Virus messed my windows, help :(

F

force123

New Member
hey guys

I got a virus called fraud smith C or something like that .

I struggle with the virus with whatever skill i had, using hijackthis, spybot ...

well after 1 hour I removed it and now everything works fine, except :

1. Next to windows date in task bar it has written : VIRUS ALERT
2. in start menu , the control panel, my conputer, search , run. help has gone.
3. my CD drive letter (D:) and my virtual clone drive (C:) has gone.

I saw both these drives in administrator tools--> computer management.
I changed their drive letter to something else. and it worked and showed them in my computer. but again when i changed them to c: and d: , they disappear again!

please help me :/
Here's an image of the task bar :

View attachment 2581
 
Last edited:
Here is how to remove the virus alert from your clock area.

http://miekiemoes.blogspot.com/2008/05/virus-alert-in-clock-and-how-to-restore.html

But chances are you are still infected. You need to run other malware scans like combofix, malwarebytes antimalware, and superantispyware free. It also wouldn't hurt to post a hijackthis log so we can see if your computer is actually clean or still infected.

download combofix from here..

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

after running it please copy and paste the log that shows up afterwards and post it in a reply in this forum.
 
This Combofix does like miracle. I just run it, and it fixed All 3 probelms together! like there were no problem at all.

Is there any risk yet ? should i send you the log ?

Thanks man, Thanks A TON!!!
 
Yes, copy and paste the log back here for it to be looked over. Like i said, chances are, you are still infected. Have you downloaded and did a hijackthis scan?
 
Do another hijackthis scan and then fix these items. put a check next to these items and then click on fix checked down at the bottom.

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O23 - Service: MySql - Unknown owner - E:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: MySQL5 - Unknown owner - E:\Program.exe (file missing)

And as far as your combofix log, most of the malware got deleted but i see a few that didn't get deleted.

2008-07-17 11:48 . 2008-07-17 11:48 <DIR> d-------- E:\Documents and Settings\admin\Application Data\TmpRecentIcons
2008-07-17 11:48 . 2008-07-17 08:54 163,840 --a------ E:\WINDOWS\agpqlrfm.exe
2008-07-16 18:40 . 2008-07-16 18:40 54,156 --ah----- E:\WINDOWS\QTFont.qfn
2008-07-16 18:40 . 2008-07-16 18:40 1,409 --a------ E:\WINDOWS\QTFont.for
2008-07-12 20:27 . 2008-07-12 22:28 <DIR> d-------- E:\Documents and Settings\admin\Application Data\IcoFX




Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text below:



File::
E:\WINDOWS\agpqlrfm.exe
E:\WINDOWS\QTFont.qfn
E:\WINDOWS\QTFont.for

Folder::
E:\Documents and Settings\admin\Application Data\IcoFX
E:\Documents and Settings\admin\Application Data\TmpRecentIcons

Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.

Drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
 
What the hijackthis log, before or after the combo fix???
Click to expand...

After combofix.

here's the combofix log again after the draging that txt file we made to combofix :

View attachment ComboFix.txt

p.s :

I deleted these :
O23 - Service: MySql - Unknown owner - E:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: MySQL5 - Unknown owner - E:\Program.exe (file missing)

but my local mysql database stoped working. so i restore them back.


2008-07-12 20:27 . 2008-07-12 22:28 <DIR> d-------- E:\Documents and Settings\admin\Application Data\IcoFX

was a program i downloaded a couple of days ago for editing icons. the name is IcoFX.
 
You must log in or register to reply here.
Back
Top