[tbeatham]

I am running XP Home edition together with Mcafee and Zonealarm but last night whilst I thought I was offline i suddenly noticed three new icons on my screen which I promptly deleted. I then received the following virus alerts which cannot be cleaned.

I ran a scan of my system which revealed a number viruses of which only some could be cleaned leaving the following to get rid of.

c:\windows\system32\hhk.dll - Puper.dll
c:\windows\system32\shnlog.exe\shnlog.exe\000126000.exe
c:\windows\system32\hp633E.tmp
c:\windows\system32\msole32.exe\MSOLE32.exe - Adclicker CJ
c:\windows\system32\intmon.exe
c:\windows\system32\hp6FA2

I cannot find any of these files when I have looked in my system.

I also have the dreaded blue screen of death displayed in the background of my pc - i.e. I can still see all my icons. The message reads.

Fatal error 0028:C0011E36 in VXD VMM(01) + 00010E36. Error was caused by Trojan-Spy.html.Smitfraud.c
System cannot function in normal mode. Please check your security settings. Scan your PC with any available antivirus/spyware remover program to fix the problem.

It would appear that my system is infected with some form of ad program as I cannot get to the internet now as bring up some crap banner all the time now.
Please, Please, Please can anyone help as it is frustrating that I only find the Adclicker-CJ on the Mcafee website and nothing else so am at a loss how to remove them and get my system back to normal.
Thank you in anticipation of your help

[khazars]

hi, welcome to TSG.

Download hijack this from the link below.


IMPORTANT! Move Hijack this from the Temp or from the Desktop to it's own folder!

Make a new folder in C:\ and call it Hijack this, and Save hijack this to
this folder so that it runs properly and can make back ups. Click scan,
then save the log and post it here so we can take a look at it for you.


http://www.majorgeeks.com/downloads31.html


download and run ccleaner.

http://www.ccleaner.com/



Run an online antivirus check from

http://www.kaspersky.com/beta?product=161744315

you will need to input a name
and email adress but anyone will do & then acccept an active X control IT IS
SAFE to do so LET IT FIX WHATEVER IT FINDS

Run an online antivirus check from at least one and preferably 2 of the following sites....
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/
http://support.f-secure.com/enu/home/ols.shtml

make sure autoclean is enabled on the scans

If it says any files can't be cleaned, delete them




Now reboot to safe mode find and delete these files if there?

How to boot to safe mode

http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

Because XP will not always show you hidden files and folders by default,
Go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden
files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools > Folder Options. Click on the View
tab and make sure that "Show hidden files and folders" is checked. Also
uncheck "Hide protected operating system files" and "Hide extensions for
known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"


c:\windows\system32\hhk.dll - Puper.dll
c:\windows\system32\shnlog.exe\shnlog.exe\000126000.exe
c:\windows\system32\hp633E.tmp
c:\windows\system32\msole32.exe\MSOLE32.exe - Adclicker CJ
c:\windows\system32\intmon.exe
c:\windows\system32\hp6FA2


reboot again post a fresh HJT log