This Trojan is part of the Smitfraud Infection (Usually
its joined by either SpySherifff or PSGuard) and the
wallpaper gets changed to display a spyware warning, It
can also hook into explorer.exe so it starts with windows.
The CLSID you post relates to Trojan Alemod and this is
where things get nasty, It infects the wininet.dll file
with a file called oleadm32.dll and creates another file
called oleadm.dll so that any http requests sent through
wininet.dll will be passed through this trojan file, The
trojan file then reads the request info and sends details
to a few different domains. It does this by first setting
this registry key
HKLM\SYSTEM\CurrentControlSet\Control\Session
Manager\AllowProtectedRenames = 0x1
It then modifies the system file wininit.ini to swap the
infected wininet.dll (oleadm32.dll) with the real
wininet.dll. It can also set restrictions on the desktop
which blocks the "Remove Button" on Display Properties in
3 area's (Themes,Appearance & Desktop)
Copy the next part to notepad if needed so you can still
view it in safe mode:
Use Smitrem and Ewido (Smitrem to remove Intel32 and
related files if they exist plus perform a disk cleanup &
Ewido to check for any other problems)
Download Smitrem to your desktop
http://noahdfear.geekstogo.com/click counter/click.php?
id=1
Run the installer and then press Start to Extract the
files to the desktop, Do not run it yet.
Download the trial version of Ewido Security Suite here
http://www.ewido.net/en/download/
Install ewido.
During the installation, under "Additional Options"
uncheck "Install background guard" and "Install scan via
context menu".
Launch ewido
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet.
Reboot into safe mode (Reboot and keep tapping F8 then
choose safe mode from the list)
Run SmitRem
Open the SmitRem folder and double click the "RunThis"
file to start the tool , Follow the prompts on
screen. Wait for the tool to complete and disk cleanup to
finish.
Next Run Ewido
From the main menu click scanner then Complete system
scan, During the scan it will prompt you to clean files,
click "Remove" for anything detected
Finally reboot back into normal mode
You will need to reload your wallpaper as the SmitRem
tool will reset it, you can do this by right clicking
desktop and choosing properties, First check Theme and
set it to Windows XP then click the Desktop tab and
choose the one you want to use and press apply,
Let us know if you have any problems
Andy
