Hi White Hat
The file Wininet.dll is a genuine Windows file (Internet-related functions
used by Windows) but its been replaced by a Trojan file due to one of the
smitfraud Variants. First it drops the file "oleext.dll" into the System
folder. It then modifies the system file 'wininit.ini' to swap the infected
'wininet.dll' (oleext32.dll) with the real 'wininet.dll' so that any HTTP
requests sent using the DLL are passed through the trojan file and then the
information is silently sent out to various domains.
Download SmitRem as that will check the wininet file for infection and
replace it if there is a clean copy in other area's of the system, When
Smitrem finishes it will create a text file called smitfiles.txt and save it
to your c:\drive, check that to make sure wininet has been replaced and is
now clean, if not we can download a patch from Microsoft that contains a
clean copy then manually replace the file, Smitrem will also remove
oleext32.dll from your system
Pluns already provided the fixtools required but here it is again if needed:
Download SmitRem
http://noahdfear.geekstogo.com/click counter/click.php?id=1
Save it to your desktop,Double click on the SmitRem.exe file and extract it
to it's own folder on the desktop.
Download Ewido Security Suite
http://www.ewido.net/en/download/
When installing, under "Additional Options" uncheck "Install background
guard" and "Install scan via context menu". Click on update in the left menu,
then click the Start update button. After the update finishes (the status bar
at the bottom will display "Update successful") Exit Ewido. DO NOT scan yet.
Download Ccleaner (To Remove Temp and unused files from your system)
http://www.ccleaner.com/ccdownload.asp
Install Then close
Now reboot to Safe Mode - Restart your computer and immediately begin
tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe
Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.
Run Smitrem :
Open the smitRem folder, then double click the RunThis.bat file to start the
tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive,
eg; Local Disk C: or partition where your operating system is installed.
Run Ewido
Click on the Scanner button in the left menu, then click on complete system
scan.
When ewido finds something, it will pop up a notification.
Select "clean" and check the boxes "Perform action with all infections" and
"Create encrypted backup" before clicking on ok. When the scan finishes,
click on "Save Report" from the bottom of the screen and save it to your
desktop incase you need more help with this.
Run Ccleaner and press "Run Cleaner" then exit.
Then Reboot back to Normal Mode
You will need to reload your wallpaper after this tool finishes, Smitrem
will reset it because some variants will display a spyware warning as a
desktop wallpaper which cannot be removed, To change your wallpaper right
click desktop and choose properties, Set the Theme to XP if you are running
XP then goto the Desktop tab and choose your wallpaper from there.
Regards
Andy
