|
Posted by =?Utf-8?B?VFJVQ0tFUkdFTw==?= on September 20, 2006, 11:38 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Somehow a program called PEST TRAP was on my computer and started running
when i went to windows i did delete program asap but i have a icons starts
w one then 2 come up saying i;m infected i have to buy that program pest trap
i hide them
but each time i go to the internet it comes on at the bottom R/S were the
time is
also my desktop will not work all i can get is colors no picture i can make
as back ground please help thanks trucker geo
|
|
Posted by Malke on September 21, 2006, 7:34 am
If you were Registered and logged in, you could reply and use other advanced thread options
TRUCKERGEO wrote:
> Somehow a program called PEST TRAP was on my computer and started
> running
> when i went to windows i did delete program asap but i have a icons
> starts w one then 2 come up saying i;m infected i have to buy that
> program pest trap i hide them
> but each time i go to the internet it comes on at the bottom R/S were
> the time is
> also my desktop will not work all i can get is colors no picture i can
> make
> as back ground please help thanks trucker geo
Go through the preparatory steps here:
http://www.elephantboycomputers.com/page2.html#Removing_Malware
Then go through the specific removal steps here:
http://www.elephantboycomputers.com/page2.html#Smitfraud_Trojan
Finish up with the rest of the general malware removal steps from the
first link. When all else fails, run HijackThis and post your log in
one of the specialty forums listed at that first link (not here,
please).
If the procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a professional
computer repair shop (not your local version of BigStoreUSA).
Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
|
|
Posted by =?Utf-8?B?RW5nZWw=?= on September 21, 2006, 8:34 am
If you were Registered and logged in, you could reply and use other advanced thread options
"TRUCKERGEO" wrote:
> Somehow a program called PEST TRAP was on my computer and started running
> when i went to windows i did delete program asap but i have a icons starts
> w one then 2 come up saying i;m infected i have to buy that program pest trap
> i hide them
> but each time i go to the internet it comes on at the bottom R/S were the
> time is
> also my desktop will not work all i can get is colors no picture i can make
> as back ground please help thanks trucker geo
|
|
Posted by David H. Lipman on September 21, 2006, 5:03 pm
If you were Registered and logged in, you could reply and use other advanced thread options
| Somehow a program called PEST TRAP was on my computer and started running
| when i went to windows i did delete program asap but i have a icons starts
| w one then 2 come up saying i;m infected i have to buy that program pest trap
| i hide them
| but each time i go to the internet it comes on at the bottom R/S were the
| time is
| also my desktop will not work all i can get is colors no picture i can make
| as back ground please help thanks trucker geo
Two part reply..
Perform Part 1 then perform Part 2.
If the first two parts don't work, perform the alternate section.
It is suggested that you execute each tool in Normal Mode then in Safe Mode.
Part 1
-----------
Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool --
SmitRem.exe
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
http://www.bleepingcomputer.com/forums/topic43659.html
Part 2
-----------
Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe
Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to enable WGET.EXE to download the needed McAfee related files.
Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }
A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it
will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if
you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have
to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in
your bowser
but your PC will automatically be shutdown. It is suggested that you move the
report out of
c:\mcafee before performing another scan.
It would be best to scan in both Safe Mode and in Normal Mode and save a copy of
the HTML
report for each session.
ALTERNATE:
S!ri's SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
Posted by Runlevel0 on September 24, 2006, 5:47 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Somehow a program called PEST TRAP was on my computer and started running
> when i went to windows i did delete program asap but i have a icons
> starts w one then 2 come up saying i;m infected i have to buy that program
Hey, TROCKERGEO,
I hope you already got rid of this critter.
It's one of the many incarnations of smitfraud.c
Fortunately these are not specyally difficult to remove.
There are 2 specialized programs: smitrem and smitfraudfix
Smitrem: http://noahdfear.geekstogo.com/
Smitfraudfix: http://siri.geekstogo.com/SmitfraudFix.php
You can run these programs from the normal or the safe mode, they will take
care of the smitfraud clones and they are periodically updated.
You can remove them also manually, but the best way to do it is using
Hijackthis. You can post and analyze a file online at http://hijackthis.de
The analized results are not 100% accurate and I strongly suggest to ask for
the help of skilled persons in the forums or real world, as sometimes you
will have to alter/remove registry entries by hand.
In the HJT logs you have to search for the BHO entries and other URL related
stuff, generally:
R0,R1 and R3 entries (default start page, URL search hook).
O2 BHOs, those are very important. You can safely remove them all, as in
case of error you will just have to visit a site again and install the
ActiveX control again. Thus, just remove them all.
Also remove all the entries leading to C:\Program Files\PestTrap...
You can then remove the directory with the CMD, or sometimes even from the
explorer. This is the command:
del "C:\program files\pesttrap\*" /s/f/q
NOTE: Change the path to the actual one, as I haven yet seen this variant
called "Pest Trap".
Now you can go to the registry (Start > Run > and write "Regedit") and
remove the whole keys: HKEY_LOCAL_MACHINE\Software\PestTRap and
HKEY_CURRENT_USER\Software\pestrtrap
Some variants also creates a file in the %System% dir, but this is not
self-replicating, thus, when you get an error message while starting up,
you will get the path to the file, so that you can remove it.
A way of getting rid of all the pesky registry entries that are not related
to any installed software is using Ccleaner, a small, eficcient and free
tool, that allthought not directly a secutiry tool is very useful to clean
the mess after making changes to your filesystem:
www.ccleaner.org
That's it.
Best bet is of course to use smitrem or smitfraudfix.
|
| Similar Threads | Posted | | cannot find anything about this virus and how to delete it (SPR/YFlood.A.3) | March 11, 2008, 4:58 pm |
| unknown virus that delete zip and jpeg file | June 12, 2007, 2:17 am |
| Is this a virus or something else? Disappearing folder named "system", then can't delete the parent | June 6, 2006, 6:28 pm |
| Which Virus Program To Get | June 27, 2005, 6:59 pm |
| What Virus Program Do You Use | June 29, 2005, 1:16 pm |
| What Virus Program Do I Use | July 28, 2005, 5:57 pm |
| Re: Best Virus program | October 3, 2005, 12:01 am |
| Re: Best Virus program | October 3, 2005, 12:18 am |
| Re: Best Virus program | October 3, 2005, 12:19 am |
| Re: Best Virus program | October 3, 2005, 8:06 am |
|
XML site map