URL to MS submission ?

  • Thread starter Thread starter plun
  • Start date Start date
P

plun

Well.... Vista and Smitfraud....prOn movies and codecs.

Does MS want samples ?

http://img89.imageshack.us/my.php?image=spytj4.jpg

UAC partly OFF, WD detects a codecs (Getter) as a BHO starts
cleaning and wants to restart. Maybe a user don´t want to
restart directly...

System warnings installs.

VirusBurst, System Doctor2006 installs and so on...

Like a tivoli..... ;)

regards
plun


PS Of course the bad guys will trick a user that he/she must
turn off UAC otherwise no prOn movie .... DS

Logfile:
SmitFraudFix v2.104

Scan done at 22:29:22,09, 03.10.06
Run from
D:\Users\Administrator_ploc\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows [Version 6.0.5728] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon"

[HKEY_CLASSES_ROOT\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@="D:\Windows\system32\gqagksr.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@="D:\Windows\system32\gqagksr.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

D:\Windows\system32\gqagksr.dll -> Hoax.Win32.Renos.gen.e
D:\Windows\system32\gqagksr.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

Problem while deleting D:\Windows\system32\sysmain.dll
D:\Users\Administrator_ploc\Application
Data\Microsoft\Internet Explorer\Quick Launch\VirusBurster
6.2.lnk Deleted
D:\Users\ADMINI~1\Desktop\VirusBurster.lnk Deleted
D:\Users\Public\Desktop\Online Security Guide.url Deleted
D:\Users\Public\Desktop\Security Troubleshooting.url Deleted
D:\Program Files\VideosCodec\ Deleted
D:\Program Files\VirusBurster\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Reboot

Problem while deleting D:\Windows\system32\sysmain.dll

»»»»»»»»»»»»»»»»»»»»»»»» End
 
I've forwarded that to (e-mail address removed)

Still digging for the full submission instructions:

OK:
http://www.microsoft.com/athome/security/spyware/software/support/reportspyware.mspx

--

plun said:
Well.... Vista and Smitfraud....prOn movies and codecs.

Does MS want samples ?

http://img89.imageshack.us/my.php?image=spytj4.jpg

UAC partly OFF, WD detects a codecs (Getter) as a BHO starts cleaning and
wants to restart. Maybe a user don´t want to restart directly...

System warnings installs.

VirusBurst, System Doctor2006 installs and so on...

Like a tivoli..... ;)

regards
plun


PS Of course the bad guys will trick a user that he/she must turn off UAC
otherwise no prOn movie .... DS

Logfile:
SmitFraudFix v2.104

Scan done at 22:29:22,09, 03.10.06
Run from D:\Users\Administrator_ploc\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows [Version 6.0.5728] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon"

[HKEY_CLASSES_ROOT\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@="D:\Windows\system32\gqagksr.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@="D:\Windows\system32\gqagksr.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

D:\Windows\system32\gqagksr.dll -> Hoax.Win32.Renos.gen.e
D:\Windows\system32\gqagksr.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

Problem while deleting D:\Windows\system32\sysmain.dll
D:\Users\Administrator_ploc\Application Data\Microsoft\Internet
Explorer\Quick Launch\VirusBurster 6.2.lnk Deleted
D:\Users\ADMINI~1\Desktop\VirusBurster.lnk Deleted
D:\Users\Public\Desktop\Online Security Guide.url Deleted
D:\Users\Public\Desktop\Security Troubleshooting.url Deleted
D:\Program Files\VideosCodec\ Deleted
D:\Program Files\VirusBurster\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Reboot

Problem while deleting D:\Windows\system32\sysmain.dll

»»»»»»»»»»»»»»»»»»»»»»»» End
Click to expand...
 
Thanks Bill !

Posted URL for this junk flood to MS.....

Registrator in Africa and a ISP i Singapore.

Never ending flood with junk applications and system warnings.

TrendMicro PC Cillin detects some of them.

regards
plun


Bill Sanderson MVP skrev:
 
plun said:
Thanks Bill !

Posted URL for this junk flood to MS.....

Registrator in Africa and a ISP i Singapore.

Never ending flood with junk applications and system warnings.

TrendMicro PC Cillin detects some of them.

regards
plun


Bill Sanderson MVP skrev:
My anti-virus software deleted the virusburster, but, I still have a virusburster icon in my tool bar that every few minutes pops up saying "Critical System Error.... 43 items found....". I've run Spybot, adaware, A-squared malware finder, and my antivirus software to get rid of it. My software says I am clean. How do I get this off of my tool bar?
Click to expand...

Sincerely,
Highlandcelt
 
Back
Top