Software > Computer viruses and spyware

multiple baddies..help?

(1/1)

TuesdayTot108:
Hi everybody!  My computer is badly ill.  I had some kind of pop-up thing the day before yesterday, but I  had to go to work, right, I couldn't deal with it, then.  I think my mistake was just hibernating my computer for the day, though, because the minor pop-up issue (ad-aware and spywareblaster and spybot failed to make these go away in the morning) had mutated into a beast that turned my wallpaper blue with a message that said 'security warning: a fatal in IE has occured.  Error was caused by trojan-spy.html.smitfraud.c'  I tried to run my spyware things again, but they just freeze up, and of course internet explorer won't go anywhere but to a start page crowded with 'adult friend' adverts.  I've also got a message that says 'windows explorer has encountered a problem and has to close.'  I don't even know what that means.
So I can't do anything to try and fix this situation on my own because I can't download anything, but I did get a hijackthis log, which looks is horrible.  I know it might be partly because I couldn't scan with my other stuff before I did it, but the pop-ups and bho warnings from spywareguard wouldn't go away after I ran those, so I don't know.  
If there's anything someone could tell me to do without seeing my fat-*censored* log, that would be truly excellent.  I'm just not very keen on transcribing four pages of this thing (about 2 of them look like this: 01 - hosts: 66.180.173.39  www.google. [country abbreviation: ae, am, as, at, and on.]).  If it would help to see my logfile, though, I'll find a way to get it here.
So that's it.  Thanks to anybody who would choose to tackle this; maybe it's not as bad as it seems.
_Tuesday

R0SS:
Ok its a torjan Horse,

Did you open a Email looking like this?

Smith Barney: Security Maintenance

or did you go to
www.smithbarney.com (DONT GO TO IT NOW!!!!!!!!!)

ok to remove it go here and follow the instructions.
http://www.wilderssecurity.com/showthread.php?t=75890

he tells it alot better than i could.

Also get rid of the tempory internet files. Right Click on the shortcut to IE then go to properties and click on delete files and clear cookies.

Ross

Raptor:
Can you still access Windows and can you still use the Internet?

What scanners are you using and what has been located so far?

Can you copy your HijackThis log for us to see?

TuesdayTot108:
Okay.  
No, Ross, I cannot remember opening an email like that, or going to that site.  I'm not even sure why I would in the first place.  I've followed Pieter's instructions as best I could, but the files he was saying needed to be removed, they weren't there!  I definitely selected 'show hidden files,' so that wasn't the problem.  They just weren't there, not the ones listed for any version of this smitfraud mother.
I deleted temp files, cookies, and I scanned with all that stuff, only for killbox, I don't know if I typed in the files correctly.  It wouldn't let me paste, so I typed them in one at a time....I have absolutely no clue as to how that might be relevant, I'm just worried that it didn't work like it's supposed to.  
See, the blue screen with the warning is gone and my desktop properties came back, but everything else is still there.  Every time I reboot, all the warnings start blowing up again.  The 'IE must close' and 'Windows Explorer must close' ones put in an appearance every minute or more (whether I'm trying to use IE or not), and none of my taskbar things work.  Spywareguard works for a minute, and then blinks away.  There's a message for all of them when Windows boots up that says they must close.  Also, there are messages for things that have a lot of numbers and letters, saying they have to close, too.  I guess these are processes?

And Raptor, while I can access Windows in this crippled state, IE is definitely not functioning.  
I'm not at all sure what's been located so far.  I'm using adaware and spybot and spywareblaster, and all the ones located listed in the wilders thread (I put them on a disc from another computer).  I remember coolwebsearch and a bunch of popup things, and I definitely had (have) the smitfraud thing.  Also, I saw on the adaware thing (it keeps being reborn), 'winn32.trojandownloader.small.aly' .

I'll copy my hijackthis log, but it's going to take a few minutes.
_Tuesday

Raptor:
You should do the following:

1. Before Windows loads, press F8
2. Select safe mode and press Enter
3. Disable system restore (Windows ME/XP)
4. Use all scanners currently installed

Under no circumstance select safe mode with network support.

Navigation

[0] Message Index