Solved: Trojan/Virus problem

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

wacor

Thread Starter
Banned
Joined
Feb 22, 2005
Messages
27,340
I am not sure if i am posting this in the correct spot but my computer at work has a problem. I have a dial up connection and us AOL as my ISP. When i started up the computer this am it was making all kinds of noise like it was processing data. I rebotted the computer and everything works fine except>>>>

When I rried to get on the internet AOL would not show the start up screen. I fiddled around a bit and ended up figuring that I would have reload the software which i did. It acts like it wants to start but then the stuff that is loading just disappears and then a message comes on saying there was a problem with the connection and asking to continue or sign off. If you tell it to continue another message comes on that says there is a problem and to reload the software.

I then checked for virus using Norton and nothing shows up but then did a Spy Bot search and it found a couple of problems. one was a firewall/disable/notify which it indicated was fixed.

the other problem was a Smithfraud-C.: User settings which it could not fix.

This 2nd problem said it was in the registry as follows

HKEY_USERS\S-1-5-212094868747 etc \Software\Microsoft\Windows\Current Version\
Internet Settings\Zone Map\Domains\free-spy-cam.net\*!=W=4

I went into the registry and there were several things in the in the domains. I deleted them although not sure if i should have.

One question is there a problem deleting all these domains??

And does anybody know how to get rid of this Trojan.

I have cleaned up all I can think of

Thanks in advance for any help
 
Joined
Mar 18, 2005
Messages
3,390
Good Morning Wacorsaut, that appears to be a real nuisance problem, I notice there is an apparent removal method here http://elamb.blogharbor.com/hacked/removesmithfraud.htm

In that so much potential effect can be created and possibly leave traces, or other missed possible corruptions, I usually prefer to clean the drive and clean reload the operating system when these kinds of things have invaded the machine.
It is not uncommon to find the A/V has also been crippled by some of these kinds of things.
You could try a small simple free antivirus program, "smartcop". http://www.s-cop.com/free-scanner.html
It can be run from a flashdrive or whatever, it does not install like a normal program or update. A very handy little program for quick checking.
Others may have different ideas.

It is times like this that it is nice to use Puppy Linux.
Cheers, qldit.
 

wacor

Thread Starter
Banned
Joined
Feb 22, 2005
Messages
27,340
I had seen that post you refered to earlier. I am always leery of doing a search on any site that pops up on a google search. Never sure if those could be scam suggestions or not.

I was going to try that if anybody else thought it made sense. REALLY do not want to clean and resinstall as it takes so much time

thanks

Bill
 
Joined
Mar 18, 2005
Messages
3,390
G'day Bill, yes the problem with these really invasive kinds of things is that there usually is no simple removal tool and the info at hand may not be the full rectification procedure.
That is why I usually just start again. The people responsible should rot in hell!
As a matter of interest did you have Spybot S&D and Adaware loaded, and which A/V might you have been using?
qldit.
 

wacor

Thread Starter
Banned
Joined
Feb 22, 2005
Messages
27,340
i did not have adaware loaded but i did have Spy Bot which is how i detected it. somehow and this is twice in a week a virus got on my computer. the last one was SpyAxe which i was able to get rid of with some help

both times i had Norton Security Center up and running a up to date!! also had my Windows up to date. I am a bit concerned about my vulnerability right now with regard to certain sites becoming un enccripted based on what i have seen about Smitfraud.

So I am not sure what to do. I really do not want to have to go thru the hassle of downloading all the software etc. if i reinstall windows. and i assume a windows repair would not get rid of this stuff either. these people that do this need to get a life and i wish there was a way to punish them
 
Joined
Mar 18, 2005
Messages
3,390
Yes it is really terrible what can happen!
I personally am not impressed with Norton, I suspect it may be purposely targetted by some of these programs. I have found from experience that it commonly happens that the worst affected machines have Norton installed, I don't believe it is coincidental.
I would have to agree that a repair would not help much.
See what that smarcop finds, it is a little "terrier" I am most impressed with it and use it a lot.
Sorry I am no major help for you reference repairing your system.
I originally found with these kinds of problems after invasion was that the probability of other effects appearing at later times was always present.
You have no idea what it is like using this Puppy Linux, I don't even have an A/V loaded and it is such a breath of fresh air operating it.
It is a terrible shame that windows is so incredibly vulnerable, it really is a cash cow for all the parasitic programs needed to try to protect it..
There are some pretty cluey people on this site that will have other ideas..
Cheers, qldit.
 
Joined
Mar 18, 2005
Messages
3,390
Good Morning Pugmug, I just read your information about possible spyware or whatever included with "smartcop". I have never had any problem or seen any messages derived from systems I have used it on.
I have been using it for a couple of years.
(I am amazed to see that suspicion might exist)
I have carried out multiple passes with half a dozen or so A/Vs on some machines with difficult to determine problems and always found smartcop highly reliable as a simple quick efficient testing tool.
As you are aware the limits of some of these programs are different, some are broader with their definitions into other malware areas, smartcop appears to pick a lot of things others miss, including basic viral signatures.
It is interesting that sometimes having another A/V running in monitor mode and running a program like smartcop as a scan simultaneously, will cause a hidden viral signature to register in the monitoring program, but these have always been in non-related files already in the machine, often hidden worms and things like that which have been identified only as they were scanned and only by a second monitor system.
I have never had any malware or other problems sensed as being present in Smartcop. I have often found other A/V systems heavilly contaminated with viral or malware signatures using smartcop. I formed the opinion that many problems were introduced into systems in updates, possibly by undetectable separated portions recombining at a later time.
That was one of my major attractions to it, no updating, no installation.
I usually have it on a flashdrive and run it from there, but I also have it on a burned CD for those absolutely virus riddled machines.
I haven't seen a firewall or other disabling call made by it.
With viral clearance if you are given a heavily infected machine (thousands of different type replications) it is common to find the installed A/V full of viral problems yet many still appear to run without detecting anything.
On occasions if a different A/V is then installed it also commonly gets overrun.
You would appreciate that this smartcop is stand-alone so it has immediate benefit.

Would you allow me to direct the antiviral organisation to read and copy these posts as I am quite sure they will be extremely interested in any problem possibility and will give a technical answer.
They are an Indian organisation and appear to have the highest integrity.
Thanks for the info. Cheers qldit.
 

pugmug

Banned
Joined
Jun 13, 2005
Messages
2,857
Feel free to send the post to anyone you choose and thank you for doing so. I would like to try the smartcop program but have not due to this problem, so any answers they come up with will make for interesting reading. Have a good day.
 
Joined
Mar 18, 2005
Messages
3,390
Good Evening pugmug, I have passed the relevant information to "smartcop" and await their response.
Thankyou qldit.
 
Joined
Dec 30, 2005
Messages
2
Hello everyone! I am Avnish Dass from AvSoft Technologies, the developer of SmartCOP range of anti-virus products.

Firstly we would like to assure you that SmartCOP Free scanner is a standalone utility and will not do anything online. It is different from online scanners as it can be taken to PCs that do not have an Internet connection.

As for MultiBot Pro being detected by MSAS, it is a common problem with most anti-spyware applications. These applications detect a certain behavior and report it as a spyware, without confirming whether it is actually a spyware or not. The same is happening with SmartCOP.

SmartCOP Free scanner that detects and eradicates ALL known viruses. Apart from this it also performs a simple immunization of the system that prevents many viruses and worms from entering the PC. In this technique, SmartCOP creates hidden folders inside the Windows and System folders to prevent viruses of similar names entering the PC.

One of such folders created in the Windows folder is WINLOGON.EXE. MSAS assumes that any file or folder created in the Windows folder with the name Winlogon.exe is MultiBot Pro. There is also a post about this in the following URL:

http://www.pcreview.co.uk/forums/thread-1698148.php

Just try deleting the above folder and see if MSAS still flashes the warning.

We hope that the above clarifies the issue. In case of any specific queries, you can mail us as support@s-cop.com.

Wishing everyone a very happy 2006.
-Avnish Dass
 

pugmug

Banned
Joined
Jun 13, 2005
Messages
2,857
Very nice to see Smartcop answer the question direct in this forum.Thank's again qldit for your help in finding this answer.
 

pugmug

Banned
Joined
Jun 13, 2005
Messages
2,857
qldit, just to let you know. I checked out the person that posted from SmartCop and then ran the program. It is very nice and you were right. It did not find anything,which is good,broke nothing which is good and I will use it from now on.
 
Joined
Mar 18, 2005
Messages
3,390
Good Morning Everyone, I am amazed, the response from "Smartcop" was just a matter of hours, I have never seen such an efficient, effective answer.
Most often these organisations are reluctant to answer queries let alone such a prompt answer.
I must say I am impressed with them, certainly worthy of noting.
See what you think of the Smartcop pugmug and what it may find, I think you will likely agree with me and be suitably impressed.
Thankyou "Smartcop" and thankyou Avnish Das. All the best for 2006.
Cheers, qldit.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top