Howto:Removing AntiVermin

**secureguru** · 06-Feb-2007, 11:34 AM

I got a mal/spyware program on my computer that Spybot cannot remove. I need an expert to help me.

I have a flashing icon near my system clock that when clicked on bring me to this site:

http://www.antivermins.com/?aff=321

I am running Win 200 Pro

Solution:

Please download HijackThis 1.99.1
http://danborg.org/spy/hjt/alternativ.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/
and click "Analyse", click "Save". Then post the link to the saved list here.

also

http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.

Once in Safe Mode, open the SmitfraudFix folder again and double-click
smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.

You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.

The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".

The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

run smitfraudfix, those entries in hijackthis don't matter much.
Fixing them or not won't make any difference.
Smitfraudfix takes care of the infection.

What you can do to make sure the infection won't come back is to run smitfraudfix option 3 in normal mode.
Running option 3 will clear your Trusted zone which sometimes some variants of smitfraud inserts their entries there and can respawn infection.

06-Feb-2007, 11:34 AM	#1 (permalink)
secureguru Fix my Error! Posts: 2 Join Date: Feb 2007 Rep Power: 0 IM:	Howto:Removing AntiVermin I got a mal/spyware program on my computer that Spybot cannot remove. I need an expert to help me. I have a flashing icon near my system clock that when clicked on bring me to this site: http://www.antivermins.com/?aff=321 I am running Win 200 Pro Solution: Please download HijackThis 1.99.1 http://danborg.org/spy/hjt/alternativ.exe Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet. Then upload the logs to any hosting sites, or go to the below link and login using your Experts-Exchange username and password. http://www.ee-stuff.com Click on "Expert Area" tab type or paste the link to your Question "Browse" your pc to the location of your Hijackthis log and click "Upload" Copy the resulting "url" and post it back here. OR: paste the log to either of these sites: 1. http://www.rafb.net/paste/ then at the bottom left corner click "paste" Copy the address/url and post it here. 2. or at --> http://www.hijackthis.de/ and click "Analyse", click "Save". Then post the link to the saved list here. also http://siri.geekstogo.com/SmitfraudFix.php Extract the content (a folder named SmitfraudFix) to your Desktop. Next, please reboot your computer in Safe Mode by rebooting the computer, and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from the options listed. Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry?" answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt run smitfraudfix, those entries in hijackthis don't matter much. Fixing them or not won't make any difference. Smitfraudfix takes care of the infection. What you can do to make sure the infection won't come back is to run smitfraudfix option 3 in normal mode. Running option 3 will clear your Trusted zone which sometimes some variants of smitfraud inserts their entries there and can respawn infection.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)