#13882 - 11/04/08 11:04 PM
How to remove!
[Re: Morgan]
|
Disabuse
member
Registered: 09/19/07
Posts: 219
|
Win Antivirus <date> is a strand of Smitfraud and Vundo viruses. No, you haven't gotten rid of it. Just because it hasn't popped up, chances are it is still there. And no, you don't have to wipe your drive to get rid of it.
For Windows XP/Vista:
1. Download, install, update and "quick scan" with Malwarebyte's Anti-Malware.
http://www.malwarebytes.org/
Once that finishes, depending on any other adware items it finds or other nasties, you might be prompted to restart the computer to finish removal. If this happens, reboot the computer and move on to the next step. If it doesn't ask for a restart, then move on to step 2.
2. Next is to download two smaller applications that specialize in removing Smitfraud and Vundo.
IMPORTANT: DO NOT RUN THESE APPLICATIONS IN NORMAL MODE!!! JUST DOWNLOAD THEM AND DO NOT OPEN THEM!!! RUNNING THESE APPLICATIONS IN NORMAL MODE CAN CAUSE YOUR SYSTEM TO BRICK
Applications to get: (direct link to the download file)
a. ComboFix - From BleepingComputers.com
b. SmitFraud Fix - From french server.
Download both these files and save them to your root directory of C:
3. Get your computer into safe mode. To do this, shut your computer off. When you start the computer, keep tapping the F8 key to bring up your boot options menu. You want to choose Safe Mode w/ Networking. You might or might not get a second menu asking you to choose your operating system. Just hit enter to move along. Log into your normal user account for windows. If you're not sure what it is, it is generally not the "Administrator" one, so choose the other one.
4. While in safe mode, open My Computer (or Computer in Vista) and run SmitFraudFix.exe on your C: that we downloaded from earlier. If you're using Vista, right click the file and "Run As Admin" (note, if you are using Vista, for this tutorial, always right click a file and Run As Admin). Hit enter on the splash screen to bring up your menu choices. Type 2 to clean and hit enter. Let it run and DO NOT do anything else on the computer. Takes about 5-10 minutes to run. Sometimes it will bring back the menu when its done, if it does, type "Q" to quit. If it doesn't, and you're stuck with a blank Safe Mode desktop screen, hit Ctrl-Alt-Del to bring up your task manager. From File, choose New Task (Run...). In the open box, type "explorer.exe" without the quotation marks to relaunch your desktop.
5. Next to run is Combofix from your C drive. Again, Vista, run as admin. If you get a prompt about Windows Restore Feature or whatever it is, just click No. Combofix will start scanning and removing vundo from your machine. You will see it go through about 70 or so stages or phases. Once it is done, it will say it is generating a log file. It is important that you DO NOT click your mouse or touch your keyboard while Combofix is running. It is a very intense program and can easily brick your computer if you try to do anything else while its running, SO DO NOT! Once you see the text file, it's finished. You can go ahead and close the text file and you should see the desktop. If you're still in safe mode, just go ahead and restart your computer to get back into normal Windows. If you don't see your desktop after combofix has ran, Ctrl-Alt-Del to bring up Task Manager. Select Restart from the Shut Down menu.
If you get stuck in a safe mode boot loop for some reason and can't get back into normal mode, go back to My Computer to your C: drive. Make sure you can view hidden/system files (Tools>Folder Options>View Tab>Select Show hidden files and folders>Apply>OK) Find the file named boot.ini and open it. It should open it in notepad, if not, right click the file and Open With and choose notepad.exe. You want to find the line, generally the last one, that looks like this:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/NOEXECUTE=OPTIN /FASTDETECT /SAFEMODE :NETWORKING
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/NOEXECUTE=OPTIN /FASTDETECT
Once you have removed the /safemode and networking options, File and Save and then close and restart the computer.
6. Once you're back in normal mode, run Malwarebyte's Anti-Malware again to make sure nothing was left behind. If mbam (for short) finds something and the results show a variant of WinAntivirus <date> then it didn't catch it. Try the steps one more time. If it still doesn't work, you got a nasty strand and it won't come out without a format. And typically, that variant of smitty/vundo won't come out with even that, you'll need to completely delete that hard drive partition and then a full format. But that is very rare.
If mbam doesn't find anything, it means the files are gone, but you still have one more step left. The files may be gone, but the option for it returning is still very high due to the fact that typical smitty/vundo opens a BHO on your system so it can restore itself.
7. Lastly, download HiJackThis to C:.
HiJackThis
Once its downloaded, go ahead and run it. You might get a message about it being ran from a temporary folder, this is fine. Just hit Ok or Continue. Once you get to the menu, click on Scan only, we don't need to save a text file of it. Let it finish the scan completely (progress bar at the very top). Once its done, you want to remove ONLY the lines that have both "(no name)" and "(missing file)" on the same line. A line might have (no name) but not have (missing file), DO NOT DELETE THESE! It is fine to delete the vice versa though. If a line has a name, but has (missing file), you can remove that as well. So, with that being said. go through the lines and put a check mark next to the ones with missing files. Once you get to the bottom, click Fix Checked and click ok on any messages you get that popup.
You're done. Good job. 
_________________________
-Disabuse Conformity-
"Cu è surdu, orbu e taci, campa cent'anni 'mpaci."
|
|
Top
|
|
|
|
#13901 - 11/05/08 08:48 AM
Re: Neither fish nor fowl, The 600 Club blog....
[Re: Fist]
|
Jaguar
stranger
Registered: 08/08/08
Posts: 24
Loc: OR, Multnomah
|
Bit confused about the post after reading the spamming gig when I read threads from admins. Whatever. Regarding the political talk about whatever is on our mind that was talked about a few back....
You guys all sound like the glass is half empty. Elections are over now so time will tell what Obama does.
Oh my god! A socialist extremist, liberal Dem has taken control and the dems have the majority of the house now. All hell is about to break loose. That means, people who make over $200,000 a year will see a 3 percent tax increase while people who make under $100,000 a year will get a tax break if my memory is correct. It may be less then that for the tax break. I forget. Anycase the tax break is a no less then $500 a year and increases with dependents by roughly $500 per dependent.
So, if you are not making $200,000 or more a year then why are you bitching about a 3% tax increase on the rich, when you are most likely recieving a tax break from Obama's plan. I understand why if you are a CEO of a multi million dollar company. Obama is not going to increase government but rather try to fix the current broken one that exists.
Let us not forget what Bush W did.
He increased government and government control over the people unlike anY Dem has ever done OR would ever do. BUSH W INCREASED GOVERNMENT NOT SHRINK IT.
Dem message is clear, government is of the people and for the people....oh my god socialists makaveli! Or is that the foundation of our country. Obama created "google for government," which is a transparent way for people with THE INTERNETS to view all government spending. How is this bad? Sounds really good to me.
GOP (grand old party) message is fear everything unless we inject religious bullshit or corporate propaganda.
Unless I missed something. Many years have passed by with the same message over and over again. I am a Satanist and I do not tolerate this crap. I can respect our differences though.
Cheers!
Edited by Jaguar (11/05/08 08:55 AM)
_________________________
Learn From the Past,
Provide for the future,
Live in the present.
|
|
Top
|
|
|
|
Moderator: Woland, Mercury_Templar, fakepropht, Nemesis, SkaffenAmtiskaw, Morgan, Bacchae, Diavolo, Asmedious, Fist
|
|
