Problems. problems.

Hello. My name is Jerry Cass.

I installed a new 80 GB hard drive and installed W2KPro on it, and added the SP2 update on my Compac Presario, with a 1.19 GHz CPU and 128 MG of RAM.


Ewido found this:
C:\WINNT\system32\newexe.exe -> Backdoor.Rbot.aeu,
and ALL the following IN THE SAME DIRECTORY:
eraseme_01787.exe -> Backdoor.SdBot.qm
eraseme_30426.exe -> Backdoor.SdBot.qm
eraseme_54821.exe -> Backdoor.SdBot.qm
eraseme_67564.exe -> Backdoor.SdBot.qm
eraseme_67681.exe -> Backdoor.SdBot.qm
eraseme_73278.exe -> Backdoor.SdBot.qm
eraseme_78107.exe -> Backdoor.SdBot.qm
eraseme_80162.exe -> Backdoor.SdBot.qm

and. in C:\WINNT\system\
svchost.exe -> Backdoor.SdBot.qm
svchost.exe_tobedeleted -> Backdoor.SdBot.qm
All were cleaned with backup (quarantined).

C:\WINNT\system32\porky.pig -> Proxy.Ranky : Cleaned with backup (quarantined).
"Porky.pig", is a file that I renamed from "105.tmp", so it would quit loading.

In safe mode, McAfee AVERT Stinger Version 2.6.0. found these:
C:\Winnt\system32\i
Found the W32/Sdbot.worm!ftp virus. It has been deleted.

C:\Winnt\system32\wins\SVCHOST.EXE
Found the W32/Nachi!tftpd virus. It has been deleted.

C:\WINNT\system32\TFTP1480
Found the W32/Sdbot.worm.gen virus. It has been deleted.

C:\WINNT\system32\TFTP828
Found the W32/Sdbot.worm.gen virus. It has been deleted.

C:\WINNT\system32\TFTP980
Found the W32/Sdbot.worm.gen virus. It has been deleted.

Trend Micro VSCAN found:
Success Clean [ WORM_SDBOT.RD]( 1) from C:\Winnt\system32\eraseme_30037.exe

Adaware found Alexa

Spybot S&D found:

--- Report generated: 2006-08-16 16:13 ---

Smitfraud-C.: Executable (File, fixing failed)
C:\WINNT\system\svchost.exe

Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2

Windows Security Center.SP2Update: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotAllowXPSP2!=dword:0

Windows Security Center.AntiVirusOverride: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

Windows Security Center.FirewallDisabled: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windowsfirewall\domainprofile\enablefirewall!=dword:1

Windows Security Center.FirewallDisabled: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windowsfirewall\standardprofile\enablefirewall!=dword:1

Windows Security Center.FirewallDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

Windows Security Center.FirewallOverride: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0

Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

Windows Security Center.UpdateDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0

Alexa Related: Link (Replace file, fixed)
C:\WINNT\Web\RELATED.HTM


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

Now, I keep running into Sygate32.exe viruses, which AVG says that it has healed, when I tell it to.

I downloaded a new Zone Alarm (Free) and it caused my system to crash when I connected to my dialup ISP, so I uninstalled it, until I could find the reason.

(After seeing what S&D found in my registry, I can see why it behaved that way.)

SpybotS&D keeps finding Smitfraud-C
I can't seem to shake it off.

Any help will be appreciated.
Thank you for reading this.