Solved

URGENTLY NEED YOUR HELP - I was looking at some porn sites

Posted on 2006-11-03
6
283 Views
Last Modified: 2010-04-11
They said to play this video you need to download a codec, so I said okay and it downloaded lots of crap I didn't know about, I seem to have gotten rid of most of it but cannot get rid of a QUESTION MARK (Yellow) that flips back and forth with a GRAY CIRCLE and YELLOW X in it, this icon flips back and forth WARNING that I need virus protection and when I click on it it links to a website that sells me JUST the PROTECTION I need.  How do I get rid of this BEAST!
0
Comment
Question by:reyeuro
  • 3
  • 2
6 Comments
 

Author Comment

by:reyeuro
ID: 17870923
Oh BTW I already ran Yahoo Spyware scan and AVG Anti Virus...this thing just keeps popping up screens to buy it's products...I also went to RUN > MSCONFIG > START UP > and DISABLE ALL this thing keeps coming back I am SO MAD AT MYSELF FOR FALLING FOR THIS CRAP
0
 
LVL 3

Expert Comment

by:sow56091
ID: 17870929
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 17871070
Hi,
That's variant of smitfraud infection!

letting us look at your hijackthis log is a great start, and to check if it comes with a new variant.

Anyway the fix is this:
Please download SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from the options listed.
 
Once in Safe Mode, open the SmitfraudFix folder again and double-click
smitfraudfix.cmd
 
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
 
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
 
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
 
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:reyeuro
ID: 17871266
rpggamergirl DID IT AGAIN!  Everytime I have come here with this type of problem, YOU rpggamergirl have had the most expedient answer to the problem, THANKS A MILLION TIMES OVER...I went to the SmitfraudFix link you provided and followed the instructions and BAM!  Problem SOLVED!! Ciao
0
 

Author Comment

by:reyeuro
ID: 17871275
I followed your instructions ONLY I did not do so in SAFE MODE somehow overlooked that!  Here is the Rapport.txt report:

SmitFraudFix v2.119

Scan done at 16:05:10.68, Fri 11/03/2006
Run from C:\Documents and Settings\Rey\Local Settings\Temp\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells"

[HKEY_CLASSES_ROOT\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="C:\WINDOWS\system32\okkmtv.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="C:\WINDOWS\system32\okkmtv.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\okkmtv.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\system32\okkmtv.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17871515
Smitfraudfix works in normal mode too but it's recommended to run it in safe mode so there's not much chance of the infection fighting back and respawning.

You could also run smitfraudfix option 3 in normal mode to clear the trusted zone, some variant of smitfraud insert entries there.

Thanks for posting the rapport.txt, it shows that it took care of the files found and no new variant so that's good.
If you like to post a hijackthis log I'll check to make sure smitfraud entries are gone.


Thanks for the points! and the Excellent grading!
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now