[guccijana]

Jello, well just wanted to let you know, that I scanned my computer (took a while) everything is gooooood, no Trojan's or viruses.. thx again!!

[evilfantasy]

Grrrreeat!

[guccijana]

Hej there, well I was just wondering what this is!I downloaded superAntiSpyware, and it keeps finding this one trojan.smitfraudvariant..Even after i remove it, it keeps finding it!

Trojan.SmitfraudVariant-Gen/pp

C:/windows/ADVPN.dll


superanispyware log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/11/2007 at 00:17 AM

Application Version : 3.9.1008

Core Rules Database Version : 3323
Trace Rules Database Version: 1324

Scan type : Complete Scan
Total Scan Time : 00:32:55

Memory items scanned : 500
Memory threats detected : 0
Registry items scanned : 60365
Registry threats detected : 0
File items scanned : 26060
File threats detected : 1

Trojan.Smitfraud Variant-Gen/PP
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0002351.DLL

Hmmm!!!

[evilfantasy]

That is a System Restore file.

Flush infected System Restore points.

1: Right click on the My Computer icon on your desktop and select properties.
2: Click on the system restore tab.
3: Check the box that says "Turn off system restore on all drives". Click OK.
4: Click Yes when you are prompted to restart the computer
5: To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box.

[guccijana]

Heeej EF, how are ya? I did that before, twice to be exact, after we got rid of the zlob and my computer was clean.. do i have to do it everyday?

[guccijana]

My original post had the same problem, the restore points seem to not go away.. am I doing something wrong?

[evilfantasy]

We may be dealing with something like a Rootkit. The only way to find out is another round of scans.

=======

Please see This Post on how to add items as an attachment.

Now run CCleaner to help speed up the scans.

===========


Download the Panda Antirootkit programme.

Unzip it and run the PAVARK.exe file.

Tick the box that says In depth scan and follow the on screen instructions.

DO NOT remove any UNKNOWN ROOTKITS at this stage. Instead, let me know the results.

Let me know the results in your reply.

PLease Note: Panda Antirootkit is not comaptible with Windows Vista.

If you are running Vista, please download the AVG Antirootkit programme.

Disconnect from the net and install the programme.

Run the programme and tick Indepth scan. Do not have AVG Antirootkit fix anything, instead let me know the results.

Once the scan is finished, reconnect to the net.

Thanks to Howardhopkinson for the Panda guide.
==========

Next run AVG Antispyware Free Edition. This is different from AVG Antivirus.
Please follow the directions in the above link for details on installation and how to save the log which is requested in your next post.
Add the log as an Attachment.

=====

If you still have Combofix delete that copy and download a new one.

1. Please download Combofix by sUBs. Place it on your Desktop. combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply.
Combofix will create a backup to anything removed in C:\qoovox

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

======

Run a fresh HijackThis scan and save the log.

======

Next post:
Combofix log
HijackThis log
AVG Antispyware log

[guccijana]

good morning.. wow, its good to have a expert opinion.. I'll be starting with the panda download and ill post everything in a bit.. thxx again..

[guccijana]

Panda-NO ROOTKITS HAVE BEEN FOUND.

[guccijana]

Help!! i've done all the AVG instructions, BUT- AT THE END THE "SAVE REPORT AS" button was grayed out, so I couldn't save the report!!!