?
Solved

URGENTLY NEED YOUR HELP - I was looking at some porn sites

Posted on 2006-11-03
6
Medium Priority
?
291 Views
Last Modified: 2010-04-11
They said to play this video you need to download a codec, so I said okay and it downloaded lots of crap I didn't know about, I seem to have gotten rid of most of it but cannot get rid of a QUESTION MARK (Yellow) that flips back and forth with a GRAY CIRCLE and YELLOW X in it, this icon flips back and forth WARNING that I need virus protection and when I click on it it links to a website that sells me JUST the PROTECTION I need.  How do I get rid of this BEAST!
0
Comment
Question by:reyeuro
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 

Author Comment

by:reyeuro
ID: 17870923
Oh BTW I already ran Yahoo Spyware scan and AVG Anti Virus...this thing just keeps popping up screens to buy it's products...I also went to RUN > MSCONFIG > START UP > and DISABLE ALL this thing keeps coming back I am SO MAD AT MYSELF FOR FALLING FOR THIS CRAP
0
 
LVL 3

Expert Comment

by:sow56091
ID: 17870929
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 2000 total points
ID: 17871070
Hi,
That's variant of smitfraud infection!

letting us look at your hijackthis log is a great start, and to check if it comes with a new variant.

Anyway the fix is this:
Please download SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from the options listed.
 
Once in Safe Mode, open the SmitfraudFix folder again and double-click
smitfraudfix.cmd
 
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
 
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
 
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
 
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:reyeuro
ID: 17871266
rpggamergirl DID IT AGAIN!  Everytime I have come here with this type of problem, YOU rpggamergirl have had the most expedient answer to the problem, THANKS A MILLION TIMES OVER...I went to the SmitfraudFix link you provided and followed the instructions and BAM!  Problem SOLVED!! Ciao
0
 

Author Comment

by:reyeuro
ID: 17871275
I followed your instructions ONLY I did not do so in SAFE MODE somehow overlooked that!  Here is the Rapport.txt report:

SmitFraudFix v2.119

Scan done at 16:05:10.68, Fri 11/03/2006
Run from C:\Documents and Settings\Rey\Local Settings\Temp\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells"

[HKEY_CLASSES_ROOT\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="C:\WINDOWS\system32\okkmtv.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="C:\WINDOWS\system32\okkmtv.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\okkmtv.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\system32\okkmtv.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17871515
Smitfraudfix works in normal mode too but it's recommended to run it in safe mode so there's not much chance of the infection fighting back and respawning.

You could also run smitfraudfix option 3 in normal mode to clear the trusted zone, some variant of smitfraud insert entries there.

Thanks for posting the rapport.txt, it shows that it took care of the files found and no new variant so that's good.
If you like to post a hijackthis log I'll check to make sure smitfraud entries are gone.


Thanks for the points! and the Excellent grading!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
Let's recap what we learned from yesterday's Skyport Systems webinar.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question