Hello lmaurer,
Were you ever able to repair/replace that wininet.dll? I'm wondering if smitfraud is working it's way back up so as a precautionary measure, please do the following:
Download smitRem at http://noahdfear.geekstogo.com/click counter/click.php?id=1 and save the file to your desktop.
Please download Ewido Security Suite at http://www.ewido.net/en/download/ and read the Ewido setup instructions at http://rstones12.geekstogo.com/ewidosetup.htm. Install it, and update the definitions to the newest files. Do NOT run a scan yet.
If you have not already installed Ad-Aware SE 1.06, follow the download and setup instructions at http://rstones12.geekstogo.com/adawareSE_setup.htm. Otherwise, check for updates. Don't run it yet!
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.
Run the smitRem.exe tool you downloaded earlier. Follow the prompts on the screen. Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:
copy c:\windows\system\wininet.dll c:\windows\desktop
del copy.bat
Save the file as "copy.bat". Make sure to save it with the quotes. Double click on it.
Reboot. Scan the desktop folder with eTrust Web Scanner at http://www3.ca.com/securityadvisor/virusinfo/scan.aspx. When done, make sure the box is checked for wininet.dll and click cure.
Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:
del c:\windows\system\wininet.dll
del c:\windows\system\oleadm.dll
del c:\windows\system\oleext.dll
copy c:\windows\desktop\wininet.dll c:\windows\system
del delete.bat
Save the file as "delete.bat". Make sure to save it with the quotes. Double click on it.
Open Ad-aware and do a full scan. Remove all it finds.
Run Ewido:
* Click on scanner.
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with ewido it is finding cases of false positives.
* You will need to step through the process of cleaning files one-by-one.
* If Ewido detects a file you KNOW to be legitimate, select none as the action.
* Do NOT select 'Perform action on all infections'.
* If you are unsure of any entry found, select none for now.
* When the scan is finished, click the Save report button at the bottom of the screen.
* Save the report to your desktop.
Close Ewido.
Next go to Control Panel->Display->Desktop->Customize Desktop->Web-> Uncheck 'Security Info' if present.
Reboot back into Windows and go to http://www.pandasoftware.com/activescan/com/activescan_principal.htm to do a full system scan.
Download FindIt's.zip http://forums.net-integration.net/index.php?act=Attach&type=post&id=142443 to your desktop.
1. Unzip/extract the files inside to a folder on your desktop.
2. Open the folder. Double click on FindIt's.bat and wait for Notepad to open a text file. It will take a while so please be patient... Note: If you are having problems using FindIt's.bat (16 bit error), copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder. Now try running FindIt's.bat.
3. Then post the FindIt's log here along with the logs for HijackThis, Panda ActiveScan, smitfiles.txt and Ewido.
Were you ever able to repair/replace that wininet.dll? I'm wondering if smitfraud is working it's way back up so as a precautionary measure, please do the following:
Download smitRem at http://noahdfear.geekstogo.com/click counter/click.php?id=1 and save the file to your desktop.
Please download Ewido Security Suite at http://www.ewido.net/en/download/ and read the Ewido setup instructions at http://rstones12.geekstogo.com/ewidosetup.htm. Install it, and update the definitions to the newest files. Do NOT run a scan yet.
If you have not already installed Ad-Aware SE 1.06, follow the download and setup instructions at http://rstones12.geekstogo.com/adawareSE_setup.htm. Otherwise, check for updates. Don't run it yet!
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.
Run the smitRem.exe tool you downloaded earlier. Follow the prompts on the screen. Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:
copy c:\windows\system\wininet.dll c:\windows\desktop
del copy.bat
Save the file as "copy.bat". Make sure to save it with the quotes. Double click on it.
Reboot. Scan the desktop folder with eTrust Web Scanner at http://www3.ca.com/securityadvisor/virusinfo/scan.aspx. When done, make sure the box is checked for wininet.dll and click cure.
Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:
del c:\windows\system\wininet.dll
del c:\windows\system\oleadm.dll
del c:\windows\system\oleext.dll
copy c:\windows\desktop\wininet.dll c:\windows\system
del delete.bat
Save the file as "delete.bat". Make sure to save it with the quotes. Double click on it.
Open Ad-aware and do a full scan. Remove all it finds.
Run Ewido:
* Click on scanner.
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with ewido it is finding cases of false positives.
* You will need to step through the process of cleaning files one-by-one.
* If Ewido detects a file you KNOW to be legitimate, select none as the action.
* Do NOT select 'Perform action on all infections'.
* If you are unsure of any entry found, select none for now.
* When the scan is finished, click the Save report button at the bottom of the screen.
* Save the report to your desktop.
Close Ewido.
Next go to Control Panel->Display->Desktop->Customize Desktop->Web-> Uncheck 'Security Info' if present.
Reboot back into Windows and go to http://www.pandasoftware.com/activescan/com/activescan_principal.htm to do a full system scan.
- Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
- Click On 'Scan Now'
- Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
- Begin the scan by selecting My Computer
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. - If it finds any malware, it will offer you a report. Click on see report
- Then click Save report
- Post the contents of the report in your next reply
Download FindIt's.zip http://forums.net-integration.net/index.php?act=Attach&type=post&id=142443 to your desktop.
1. Unzip/extract the files inside to a folder on your desktop.
2. Open the folder. Double click on FindIt's.bat and wait for Notepad to open a text file. It will take a while so please be patient... Note: If you are having problems using FindIt's.bat (16 bit error), copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder. Now try running FindIt's.bat.
3. Then post the FindIt's log here along with the logs for HijackThis, Panda ActiveScan, smitfiles.txt and Ewido.