Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 08-04-2007, 06:09 PM   #1
Solid State Member
 
Join Date: Aug 2007
Posts: 6
Default Smithfraud-C

Hi, does anybody know how to remove Smithfraud-C? I've scanned and deleted it multiple times with Spybot but it keeps showing up. I also try Ad-Aware 2007, but everytime I get about 3/4 done with the scan, I get a blue screen and I have to shut down my computer . I know it's not my pc temp because I was monitoring it while it was scanning. I did a log for HJT, and here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:10 PM, on 8/4/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\ITE\Smart Guardian\ITESmart.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe

--
End of file - 3989 bytes

Thanks for the help.
__________________

ghost_x3 is offline   Reply With Quote
Old 08-04-2007, 06:23 PM   #2
Fully Optimized
 
blackjack's Avatar
 
Join Date: Mar 2007
Posts: 2,945
Send a message via MSN to blackjack
Default Re: Smithfraud-C

Try this website. http://www.smitfraud-removal.com.rem...Smitfraud.html
__________________

__________________
Compaq Presario CQ5305K-m Intel® Pentium® Dual Core E5300 (2.6 GHz), Windows® 7 Home Premium 64 bit, 2048 MB , Hard drive: 320 Gb, with 18.5 Widescreen
SPURS TILL I DIE (DIAMONDS ARE FOREVER SO ARE SPURS)
TO DARE IS TO DO
blackjack is offline   Reply With Quote
Old 08-04-2007, 06:29 PM   #3
Solid State Member
 
Join Date: Aug 2007
Posts: 6
Default Re: Smithfraud-C

I already did, but all it did was list the problems and I had to pay to fix the problems.
ghost_x3 is offline   Reply With Quote
Old 08-04-2007, 06:46 PM   #4
Site Team
 
celegorm's Avatar
 
Join Date: Sep 2006
Posts: 10,713
Send a message via AIM to celegorm
Default Re: Smithfraud-C

have you done the adaware scan in safemode? Also, what about a virus scan?
__________________
"as a fanboy i refuse to admit it and will pull countless things out of my butt to disprove it"

Team Thelegorm! Total Kills: 21 (i iz in uor profile, editsing your sigz)
celegorm is offline   Reply With Quote
Old 08-04-2007, 06:55 PM   #5
Fully Optimized
 
blackjack's Avatar
 
Join Date: Mar 2007
Posts: 2,945
Send a message via MSN to blackjack
Default Re: Smithfraud-C

Try this one then http://www.2-spyware.com/remove-smit...FQ2HlAod7Gt5YA

Ive google around and other people thay have had seem tohave had a nightmare getting rid of it, symantec response database,nod32 etc dont recognise it, its some sort of bundled advertising thing like winfix.
__________________
Compaq Presario CQ5305K-m Intel® Pentium® Dual Core E5300 (2.6 GHz), Windows® 7 Home Premium 64 bit, 2048 MB , Hard drive: 320 Gb, with 18.5 Widescreen
SPURS TILL I DIE (DIAMONDS ARE FOREVER SO ARE SPURS)
TO DARE IS TO DO
blackjack is offline   Reply With Quote
Old 08-04-2007, 07:05 PM   #6
Fully Optimized
 
blackjack's Avatar
 
Join Date: Mar 2007
Posts: 2,945
Send a message via MSN to blackjack
Default Re: Smithfraud-C

Heres another one to try http://www.internetinspiration.co.uk/roguefix.htm
__________________
Compaq Presario CQ5305K-m Intel® Pentium® Dual Core E5300 (2.6 GHz), Windows® 7 Home Premium 64 bit, 2048 MB , Hard drive: 320 Gb, with 18.5 Widescreen
SPURS TILL I DIE (DIAMONDS ARE FOREVER SO ARE SPURS)
TO DARE IS TO DO
blackjack is offline   Reply With Quote
Old 08-04-2007, 08:08 PM   #7
Solid State Member
 
Join Date: Aug 2007
Posts: 6
Default Re: Smithfraud-C

Thanks for all the replys, i'm going to try all the stuff you gave me.
ghost_x3 is offline   Reply With Quote
Old 08-04-2007, 08:18 PM   #8
Solid State Member
 
Join Date: Aug 2007
Posts: 6
Default Re: Smithfraud-C

Um I did the Spyware Doctor, but what's the point of scanning if they make you pay to fix it?
ghost_x3 is offline   Reply With Quote
Old 08-04-2007, 08:35 PM   #9
Solid State Member
 
Join Date: Aug 2007
Posts: 6
Default Re: Smithfraud-C

Ok I just tried to do to the awaware scan in safe mode, but the blue screen of death just came up earlier.
ghost_x3 is offline   Reply With Quote
Old 08-04-2007, 11:08 PM   #10
Site Team
 
celegorm's Avatar
 
Join Date: Sep 2006
Posts: 10,713
Send a message via AIM to celegorm
Default Re: Smithfraud-C

Go to www.eset.com and download the freetrial of their NOD32 and run it. let us know what that finds.
__________________

__________________
"as a fanboy i refuse to admit it and will pull countless things out of my butt to disprove it"

Team Thelegorm! Total Kills: 21 (i iz in uor profile, editsing your sigz)
celegorm is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 10:15 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0