-
January 28th, 2007, 04:37 PM
#1
Does this mean infection present
I had help here last week from crunchie and fink and thanks to them my computer is clean and running well, but I have a second computer an amd duron 1.2g with 512 ram running win xp pro sp2 and I ran the smitfraudfix on it and it looks to me there is an infection in wininet.dll. This computer is hooked up to my home network and my husband was using it and told me he thinks something is wrong , I checked and it tells me boot ini changed and also the host file but I haven't done anything that I am aware of to change them ..I hope this rapport is a good start ..When I get a responce I will then do a more through scan . Nothing shows in avg anti spyware but avg virus program is where it shows the change warning of the host file and boot ini .. Please help thanks
Here is the rapport:
SmitFraudFix v2.133
Scan done at 15:27:20.49, Sun 01/28/2007
Run from C:\Documents and Settings\Rick\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rick
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Rick\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\RICK\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="csrqy.exe"
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
-
January 28th, 2007, 05:17 PM
#2
It's not a good idea, really, to be using this unless an HJT log has indicated the possible presence of Smitfraud or its variations. The best thing to do is to post an HJT log to get a more complete picture. Various infections use very similar - but different - file names or name formats, and their markers are hard to distinguish unless one knows what to look for.
-
January 28th, 2007, 07:55 PM
#3
Does this mean infection present
Igbpop thanks so much, I thought I could use it since both computers were networked together and I had that on mine, so I thought it would be alright to try it on this one. I new enough not to try option 2 till I was told to from you knowlegable people. Thank so much I will do a hyjack log now and post it.
-
January 28th, 2007, 11:54 PM
#4
Well, I wasn't saying it wouldn't be necessary, so much as it would be better to make sure that that wasn't the only possible nasty on your computer.
I had to get up for some more medicine, sorry to respond so late.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|