Tech Support Forum - View Single Post - Blue Desktop with spyware detected

Ried · 08-15-2008, 12:18 AM

Thank you, -Shirt.

You may want to copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Close any open browsers.

--------------------------------------------------------------------

We just have the orphaned registry entries remaining. Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

O2 - BHO: (no name) - {C5FA80B2-6916-C4C1-1F63-760991C73CA3} - H:\DOCUME~1\Tom\APPLIC~1\FASTSE~1\First Htm.exe (file missing)
O4 - HKLM\..\Run: [Each Less Mode Mp3] H:\Documents and Settings\All Users\Application Data\CashAtomEachLess\Jugstwo.exe
O4 - HKLM\..\Run: [Bonemetaviewplan] H:\Documents and Settings\All Users\Application Data\GridPartBoneMeta\ForkWarn.exe
O4 - HKCU\..\Run: [mags up] H:\DOCUME~1\Tom\APPLIC~1\BINPUR~1\plan cool.exe

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Sun Java leaves behind it's old versions when you update it. There is no need to keep these on the system, and it would free up some precious hard drive space for you.

Uninstall the following via the Add/Remove Panel (Start->Control Panel->Add/Remove Programs)

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 5

**Leave this version intact - Java(TM) 6 Update 7

--------------------------------------------------------------------

Online scans are time consuming, but important to run to search for remnants that may still be lurking. Please perform an online scan at Panda ActiveScan

Click on Scan Your PC Now
A "pop up" window will appear, or a new tab will open.
Click on Register
Choose the option you like most, but we recommend the Free Registration.
Click on Register
Enter your e-mail address, and create a password.
Select "I do not want to receive any type of information". (unless you want to receive such information)
Click on Send
Confirm registration, and continue by entering your user name and password, then click on Enter
Select Full Scan, then Click on Scan Now
Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
Please ignore the offer to buy the program. Click on Export To
Export the log and save it to your desktop.
Please attach the contents of that log in your next reply.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

How is the system behaving?

08-15-2008, 12:18 AM	#7 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,596 OS: WinXP and Vista	Re: Blue Desktop with spyware detected - appears to be Smitfraud? Thank you, -Shirt. You may want to copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. ************************************************* Close any open browsers. -------------------------------------------------------------------- We just have the orphaned registry entries remaining. Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries: O2 - BHO: (no name) - {C5FA80B2-6916-C4C1-1F63-760991C73CA3} - H:\DOCUME~1\Tom\APPLIC~1\FASTSE~1\First Htm.exe (file missing) O4 - HKLM\..\Run: [Each Less Mode Mp3] H:\Documents and Settings\All Users\Application Data\CashAtomEachLess\Jugstwo.exe O4 - HKLM\..\Run: [Bonemetaviewplan] H:\Documents and Settings\All Users\Application Data\GridPartBoneMeta\ForkWarn.exe O4 - HKCU\..\Run: [mags up] H:\DOCUME~1\Tom\APPLIC~1\BINPUR~1\plan cool.exe Click 'Fix Checked' and close HijackThis. -------------------------------------------------------------------- Sun Java leaves behind it's old versions when you update it. There is no need to keep these on the system, and it would free up some precious hard drive space for you. Uninstall the following via the Add/Remove Panel (Start->Control Panel->Add/Remove Programs) J2SE Runtime Environment 5.0 J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 2 J2SE Runtime Environment 5.0 Update 4 J2SE Runtime Environment 5.0 Update 6 Java(TM) 6 Update 3 Java(TM) 6 Update 5 Leave this version intact - Java(TM) 6 Update 7 -------------------------------------------------------------------- Online scans are time consuming, but important to run to search for remnants that may still be lurking. Please perform an online scan at Panda ActiveScan Click on Scan Your PC Now A "pop up" window will appear, or a new tab will open. Click on Register Choose the option you like most, but we recommend the Free Registration. Click on Register Enter your e-mail address, and create a password. Select "I do not want to receive any type of information". (unless you want to receive such information) Click on Send Confirm registration, and continue by entering your user name and password, then click on Enter Select Full Scan, then Click on Scan Now Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser. If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect Please ignore the offer to buy the program. Click on Export To Export the log and save it to your desktop. Please attach the contents of that log in your next reply. * Turn off the real time scanner of any existing antivirus program while performing the online scan How is the system behaving? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."