0

Hi, I have problems with malaware wipe everytime I open my Internet explorer, he sends me false virus alerts and try to get me to buy a programs... could you help me please?

Tanks

Here is My hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 11:28:01, on 2006-10-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\eoRezo\EoEngine.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Papa\Bureau\HijackThis.exe
O2 - BHO: EoRezoBHO -
{64F56FC1-1272-44CD-BA6E-39723696E350} -
C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL
O2 - BHO: (no name) -
{d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program
Files\HQVideoCodec\isaddon.dll
O4 - HKLM\..\Run: [EoEngine] "C:\Program
Files\eoRezo\EoEngine.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O17 -
HKLM\System\CCS\Services\Tcpip\..\{B0B51126-2D1E-42E2-95
9F-083F7C8AFDD7}: NameServer = 205.236.148.130
205.236.148.131
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: ANIWZCSd Service (ANIWZCSdService) -
Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2
Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc.
- C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -
GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT,
s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Fichiers
communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Moteur Webroot Spy Sweeper
(WebrootSpySweeperService) - Webroot Software, Inc. -
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

2
Contributors
1
Reply
2
Views
10 Years
Discussion Span
Last Post by rpggamergirl
0

Hi,

Please download SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by rebooting the computer, and repeatedly tapping the F8 key as the pc starts.
Choose "Safe Mode" from the options listed.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.

You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Also post a new hijackthis log please.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.