Hi, This morning I found 3 unfamiliar icons on my desktop belonging to: svchost, qq.exe and myd.exe. I checked the properties of the icons and found that 2 of these seemed to be applications also judging by their box like appearance. The other showed that it belonged to a company called MMX. That also showed that they were created at 11:54pm last night. Don't quite remember what I was doing at that time. I have searched the web and didn't find an aweful lot of useful info except that qq.exe is like a p2p app popular in China. Also could be associated with troj/DownLdr-AN. I ran a hjt scan and compared it to one ran 4 days ago and found nothing different. Could I be right,(and lucky), that the fact that these are on my desktop and don't show up in hjt,or in my programs, that the apps haven't been launched and can safely be deleted? This by the way is in a non admin account. Any thoughts? Bluejay

Please post your Hijack this log.

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Then download these while the logs are being reviewed.

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Download and install AVG Anti-Spyware We will need this later in safe mode

Be sure to update AVG Anti- Spyware

Hi and thanks for the response. I don't want to sound the least bit ungrateful for your help, but in my post I stated that my hjt log is exactly as it appeared 4 days ago. Nothing abnormal at all. So i don't see the need to go through all the extra work. The point of my question was that since it appears that they were just downloaded to the desktop awaiting execution, and if it was safe to simply remove them. Thank you again and please don't take my answer the wrong way. Bluejay

To much of an open ended question for me as I can't tell the extent of the corruption without enough information. The qq.exe file is the trojan but I doubt that what you see on your desktop is all that was installed.

You can upload them for more info.
http://virusscan.jotti.org/

http://www.virustotal.com/en/indexf...

Hi I just got home from work to the subject computer. I was communicating with you from there previously. I brought some files home from work on my flash drive. When I opened the folder there was the QQ application. I am going to investigate this computer at home and when I go to work tomorrow I am going to check that one out as well. Looks like I may have picked it up at work and transfered it to my home computer where it manifested itself on my desktop. It may take me some time to get back to you, but I will keep you updated. Bluejay

run kaspersky antivirus if possible

Hi Just to follow up. On the subject home computer, I deleted the desktop icons, also the app folder from my flash drive. Emptied recycle bin. Then I ran spybot s&d and it picked up the smithfraud you speak of along with a couple of non threatening cookies which I had spybot take care of. Ran nav2007 which picked up nothing, also adaware which picked up the usual insignificant cookies which I always let it delete. Rebooted machine and the icons stayed gone. Used machine for some time switching from limited account(the one with the icons)to admin account frequently. Turned off pc, came back later everything fine. Used it again, turned off for the night and in the morning everything was still ok. Ran spybot again, clean as a whistle. I did check in the registry for the item that QQ usually installs (from another article I read) and it was not there. At this point I think everything is ok. Hopefully because it was a limited account that wouldn't let that stuff get installed. So far checked work machine with spybot and everything was clear. Next will do hjt. Thanks for everything and I hope this subject is closed. If not "I'll be back" Bluejay