Skip to main content

Antispywarebox infection

Comments

1 comment

  • Support

    Hi shore_strummer, Welcome!

     

    Yes, you got it.

     

    There is a wee bit of an extra step for you, so follow these directions carefully

     

    1. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

     

    How to extract (decompress) zipped or compressed files

    http://www.lvsonline.com/compresstut/index.shtml

     

    Note : process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky, Panda) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

     

     

    2. Reboot into Safe Mode

    You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

     

    How to start the computer in Safe mode

    http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

     

    3. Once in Safemode, Do a *scan only* with Hijackthis and checkmark these two entries in the list:

     

    O4 - HKLM\..\Run: [4bc19bec.exe] C:\WINDOWS\system32\4bc19bec.exe

     

    O4 - HKCU\..\Run: [4bc19bec.exe] C:\Documents and Settings\Michael\Local Settings\Application Data\4bc19bec.exe

     

    Then delete these files:

     

    C:\WINDOWS\system32\4bc19bec.exe

     

    C:\Documents and Settings\Michael\Local Settings\Application Data\4bc19bec.exe

     

    Close HijackThis

     

    4. Next, open the SmitfraudFix folder and double-click smitfraudfix.cmd

     

    Select option #2 - Clean by typing 2 and press Enter.

    Wait for the tool to complete and disk cleanup to finish.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

    The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

     

    A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

     

    5. Once back into normal mode, please scan with HijackThis to produce a log. Post that log into your topic along with the other requested logs named below.

     

    Logs needed in your next post are:

     

    rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed

     

    Fresh HijackThis log

    0

Please sign in to leave a comment.