smithfraud problem

[frank]

A few weeks ago I got hit with the 'smithfraud' spyware.
I did a system restore to bring things back, downloaded
the MS beta antispyware, ran it to clean up left over
remnants of the spyware and turned on the MS antisypware
realtime monitors.

I've been downloading antisypware updates regularly (at
least once a week) and got the latest and greatest
definitions on June 10.

But, yesterday, I got hit with smithfraud again (or at
least that's what the error screen was saying. Plus, the
file wp.bmp was left around after I cleaned up and that's
supposedly a smithfraud signature.)

So, it seems like the beta didn't detect the intrusion of
the sypware because the beta was running its monitors and
I had updated signatures.

This isn't a complaint, just an observation. I'm still
on XP SP1.

 

[Andre Da Costa]

From Andy & Steve:
Hi Des

Check your add/remove screen for any of these three
programs and remove if you find them.Also remove the
folders from c:drive/programfiles area for any found.

Security IGuard
Virtual Maid
Search Maid


run a virus scan at any of these sites :


Trend Micro

http://housecall.antivirus.com/


Panda

http://www.pandasoftware.com/activescan/


Symantecs Security Check & Virus scanner

http://security.symantec.com/default.asp?
productid=symhome&langid=ie&venid=sym



If the problems are still there Can you download these
and post the logs :


Download Hijack This

http://www.spywareinfo.com/~merijn/files/hijackthis.zip


Save it on either the desktop or c/drive,extract and run.
Choose to run a scan and save logfile,this will open the
results in notepad,send that log.


Download Microworlds Escan

Microworlds escan http://www.mwti.net/antivirus/mwav.asp

Save it to the desktop,double click it to extract.When
its opened click drives amd scan all files then click
scan.

When its finished it will show any bad files in the lower
pane.Click and highlight all the text then press control
and c to copy it.It can then be pasted back on here.

If it says you have a virus and need to pay just close
the prompt and let it finsh scanning.Theres no reson to
pay as if they are malicious files that gets detected its
easy enough to maunally delete them all,But it will tag
anything suspicious as a virus and some will be genuine
files and some harmless such as w32.reboot which is used
by AOL and others.

With the results of hijack and escan it will be alot
easier to delete the trojan


Regards Andy

Or : How to remove the Smitfraud / Quicknavigate / VirtualMaid
http://www.bleepingcomputer.com/for...itfraud_Quicknavigate_VirtualMaid-t17258.html
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[Monitor]

just an observation

Upgrade to XP2

 

[Andre Da Costa]

Well, at least he can still download those cumulative patches that were
released for Windows XP yesterday.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[frank]

I'll check some of this stuff, but I think the MS
antispyware removed the remnants after the attack. The
MS antispy said it found a possible browser hijack
modifier when I ran it after doing a system restore, and
I had it delete it (them?)

The real point I was making was that the MS anitspyware
real time protection didn't seem to catch the new attack
of an older piece of sypware.

 

[Andre Da Costa]

Empty your Temp files under your account in Documents and Settings. You have
enable show hidden files under the Folder Options > View Tab.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[Guest]

With this download and run adware away