in that page
0
Nick DennyCommented:
... and finally - if that doesn't do the trick look here

http://www.spyware-removal-guideline.com/w32-sinnaka-aamm-removal
0
Captain_SpywareCommented:
There is another tool which is far more up to date than Smitrem called SmitfraudFix by S!Ri which removes most known variants of the Smitfraud trojan and the associated rogue programs.

Full instructions here:

http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/81/

Hope this helps if Smitrem doesn't deal with the problem anymore.

CS
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.