ok so i downloaded a plugin to watch some soccer videos and ended up getting a spyware,

anyways this spyware wanted me to download program called virusheat (which i obviously did not)

i tried searching for the spywares using kaspersky and it only deleted two processes but it can not find the other two.

the other two are sbmnt.exe and sbsm.exe i know them because i kind of memorized my task manager because i use it a lot.

so all i want is a little help getting rid of them. thank you
and my computer suddenly closes down like 20 mins after i open it .
PS: tried using vundofix and hijackthis , didnt work.

afaasdvsd

Edit: i realized that my computer restarts everytime i try to scan it using kaspersky anti virus 7

I have found the folder containing the spyware and it is called NetProject but i need help deleting it.

afaasdvsd

Hi, Welcom to Computing.net help forum.

Your computer is infected with Rongue Antispyware VirusHeat and some other viruses (like C:\Program Files\NetProject and C:\Program Files\NetProject\sbsm.exe).
Lest try to get rid of them.
lets start.
Dont scan your computer with any Antivirus or Antispyware. Disable all such applications.

I need your Hijackthis Log.

Download the "HijackThis" Installer from this link:
http://www.trendsecure.com/portal/e...

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Post your Hijackthis Log in next reply!

*Do Safe Computing*

thanks for the fast reply here is the hijackthis file. ( ok here is the problem, kaspersky deleted two files as i said above then the other two processes were stil there, anyways i restarted in safe mode then found the folder Netproject and deleted the files and the regeistry files in regedit. i still have the annoying popups and a folder named C:program files/ Helper which seems to have nothing in it but im not able to delete it, so thats the whole story i hope you will be able to help me because i cant play any game because the popups keep minimizing my screen.)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:27 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\cs\steam.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FOR...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 82.67.11.110:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: e404 helper - {DF47DD37-AC11-4A93-8E16-2B2364AF0897} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Steam] "d:\cs\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "D:\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1....
O17 - HKLM\System\CCS\Services\Tcpip\..\{74336EA0-936D-44BC-907C-4AF35676100D}: NameServer = 163.121.128.134,212.103.160.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{74336EA0-936D-44BC-907C-4AF35676100D}: NameServer = 163.121.128.134,212.103.160.22
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O22 - SharedTaskScheduler: figpecker - {7d7bd0c4-4913-4933-b870-7388a7bffb82} - C:\WINDOWS\system32\lvhjtsa.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Ares\chatServer.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7896 bytes

afaasdvsd

Disable your all Antisoftware to Clean your computer properly!

We will use following two free tools to clean your pc.

First:

Please download Malwarebytes' Anti-Malware to your desktop. This is an Free Antimalware Application tool.

Download link: http://www.malwarebytes.org/mbam/pr...

>DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
>Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
>If an update is found, it will download and install the latest database updates.
>Once the program has loaded, select Perform full scan, then click Scan.
>When the scan is complete, click OK, then Show Results to view the results.
>Be sure that everything is checked, and click Remove Selected.
>When MBAM finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

THEN:

Download SmitfraudFix.exe from here and save it to your desktop:

Download link: http://siri.urz.free.fr/Fix/Smitfra...

You can also read this for its Tutorial how to us SmitraudFix: http://siri.geekstogo.com/Smitfraud...

>Restart your computer. Before the Windows loading screen appears, keep pressing F8 until you see the boot menu. Select Safe Mode.
>Double-click SmitfraudFix.exe
>Select 2 and press Enter to clean your system by deleting infected files.
>You will be prompted: Do you want to clean the registry ? Answer Y (yes) and press Enter in order to remove the hijacked Desktop background and clean registry keys associated with the infection.
>SmitFraudFix will then check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? Answer Y (yes) and press Enter to restore a clean file.
>You may have to restart your computer in order to finish the spyware removal process. You can find a report on spyware removal at the root of the system drive. Usually it will be located at C:\rapport.txt.

After runing above tools, Scan your pc with Hijackthis and Post Fresh Hijackthis Log along with Malwarebytes Antimalware and SmitfraudFix Logs in your next reply.

Thanks for the reply and thank you very much for trying to help me , fortunately my brother opened the computer while i was away and downloaded Spybot search and destroy, and i came back to spyware free computer.

afaasdvsd

But shuld also try to scan with Malwarebytes' Anti-Malware for latest detection, It will detect all other remaining malwares on your computer. Bcoz i cant say that your computer is completely cleaned.!!

TC

*Do Safe Computing*