?
Solved

URGENTLY NEED YOUR HELP - I was looking at some porn sites

Posted on 2006-11-03
6
Medium Priority
?
294 Views
Last Modified: 2010-04-11
They said to play this video you need to download a codec, so I said okay and it downloaded lots of crap I didn't know about, I seem to have gotten rid of most of it but cannot get rid of a QUESTION MARK (Yellow) that flips back and forth with a GRAY CIRCLE and YELLOW X in it, this icon flips back and forth WARNING that I need virus protection and when I click on it it links to a website that sells me JUST the PROTECTION I need.  How do I get rid of this BEAST!
0
Comment
Question by:reyeuro
  • 3
  • 2
6 Comments
 

Author Comment

by:reyeuro
ID: 17870923
Oh BTW I already ran Yahoo Spyware scan and AVG Anti Virus...this thing just keeps popping up screens to buy it's products...I also went to RUN > MSCONFIG > START UP > and DISABLE ALL this thing keeps coming back I am SO MAD AT MYSELF FOR FALLING FOR THIS CRAP
0
 
LVL 3

Expert Comment

by:sow56091
ID: 17870929
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 2000 total points
ID: 17871070
Hi,
That's variant of smitfraud infection!

letting us look at your hijackthis log is a great start, and to check if it comes with a new variant.

Anyway the fix is this:
Please download SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from the options listed.
 
Once in Safe Mode, open the SmitfraudFix folder again and double-click
smitfraudfix.cmd
 
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
 
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
 
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
 
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 

Author Comment

by:reyeuro
ID: 17871266
rpggamergirl DID IT AGAIN!  Everytime I have come here with this type of problem, YOU rpggamergirl have had the most expedient answer to the problem, THANKS A MILLION TIMES OVER...I went to the SmitfraudFix link you provided and followed the instructions and BAM!  Problem SOLVED!! Ciao
0
 

Author Comment

by:reyeuro
ID: 17871275
I followed your instructions ONLY I did not do so in SAFE MODE somehow overlooked that!  Here is the Rapport.txt report:

SmitFraudFix v2.119

Scan done at 16:05:10.68, Fri 11/03/2006
Run from C:\Documents and Settings\Rey\Local Settings\Temp\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells"

[HKEY_CLASSES_ROOT\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="C:\WINDOWS\system32\okkmtv.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="C:\WINDOWS\system32\okkmtv.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\okkmtv.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\system32\okkmtv.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17871515
Smitfraudfix works in normal mode too but it's recommended to run it in safe mode so there's not much chance of the infection fighting back and respawning.

You could also run smitfraudfix option 3 in normal mode to clear the trusted zone, some variant of smitfraud insert entries there.

Thanks for posting the rapport.txt, it shows that it took care of the files found and no new variant so that's good.
If you like to post a hijackthis log I'll check to make sure smitfraud entries are gone.


Thanks for the points! and the Excellent grading!
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question