What the heck?

Discussion in 'malware problems & news' started by Denise_M, Nov 5, 2008.

Thread Status:
Not open for further replies.
  1. Denise_M

    Denise_M Registered Member

    Joined:
    Aug 15, 2006
    Posts:
    19
    Hi,

    Yesterday, after I ran a pc cleaning tool, I attempted to get on the net. I received these messages/warnings. There were others but I didn't think to take screenshots at first. I attempted to come to this forum but I couldn't.

    I did a System Restore to an earlier point and I no longer get the messages/warnings. Should I do something else?
     

    Attached Files:

  2. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    You have some rogue software installed.

    Download MBAM, install, update, perform quick scan.
    That should do it.
    After that, just to be sure, download SAS, update, full scan.

    Good luck and let us know how it went.

    And try not to press any buttons on those "warnings" in the meantime.
     
  3. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
  4. Denise_M

    Denise_M Registered Member

    Joined:
    Aug 15, 2006
    Posts:
    19
    Greetings emperordarius,

    I went to the link that you provided. What it said is:

    Why would I want to download it?
     
  5. Denise_M

    Denise_M Registered Member

    Joined:
    Aug 15, 2006
    Posts:
    19
    Greeting Hurst,

    I downloaded and installed Malwarebytes and it found and removed 5 infected files. It quaranteened and removed them.

    I already have SUPERAntiSpyware Free Edition and use it often but it didn't find anything.

    Thanks for your help. I'm glad I asked if there was anything else I could do! :D
     
  6. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    So the deal is, you ran SAS first and it found no infections, then MBAM ran and it found five infections? Is that correct? :thumb: Or did you run SAS after MBAM found five infections?
     
  7. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Hi Denise,Emperordarius was given you the link of solutions and explanations of the rogue app and what is does.If you looked further down the page to see malwarebytes a reputable highly effective removal application.He has been here long enough and knows better to mislead you.Just for the future there are many so called registry apps that lead you where your at now, you may want to check it out first before running it.
     
    Last edited: Nov 5, 2008
  8. Denise_M

    Denise_M Registered Member

    Joined:
    Aug 15, 2006
    Posts:
    19
    Today, I ran MBAM first and then SAS, but last night, after I returned to a Restore Point, I ran SAS and it didn't find anything. Ad-Aware and F-Secure wouldn't work either. They wouldn't start.

    I see now what is on the Total Secure 2009 page. I misread it. . . how I did, I couldn't know. I'll run SmitFraud to make sure that everything's gone.

    I only use recommended anti-virus/malware and registry programs. One is Advanced WindowsCare V2 Personal, which is terrific, and the other is TweakNow RegCleaner Std, which hardly runs because it tells me that my registry is ok.

    Windows Firewall and Avast are the only 2 that run while my computer is on. The others are "on demand" only.

    Thanks again :)
     
  9. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Did MBAM find infections after SAS found none? I can't tell from your answer, sorry. :)
     
  10. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    A suggestion if I may. Until you are clean, disable system restore. The infections can be stored there and not cleaned by any tool I am aware of. Also, I believe SAS ignores the system restore files by default.
     
  11. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Sorry Denise, I had thought you had ran a registry cleaner random from the net and it was where you got the rogue from.

    PS.I agree with ThunderZ to Disable System restore at least for the time being until your sure your system is clean.
     
    Last edited: Nov 6, 2008
  12. Denise_M

    Denise_M Registered Member

    Joined:
    Aug 15, 2006
    Posts:
    19
    Hi,

    I tried SmitFraud but it wouldn't run. I went into Safe Mode and pressed 2 for it to clean. A box opened and I had to press any key for it to start. It started "Killing Files . . . Renos" and then my screen went black except for SAFE MODE written in the 4 corners of my screen. I waited about 15 minutes in case it was in some kind of mode but the black screen remained. I tried it a second time and the same thing happened.

    Is this what is supposed to happen? Should I have waited longer?
     
  13. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Hi Denise.

    You may actually have a lot of crap on your computer.

    You tried SmitFraud ? For as far as I can recall it is a rogue antispyware, and Wikipedia seems to agree with me. You can check that yourself (English version).

    Trying to remove spyware/malware with a rogue product is not a good idea !

    So you'd have to get rid of that SmitFraud, plus whatever else might be on your computer.

    Ideally, in a situation like this you restore a clean image (see imaging software like Acronis and hardware), while you have a clean backup of your data.

    If that's not the case ... you may never be able to remove the malware, except by formatting the harddrive(s) and other media, and reinstalling your OS (Windows XP ?) while making sure that the malware has no place to hide while you're doing this. You may try to delete the malware (viruses, worms, trojans, spyware, adware etc.) but you can't ever be 100 % certain that your computer is clean. And even if the removal of the malware seems to work well, removing agressive malware tends to corrupt your system, which is somewhat similar to aging.

    If you can't restore an image, and you don't want to reinstall your OS (=operating system), there are several ways to remove present malware.

    Temporarily disabling the system restore feature is often a good place to start, since malware can hide there.

    There are two ways to start: get the right software and try to remove the malware on your own, or post a Hijackthis log in an appropriate forum (not here) like www.castlecops.com and ask for help. Make sure you don't download a rogue version of Hijackthis ! I believe currently Trend Micro owns this product, I think it's freeware/shareware.

    Trying to uninstall SmitFraud from the software panel/pane in a conventional way is probably a bad idea.

    On this forum there are some instructions that can be helpful for removing SmitFraud, but it says that it is to be used only under the supervision of a malware specialist. See https://www.wilderssecurity.com/showthread.php?t=217490

    There are several online VIRUS scans available. I'm not going to recommend any of them, although Kaspersky has/had a good name, but it has a tendency to produce many false positives. Try to stay away from Panda software !

    As for antispyware applications and antimalware programs (=antispyware+other antimalware), SAS and MBAM seem to be very popular.
    I have no idea if Advanced WindowsCare V2 Personal is a legitimate program, anyway in general it is recommended to run only ONE antivirus program because of conflicts, and if this is a real antivirus I would expect it to conflict with Avast.

    You could also try VIPRE (=antivirus+antispyware), it has a free fully featured trial of 15 days, including removal of infections. Just make sure you don't run any 'other' antivirus programs while using it, because of potential conflicts.

    Btw, I recommend NOT using registery 'cleaners/optimizers'. Even if they are not rogue, they can cause irreparable damage. For me, using a registry cleaner would be the last step to try before reformatting my harddrive.

    Be careful what you install/click on in the future. Not everything is what it seems. ALT-F4 is on Windows computers a good way to close a dangerous webpage.

    No offense, but in general the greatest vulnerability is the person behind the computer.
     
    Last edited: Nov 6, 2008
  14. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Just for clarification:
    SmitFraud=rogue/malware
    SmitFraudFix=Anti-spyware, solution when infected with a smitfraud variant.

    Which one did you use denise?
     
  15. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    If you did install smitfraud and not a smitfraud fix by mistake and that in combo with the other rogue,IMHO I would wipe the drive and start over If you have the windows OS recovery CD and drivers.It is really pretty simple but perhaps a little time consuming and work updating and replacing applications but well worth it in the end results.
     
  16. Denise_M

    Denise_M Registered Member

    Joined:
    Aug 15, 2006
    Posts:
    19
    emperordarius recommended BleepingComputer.com but didn't recommend any of its programs. djohn recommended malwarebytes but since the programs on the entire page were recommended by emperordarius, SmitFraud was one that I chose to check my computer in case MBAM didn't get them all. How was I to know that it isn't meant to look for rogues. I should have been told that from someone here. Since the removal of SmitFraud is going to cause me problems to remove it, I'm very upset about this.

    Thus, I downloaded the program and ran it but it didn't work.


    I was told that I had a rogue. I was told that the page at BleepingComputer.com contained programs that would get rid of the rogue. I chose SmitFraud because it was on a site that was recommended here that offered programs that would remove the problem that I was having to ensure that all of it was removed from my computer! Not knowing that it was a rogue, I first tried SuperAntiSpyware, which found nothing. I then tried Ad-Aware and F-Secure but neither one of them would run. I then came here for help. I believe that the steps that I took were appropriate.

    For crying out loud, if you're going to recommend a site that has programs to use, you better make sure that you tell people not to use certain programs available at that site!


    What malware? I had a rogue, which was pointed out to me is not malware!


    As far as I know, I don't have any anti-viruses/trojans/other malware on my computer. You're communicating with someone who has 23 ext hdds. Do you think that I don't take excellent precautions so that my pc doesn't pick up something? I run numerous programs to ensure that they're as clean as possible, and I run those programs on complete scan, not quick scan. The larger ext hdds take over 24 hours to complete a scan. One ext hdd a day is always being scanned by one program or another.


    Now you're telling me that SmitFraud is much harder to remove from my computer than the rogue, and that only an expert can remove it!!! I understand that you said that a format might remove it but that's not good to hear because I just formatted my pc less than 2 weeks ago!


    I mentioned that I use Windows Firewall and Avast. Avast is the only anti-spyware/malware program that is set to start when I boot up. The other anti-spyware/malware programs that are installed in my pc do not run actively. They are "on-demand" only, which I previously mentioned.


    Advanced WindowsCare V2 Personal and TweakNow RegCleaner Std, both of which were recommended by a person in another forum, have never caused me a problem. I don't install programs willy-nilly. If I don't understand something or if I don't know how to do something, I go to forums and ask.

    Case closed!
     
  17. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Hi Denise everything you mentioned I understood you pretty clear other then I misread the pc cleaner part my bad.I certainly can understand if your frustrated I would be also.As far as that link page I relooked its correct smifraud =fix thats ok not rogue.If it will not run for you as you said then its no use to you then.You may have got the infections already with malwarebytes or do you still suspect theres is more.Ps with malwarebytes and superantispyware if they say your clean now pretty good chance you are IMO.
     
    Last edited: Nov 6, 2008
  18. Denise_M

    Denise_M Registered Member

    Joined:
    Aug 15, 2006
    Posts:
    19
    Can I remove the Smitfraud folder that I created when I downloaded the program at BleepingComputers since it's not listed in Add/Remove Programs and there is no Uninstall file or will I need to do take some other steps? It's the program SmitFraudFix, not Smitfraud-C.
     
    Last edited: Nov 6, 2008
  19. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    786
    Denise try to do the following ... djohn and HURST are 100 % right these methods are very good. But try this method.

    1> Disable the system restore

    2> Update definitions of Malwarebytes and SuperAntispyware

    3> Download Dr web cureit from here
    http://www.freedrweb.com/cureit/

    4> Download Combofix from here
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    5> Boot in Safemode and do a full scanner with MBAM and SAS after do a quick scan with Dr web Cureit , after all that use Combofix , reboot in normal mode and see what happens :p

    You doesnt need to unistall SmithFraudFix it is safe and will not harm your pc anyway.
     
  20. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Yeah, these are all good guidelines. I just wonder why the OP wasn't pointed to, for example, this post in the first place, so he/she can get a proper malware cleaning help. In this way, we could have this "I said, you said" type of posts avoided.
     
  21. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    786
    So you are saying that my post was only a "I said, you said" ? I simple try to help ...
     
  22. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    No, I wasn't referring to anyone specifically. The OP, obviously inexperienced, was confused by the replies. I was just suggesting the usual approach in similar cases.
     
Loading...
Thread Status:
Not open for further replies.