Stolen Wallpaper HTML.Smitfraud.c virus Help!

  danny0001uk 16:04 16 Apr 05
Locked

Hi

My wallpaper has been taken over by this virus. Ive tried running antivirus programs but it hasnt picked up anything!

Many Thanks for your Help

Cheers

Kevin

If u need a Hijackthis log i will email u it as it wont fit on here!

  VoG II 16:08 16 Apr 05

Post a HJT log in several sections.

  Indigo 1 16:09 16 Apr 05

I have had a lot of success with this one click here

  Indigo 1 16:10 16 Apr 05

forgot to mention it is free to download and use for 30 days

  VoG II 09:51 17 Apr 05

Logfile of HijackThis v1.99.1 Scan saved at 15:59:14, on 16/04/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\HPQ\One-Touch\OneTouch.EXE

C:\WINDOWS\System32\hphmon05.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\system32\carpserv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\XoftSpy\XoftSpy.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\wp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\HPConfig.exe

  VoG II 09:52 17 Apr 05

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe

C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Documents and Settings\Kevin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = click here

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = click here

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = click here

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali

O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

  VoG II 09:52 17 Apr 05

O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [jcp] C:\WINDOWS\jcp.exe

O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [mqwf] C:\PROGRA~1\COMMON~1\mqwf\mqwfm.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Microsoft AntiSpyware helper - {7D7A7870-3052-4726-B039-E9495D8271F4} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7D7A7870-3052-4726-B039-E9495D8271F4} - (no file) (HKCU)

O9 - Extra button: Microsoft AntiSpyware helper - {8C4C194E-F796-4D7D-922C-46A88A32510E} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8C4C194E-F796-4D7D-922C-46A88A32510E} - (no file) (HKCU)

O9 - Extra button: Microsoft AntiSpyware helper - {A25BB721-BF92-4E08-8C67-90E157E9F3DC} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A25BB721-BF92-4E08-8C67-90E157E9F3DC} - (no file) (HKCU)

  VoG II 09:53 17 Apr 05

O9 - Extra button: Microsoft AntiSpyware helper - {A5F97FA1-34FF-4D0A-A9A0-EB9BCC1ADEC0} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A5F97FA1-34FF-4D0A-A9A0-EB9BCC1ADEC0} - (no file) (HKCU)

O9 - Extra button: Microsoft AntiSpyware helper - {C9D1C69F-6355-48F6-933F-07E057E0ED4C} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C9D1C69F-6355-48F6-933F-07E057E0ED4C} - (no file) (HKCU)

O9 - Extra button: Microsoft AntiSpyware helper - {CB000F0B-FB29-4D06-9893-5740A51E3FEB} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CB000F0B-FB29-4D06-9893-5740A51E3FEB} - (no file) (HKCU)

O9 - Extra button: Microsoft AntiSpyware helper - {FD13C1A0-8222-41D1-8A3F-E77ED702F002} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FD13C1A0-8222-41D1-8A3F-E77ED702F002} - (no file) (HKCU)

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O14 - IERESET.INF: START_PAGE_URL=click here O15 - Trusted Zone: click here (HKLM)

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - click here

O20 - AppInit_DLLs: 75626k1uujx5.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

  VoG II 09:54 17 Apr 05

send e-mails unless invited to do so.

Now, wait for an expert to advise you.

  danny0001uk 11:12 17 Apr 05

Ok thanks for your help

Kev

  Nellie2 11:15 17 Apr 05

Good morning VoG!! :-)

Danny... I notice you have XsoftSpy on your PC, I can think of better Anti-Spy applictaions to spend your money on, and better ones to be had for free click here

Can you download Stinger click here read the information and run it. If it doesn't pick up anything then run a couple of these online scans... might be an idea to do that anyway.

click here - TrendMicro HouseCall

click here - Panda Active Scan

Then run hijackthis and click the scan button, when it has finished scanning then put a tick against the following, close all other browsers and windows and click 'fix checked' - Note; some items may be missing after running Stinger and the scans.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = hxxp://letgohome.com/sp.htm?id=9

O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe

O4 - HKLM\..\Run: [jcp] C:\WINDOWS\jcp.exe

O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe

O4 - HKCU\..\Run: [mqwf] C:\PROGRA~1\COMMON~1\mqwf\mqwfm.exe <-- not sure what this is, if it is something you recognise then don't fix

O15 - Trusted Zone: hxxp://ny.contentmatch.net/ (HKLM)

Then make sure viewing of hidden files and folders is enabled.

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

Then boot into safe mode by tapping F8 as your computer reboots, and find and delete the following;

C:\WINDOWS\avserve2.exe

C:\WINDOWS\jcp.exe

c:\wp.exe

C:\PROGRA~1\COMMON~1\mqwf\ <-- folder, but if it is something that you have put on your pc then leave it.

Reboot and post a fresh log here for review... like VoG did for you.

This thread is now locked and can not be replied to.

Amazon Fire HD 8 review: A brilliant combination of function and value – with one massive caveat

1995-2015: How technology has changed the world in 20 years

How to create an introvert-friendly workplace

Apple Watch 2 review | Apple Watch Series 2 review: New Apple Watch is faster, brighter, water-resit…