reyeuro
asked on
URGENTLY NEED YOUR HELP - I was looking at some porn sites
They said to play this video you need to download a codec, so I said okay and it downloaded lots of crap I didn't know about, I seem to have gotten rid of most of it but cannot get rid of a QUESTION MARK (Yellow) that flips back and forth with a GRAY CIRCLE and YELLOW X in it, this icon flips back and forth WARNING that I need virus protection and when I click on it it links to a website that sells me JUST the PROTECTION I need. How do I get rid of this BEAST!
try HiJackThis (http://www.majorgeeks.com/download3155.html)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
rpggamergirl DID IT AGAIN! Everytime I have come here with this type of problem, YOU rpggamergirl have had the most expedient answer to the problem, THANKS A MILLION TIMES OVER...I went to the SmitfraudFix link you provided and followed the instructions and BAM! Problem SOLVED!! Ciao
ASKER
I followed your instructions ONLY I did not do so in SAFE MODE somehow overlooked that! Here is the Rapport.txt report:
SmitFraudFix v2.119
Scan done at 16:05:10.68, Fri 11/03/2006
Run from C:\Documents and Settings\Rey\Local Settings\Temp\SmitfraudFix \Smitfraud Fix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWA RE\Microso ft\Windows \CurrentVe rsion\Expl orer\Share dTaskSched uler]
"{11853d5f-f894-4cc7-bbc3- fc7a9dcfd8 96}"="bons pells"
[HKEY_CLASSES_ROOT\CLSID\{ 11853d5f-f 894-4cc7-b bc3-fc7a9d cfd896}\In ProcServer 32]
@="C:\WINDOWS\system32\okk mtv.dll"
[HKEY_LOCAL_MACHINE\Softwa re\Classes \CLSID\{11 853d5f-f89 4-4cc7-bbc 3-fc7a9dcf d896}\InPr ocServer32 ]
@="C:\WINDOWS\system32\okk mtv.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
C:\WINDOWS\system32\okkmtv .dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\system32\okkmtv .dll -> Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
SmitFraudFix v2.119
Scan done at 16:05:10.68, Fri 11/03/2006
Run from C:\Documents and Settings\Rey\Local Settings\Temp\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWA
"{11853d5f-f894-4cc7-bbc3-
[HKEY_CLASSES_ROOT\CLSID\{
@="C:\WINDOWS\system32\okk
[HKEY_LOCAL_MACHINE\Softwa
@="C:\WINDOWS\system32\okk
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
C:\WINDOWS\system32\okkmtv
C:\WINDOWS\system32\okkmtv
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Smitfraudfix works in normal mode too but it's recommended to run it in safe mode so there's not much chance of the infection fighting back and respawning.
You could also run smitfraudfix option 3 in normal mode to clear the trusted zone, some variant of smitfraud insert entries there.
Thanks for posting the rapport.txt, it shows that it took care of the files found and no new variant so that's good.
If you like to post a hijackthis log I'll check to make sure smitfraud entries are gone.
Thanks for the points! and the Excellent grading!
You could also run smitfraudfix option 3 in normal mode to clear the trusted zone, some variant of smitfraud insert entries there.
Thanks for posting the rapport.txt, it shows that it took care of the files found and no new variant so that's good.
If you like to post a hijackthis log I'll check to make sure smitfraud entries are gone.
Thanks for the points! and the Excellent grading!
ASKER