PC Review
Home Forums Reviews Articles Register
Member Login:

PC Review > Forums > Newsgroups > Windows XP > Windows XP Help > bad desktop error! trojan!!!

Reply
Thread Tools Rate Thread

bad desktop error! trojan!!!

 
 
=?Utf-8?B?cmVwbG9pZGh1bnRlcg==?=
Guest
Posts: n/a
 
      10th Jun 2005
My background has gone blue with a system error on it. It says:

Security Warning
A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01)
0010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c

System cannot function in normal mode
Please check yourr security settings.

Scan your PC with any available antivirus/ spyware remover program to fix
the problem.

HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 9:55:18 PM, on 10/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
- http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
http://www.ysbweb.com/ist/softwares/...sb_1002535.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary...t.cab31267.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{ABBBE288-6AEA-4CE1-A80F-7A77530B37F0}:
NameServer = 203.12.160.35 203.12.160.36
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks
Black Bevens
 
Reply With Quote
 
 
 
 
MAP
Guest
Posts: n/a
 
      10th Jun 2005
Why are you starting a new thread?
Did you try anything from yesterdays thread? or do you just enjoy knowing
that the people who answered you yesterday have wasted their time?




reploidhunter wrote:
> My background has gone blue with a system error on it. It says:
>
> Security Warning
> A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01)
> 0010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c
>
> System cannot function in normal mode
> Please check yourr security settings.
>
> Scan your PC with any available antivirus/ spyware remover program to
> fix
> the problem.
>
> HJT log:
> Logfile of HijackThis v1.99.1
> Scan saved at 9:55:18 PM, on 10/06/2005
> Platform: Windows XP SP1 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Norton AntiVirus\navapsvc.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\Program Files\iTunes\iTunesHelper.exe
> C:\Program Files\QuickTime\qttask.exe
> C:\Program Files\Messenger\msmsgs.exe
> C:\Program Files\MSN Messenger\MsnMsgr.Exe
> C:\Program Files\iPod\bin\iPodService.exe
> C:\Program Files\Internet Explorer\IEXPLORE.EXE
> C:\unzipped\hijackthis\HijackThis.exe
>
> O2 - BHO: AcroIEHlprObj Class -
> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
> Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: Google Toolbar Helper -
> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
> files\google\googletoolbar1.dll
> O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
> C:\Program Files\Norton AntiVirus\NavShExt.dll
> O3 - Toolbar: Norton AntiVirus -
> {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
> AntiVirus\NavShExt.dll
> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
> C:\WINDOWS\System32\msdxm.ocx
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
> c:\program files\google\googletoolbar1.dll
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> Shared\ccApp.exe"
> O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
> Shared\ccRegVfy.exe"
> O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
> C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
> O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common
> Files\Symantec Shared\Security Center\UsrPrmpt.exe
> O4 - HKLM\..\Run: [iTunesHelper] C:\Program
> Files\iTunes\iTunesHelper.exe
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
> Labs\ZoneAlarm\zlclient.exe
> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0
> -k
> O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
> Messenger\MsnMsgr.Exe" /background
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office\OSA9.EXE
> O8 - Extra context menu item: &Google Search - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmsearch.html
> O8 - Extra context menu item: &Translate English Word -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
> O8 - Extra context menu item: Backward Links - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
> O8 - Extra context menu item: Similar Pages - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmsimilar.html
> O8 - Extra context menu item: Translate Page into English -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
> - C:\Program Files\Messenger\MSMSGS.EXE
> O9 - Extra 'Tools' menuitem: Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program
> Files\Internet Explorer\Plugins\NPDocBox.dll
> O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
> http://messenger.zone.msn.com/binary...r.cab31267.cab
> O16 - DPF: {24311111-1111-1121-1111-111191113457} -
> file://c:\eied_s7.cab
> O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
> Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
> O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
> O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
> O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
> http://www.ysbweb.com/ist/softwares/...sb_1002535.cab
> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
> Utility Class) -
> http://security.symantec.com/sscv6/S.../bin/cabsa.cab
> O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
> (MessengerStatsClient Class) -
> http://messenger.zone.msn.com/binary...t.cab31267.cab
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{ABBBE288-6AEA-4CE1-A80F-7A77530B37F0}:
> NameServer = 203.12.160.35 203.12.160.36
> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec
> Shared\ccEvtMgr.exe
> O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
> Symantec Corporation - C:\Program Files\Common Files\Symantec
> Shared\ccPwdSvc.exe
> O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
> C:\Program Files\iPod\bin\iPodService.exe
> O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
> Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
> O23 - Service: ScriptBlocking Service (SBService) - Symantec
> Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec
> Shared\SNDSrvc.exe
> O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\Security
> Center\SymWSC.exe
>
> Thanks
> Black Bevens

--
Mike Pawlak
 
Reply With Quote
 
MAP
Guest
Posts: n/a
 
      10th Jun 2005
reploidhunter wrote:
> My background has gone blue with a system error on it. It says:
>
> Security Warning
> A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01)
> 0010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c
>
> System cannot function in normal mode
> Please check yourr security settings.
>
> Scan your PC with any available antivirus/ spyware remover program to
> fix
> the problem.
>
> HJT log:
> Logfile of HijackThis v1.99.1
> Scan saved at 9:55:18 PM, on 10/06/2005
> Platform: Windows XP SP1 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Norton AntiVirus\navapsvc.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\Program Files\iTunes\iTunesHelper.exe
> C:\Program Files\QuickTime\qttask.exe
> C:\Program Files\Messenger\msmsgs.exe
> C:\Program Files\MSN Messenger\MsnMsgr.Exe
> C:\Program Files\iPod\bin\iPodService.exe
> C:\Program Files\Internet Explorer\IEXPLORE.EXE
> C:\unzipped\hijackthis\HijackThis.exe
>
> O2 - BHO: AcroIEHlprObj Class -
> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
> Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: Google Toolbar Helper -
> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
> files\google\googletoolbar1.dll
> O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
> C:\Program Files\Norton AntiVirus\NavShExt.dll
> O3 - Toolbar: Norton AntiVirus -
> {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
> AntiVirus\NavShExt.dll
> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
> C:\WINDOWS\System32\msdxm.ocx
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
> c:\program files\google\googletoolbar1.dll
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> Shared\ccApp.exe"
> O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
> Shared\ccRegVfy.exe"
> O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
> C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
> O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common
> Files\Symantec Shared\Security Center\UsrPrmpt.exe
> O4 - HKLM\..\Run: [iTunesHelper] C:\Program
> Files\iTunes\iTunesHelper.exe
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
> Labs\ZoneAlarm\zlclient.exe
> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0
> -k
> O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
> Messenger\MsnMsgr.Exe" /background
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office\OSA9.EXE
> O8 - Extra context menu item: &Google Search - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmsearch.html
> O8 - Extra context menu item: &Translate English Word -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
> O8 - Extra context menu item: Backward Links - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
> O8 - Extra context menu item: Similar Pages - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmsimilar.html
> O8 - Extra context menu item: Translate Page into English -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
> - C:\Program Files\Messenger\MSMSGS.EXE
> O9 - Extra 'Tools' menuitem: Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program
> Files\Internet Explorer\Plugins\NPDocBox.dll
> O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
> http://messenger.zone.msn.com/binary...r.cab31267.cab
> O16 - DPF: {24311111-1111-1121-1111-111191113457} -
> file://c:\eied_s7.cab
> O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
> Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
> O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
> O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
> O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
> http://www.ysbweb.com/ist/softwares/...sb_1002535.cab
> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
> Utility Class) -
> http://security.symantec.com/sscv6/S.../bin/cabsa.cab
> O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
> (MessengerStatsClient Class) -
> http://messenger.zone.msn.com/binary...t.cab31267.cab
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{ABBBE288-6AEA-4CE1-A80F-7A77530B37F0}:
> NameServer = 203.12.160.35 203.12.160.36
> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec
> Shared\ccEvtMgr.exe
> O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
> Symantec Corporation - C:\Program Files\Common Files\Symantec
> Shared\ccPwdSvc.exe
> O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
> C:\Program Files\iPod\bin\iPodService.exe
> O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
> Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
> O23 - Service: ScriptBlocking Service (SBService) - Symantec
> Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec
> Shared\SNDSrvc.exe
> O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\Security
> Center\SymWSC.exe
>
> Thanks
> Black Bevens

http://www.daniweb.com/techtalkforums/thread24491.html

http://www.wilderssecurity.com/showthread.php?t=75890

http://www.google.as/search?sourceid...ESmitfraud%2Ec

--
Mike Pawlak
 
Reply With Quote
 
MAP
Guest
Posts: n/a
 
      10th Jun 2005
It appears that the error msg. you are getting is fake,I know nothing about
Adwareaway so I can't reccommend it.Look here:
http://www.adwareaway.com/desktophijacker.htm


MAP wrote:
> reploidhunter wrote:
>> My background has gone blue with a system error on it. It says:
>>
>> Security Warning
>> A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01)
>> 0010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c
>>
>> System cannot function in normal mode
>> Please check yourr security settings.
>>
>> Scan your PC with any available antivirus/ spyware remover program to
>> fix
>> the problem.
>>
>> HJT log:
>> Logfile of HijackThis v1.99.1
>> Scan saved at 9:55:18 PM, on 10/06/2005
>> Platform: Windows XP SP1 (WinNT 5.01.2600)
>> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>>
>> Running processes:
>> C:\WINDOWS\System32\smss.exe
>> C:\WINDOWS\system32\winlogon.exe
>> C:\WINDOWS\system32\services.exe
>> C:\WINDOWS\system32\lsass.exe
>> C:\WINDOWS\system32\svchost.exe
>> C:\WINDOWS\System32\svchost.exe
>> C:\WINDOWS\system32\spoolsv.exe
>> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
>> C:\WINDOWS\Explorer.EXE
>> C:\Program Files\Norton AntiVirus\navapsvc.exe
>> C:\WINDOWS\System32\svchost.exe
>> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
>> C:\Program Files\iTunes\iTunesHelper.exe
>> C:\Program Files\QuickTime\qttask.exe
>> C:\Program Files\Messenger\msmsgs.exe
>> C:\Program Files\MSN Messenger\MsnMsgr.Exe
>> C:\Program Files\iPod\bin\iPodService.exe
>> C:\Program Files\Internet Explorer\IEXPLORE.EXE
>> C:\unzipped\hijackthis\HijackThis.exe
>>
>> O2 - BHO: AcroIEHlprObj Class -
>> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
>> Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
>> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
>> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
>> O2 - BHO: Google Toolbar Helper -
>> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
>> files\google\googletoolbar1.dll
>> O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
>> C:\Program Files\Norton AntiVirus\NavShExt.dll
>> O3 - Toolbar: Norton AntiVirus -
>> {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
>> AntiVirus\NavShExt.dll
>> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
>> C:\WINDOWS\System32\msdxm.ocx
>> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
>> c:\program files\google\googletoolbar1.dll
>> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
>> Shared\ccApp.exe"
>> O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
>> Shared\ccRegVfy.exe"
>> O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
>> C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
>> O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common
>> Files\Symantec Shared\Security Center\UsrPrmpt.exe
>> O4 - HKLM\..\Run: [iTunesHelper] C:\Program
>> Files\iTunes\iTunesHelper.exe
>> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
>> Files\QuickTime\qttask.exe" -atboottime
>> O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
>> Labs\ZoneAlarm\zlclient.exe
>> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0
>> -k
>> O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
>> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
>> /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
>> Messenger\MsnMsgr.Exe" /background
>> O4 - Global Startup: Microsoft Office.lnk = C:\Program
>> Files\Microsoft Office\Office\OSA9.EXE
>> O8 - Extra context menu item: &Google Search - res://C:\Program
>> Files\Google\GoogleToolbar1.dll/cmsearch.html
>> O8 - Extra context menu item: &Translate English Word -
>> res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
>> O8 - Extra context menu item: Backward Links - res://C:\Program
>> Files\Google\GoogleToolbar1.dll/cmbacklinks.html
>> O8 - Extra context menu item: Cached Snapshot of Page -
>> res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
>> O8 - Extra context menu item: Similar Pages - res://C:\Program
>> Files\Google\GoogleToolbar1.dll/cmsimilar.html
>> O8 - Extra context menu item: Translate Page into English -
>> res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
>> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
>> - C:\Program Files\Messenger\MSMSGS.EXE
>> O9 - Extra 'Tools' menuitem: Messenger -
>> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
>> Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program
>> Files\Internet Explorer\Plugins\NPDocBox.dll
>> O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
>> http://messenger.zone.msn.com/binary...r.cab31267.cab
>> O16 - DPF: {24311111-1111-1121-1111-111191113457} -
>> file://c:\eied_s7.cab
>> O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
>> Class) -
>> http://messenger.zone.msn.com/binary...r.cab31267.cab O16 -
>> DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 -
>> DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 -
>> DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
>> http://www.ysbweb.com/ist/softwares/...sb_1002535.cab
>> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
>> Utility Class) -
>> http://security.symantec.com/sscv6/S.../bin/cabsa.cab
>> O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
>> (MessengerStatsClient Class) -
>> http://messenger.zone.msn.com/binary...t.cab31267.cab
>> O17 -
>> HKLM\System\CCS\Services\Tcpip\..\{ABBBE288-6AEA-4CE1-A80F-7A77530B37F0}:
>> NameServer = 203.12.160.35 203.12.160.36
>> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
>> Corporation - C:\Program Files\Common Files\Symantec
>> Shared\ccEvtMgr.exe
>> O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
>> Symantec Corporation - C:\Program Files\Common Files\Symantec
>> Shared\ccPwdSvc.exe
>> O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
>> C:\Program Files\iPod\bin\iPodService.exe
>> O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
>> Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
>> O23 - Service: ScriptBlocking Service (SBService) - Symantec
>> Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
>> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
>> Corporation - C:\Program Files\Common Files\Symantec
>> Shared\SNDSrvc.exe
>> O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
>> C:\Program Files\Common Files\Symantec Shared\Security
>> Center\SymWSC.exe
>>
>> Thanks
>> Black Bevens
>
> http://www.daniweb.com/techtalkforums/thread24491.html
>
> http://www.wilderssecurity.com/showthread.php?t=75890
>
>
http://www.google.as/search?sourceid...ESmitfraud%2Ec

--
Mike Pawlak
 
Reply With Quote
 
wayne
Guest
Posts: n/a
 
      10th Jun 2005
not quite sure what your problem is reboot your computer in safe mode and
run a full antivirus scan with the options et to either delete or prompt for
action and choose delete for the infected files.

It is a virus not spyware so hijack this may or may not work.

AV software will

you can get free AV software for home use from Grisoft

http://free.grisoft.com/doc/2/lng/us/tpl/v5

you hold down the F8 key when booting to get into safe mode

It is VERY important to always use safe mode when scanning or cleaning your
computer if you believe you have nay kind of infection.

Wayne


"MAP" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> reploidhunter wrote:
>> My background has gone blue with a system error on it. It says:
>>
>> Security Warning
>> A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01)
>> 0010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c
>>
>> System cannot function in normal mode
>> Please check yourr security settings.
>>
>> Scan your PC with any available antivirus/ spyware remover program to
>> fix
>> the problem.
>>
>> HJT log:
>> Logfile of HijackThis v1.99.1
>> Scan saved at 9:55:18 PM, on 10/06/2005
>> Platform: Windows XP SP1 (WinNT 5.01.2600)
>> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>>
>> Running processes:
>> C:\WINDOWS\System32\smss.exe
>> C:\WINDOWS\system32\winlogon.exe
>> C:\WINDOWS\system32\services.exe
>> C:\WINDOWS\system32\lsass.exe
>> C:\WINDOWS\system32\svchost.exe
>> C:\WINDOWS\System32\svchost.exe
>> C:\WINDOWS\system32\spoolsv.exe
>> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
>> C:\WINDOWS\Explorer.EXE
>> C:\Program Files\Norton AntiVirus\navapsvc.exe
>> C:\WINDOWS\System32\svchost.exe
>> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
>> C:\Program Files\iTunes\iTunesHelper.exe
>> C:\Program Files\QuickTime\qttask.exe
>> C:\Program Files\Messenger\msmsgs.exe
>> C:\Program Files\MSN Messenger\MsnMsgr.Exe
>> C:\Program Files\iPod\bin\iPodService.exe
>> C:\Program Files\Internet Explorer\IEXPLORE.EXE
>> C:\unzipped\hijackthis\HijackThis.exe
>>
>> O2 - BHO: AcroIEHlprObj Class -
>> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
>> Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
>> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
>> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
>> O2 - BHO: Google Toolbar Helper -
>> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
>> files\google\googletoolbar1.dll
>> O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
>> C:\Program Files\Norton AntiVirus\NavShExt.dll
>> O3 - Toolbar: Norton AntiVirus -
>> {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
>> AntiVirus\NavShExt.dll
>> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
>> C:\WINDOWS\System32\msdxm.ocx
>> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
>> c:\program files\google\googletoolbar1.dll
>> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
>> Shared\ccApp.exe"
>> O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
>> Shared\ccRegVfy.exe"
>> O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
>> C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
>> O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common
>> Files\Symantec Shared\Security Center\UsrPrmpt.exe
>> O4 - HKLM\..\Run: [iTunesHelper] C:\Program
>> Files\iTunes\iTunesHelper.exe
>> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
>> Files\QuickTime\qttask.exe" -atboottime
>> O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
>> Labs\ZoneAlarm\zlclient.exe
>> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0
>> -k
>> O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
>> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
>> /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
>> Messenger\MsnMsgr.Exe" /background
>> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
>> Office\Office\OSA9.EXE
>> O8 - Extra context menu item: &Google Search - res://C:\Program
>> Files\Google\GoogleToolbar1.dll/cmsearch.html
>> O8 - Extra context menu item: &Translate English Word -
>> res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
>> O8 - Extra context menu item: Backward Links - res://C:\Program
>> Files\Google\GoogleToolbar1.dll/cmbacklinks.html
>> O8 - Extra context menu item: Cached Snapshot of Page -
>> res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
>> O8 - Extra context menu item: Similar Pages - res://C:\Program
>> Files\Google\GoogleToolbar1.dll/cmsimilar.html
>> O8 - Extra context menu item: Translate Page into English -
>> res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
>> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
>> - C:\Program Files\Messenger\MSMSGS.EXE
>> O9 - Extra 'Tools' menuitem: Messenger -
>> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
>> Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program
>> Files\Internet Explorer\Plugins\NPDocBox.dll
>> O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
>> http://messenger.zone.msn.com/binary...r.cab31267.cab
>> O16 - DPF: {24311111-1111-1121-1111-111191113457} -
>> file://c:\eied_s7.cab
>> O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
>> Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
>> O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
>> O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
>> O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
>> http://www.ysbweb.com/ist/softwares/...sb_1002535.cab
>> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
>> Utility Class) -
>> http://security.symantec.com/sscv6/S.../bin/cabsa.cab
>> O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
>> (MessengerStatsClient Class) -
>> http://messenger.zone.msn.com/binary...t.cab31267.cab
>> O17 -
>> HKLM\System\CCS\Services\Tcpip\..\{ABBBE288-6AEA-4CE1-A80F-7A77530B37F0}:
>> NameServer = 203.12.160.35 203.12.160.36
>> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
>> Corporation - C:\Program Files\Common Files\Symantec
>> Shared\ccEvtMgr.exe
>> O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
>> Symantec Corporation - C:\Program Files\Common Files\Symantec
>> Shared\ccPwdSvc.exe
>> O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
>> C:\Program Files\iPod\bin\iPodService.exe
>> O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
>> Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
>> O23 - Service: ScriptBlocking Service (SBService) - Symantec
>> Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
>> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
>> Corporation - C:\Program Files\Common Files\Symantec
>> Shared\SNDSrvc.exe
>> O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
>> C:\Program Files\Common Files\Symantec Shared\Security
>> Center\SymWSC.exe
>>
>> Thanks
>> Black Bevens
>
> http://www.daniweb.com/techtalkforums/thread24491.html
>
> http://www.wilderssecurity.com/showthread.php?t=75890
>
> http://www.google.as/search?sourceid...ESmitfraud%2Ec
>
> --
> Mike Pawlak
>
>
 
Reply With Quote
 
 
 
Reply

« 16bit color desktop 256 color icons? | WPA and temporary hardware changes »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Need Help to Remove Spyware/Trojan on Desktop krnchmbr34 Security, Spyware and Viruses 5 27th Jul 2008 07:52 AM
Is Desktop Proxy a Trojan horse? Andrew Windows XP General 1 23rd Jul 2008 01:35 PM
Issues with Desktop Wallpaper after removing MalwareAlarm Trojan =?Utf-8?B?TWFyayBELg==?= Windows Vista General Discussion 2 4th Sep 2007 04:00 AM
Lost Desktop Background option due to Trojan.Desktophijack virus =?Utf-8?B?RGF2ZSBCZWV6ZQ==?= Windows XP General 14 11th Jun 2007 07:15 PM
RE: No Start Menu desktop after trojan infection =?Utf-8?B?V2F0ZXJsb28=?= Microsoft Windows 2000 0 9th May 2005 06:46 PM


Features
Forums Startup Database Reviews Articles FAQ / Guidelines About Us
 

Advertising
 

Newsgroups
Windows Vista Windows XP Microsoft Word Microsoft DotNet Windows 2000 AntiSpyware Microsoft Access Microsoft Excel Microsoft Outlook Hardware
 


All times are GMT +1. The time now is 04:34 AM.
Powered by vBulletin®. Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2010, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top