Solved

URGENTLY NEED YOUR HELP - I was looking at some porn sites

Posted on 2006-11-03
6
288 Views
Last Modified: 2010-04-11
They said to play this video you need to download a codec, so I said okay and it downloaded lots of crap I didn't know about, I seem to have gotten rid of most of it but cannot get rid of a QUESTION MARK (Yellow) that flips back and forth with a GRAY CIRCLE and YELLOW X in it, this icon flips back and forth WARNING that I need virus protection and when I click on it it links to a website that sells me JUST the PROTECTION I need.  How do I get rid of this BEAST!
0
Comment
Question by:reyeuro
  • 3
  • 2
6 Comments
 

Author Comment

by:reyeuro
ID: 17870923
Oh BTW I already ran Yahoo Spyware scan and AVG Anti Virus...this thing just keeps popping up screens to buy it's products...I also went to RUN > MSCONFIG > START UP > and DISABLE ALL this thing keeps coming back I am SO MAD AT MYSELF FOR FALLING FOR THIS CRAP
0
 
LVL 3

Expert Comment

by:sow56091
ID: 17870929
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 17871070
Hi,
That's variant of smitfraud infection!

letting us look at your hijackthis log is a great start, and to check if it comes with a new variant.

Anyway the fix is this:
Please download SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from the options listed.
 
Once in Safe Mode, open the SmitfraudFix folder again and double-click
smitfraudfix.cmd
 
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
 
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
 
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
 
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 

Author Comment

by:reyeuro
ID: 17871266
rpggamergirl DID IT AGAIN!  Everytime I have come here with this type of problem, YOU rpggamergirl have had the most expedient answer to the problem, THANKS A MILLION TIMES OVER...I went to the SmitfraudFix link you provided and followed the instructions and BAM!  Problem SOLVED!! Ciao
0
 

Author Comment

by:reyeuro
ID: 17871275
I followed your instructions ONLY I did not do so in SAFE MODE somehow overlooked that!  Here is the Rapport.txt report:

SmitFraudFix v2.119

Scan done at 16:05:10.68, Fri 11/03/2006
Run from C:\Documents and Settings\Rey\Local Settings\Temp\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells"

[HKEY_CLASSES_ROOT\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="C:\WINDOWS\system32\okkmtv.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="C:\WINDOWS\system32\okkmtv.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\okkmtv.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\system32\okkmtv.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17871515
Smitfraudfix works in normal mode too but it's recommended to run it in safe mode so there's not much chance of the infection fighting back and respawning.

You could also run smitfraudfix option 3 in normal mode to clear the trusted zone, some variant of smitfraud insert entries there.

Thanks for posting the rapport.txt, it shows that it took care of the files found and no new variant so that's good.
If you like to post a hijackthis log I'll check to make sure smitfraud entries are gone.


Thanks for the points! and the Excellent grading!
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question