Sir,
I rcv an error msg Win32.exe error.
Plz tell me what to do!!
and tell me the basic purpose of this file... why is this for??
and why it cause error always!!

Syed Fahad Hussain

tell me the basic purpose of this file... why is this for??
It's a virus.

and why it cause error always!!
Bad programming?

Most likely a virus.

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.

!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Please download and install the latest version of HijackThis v2.0.2:

Download the HijackThis Installer from this link: HijackThis

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

i could real use some help

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec Client Security\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Rtvscan.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\system32\pipmon.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\pipmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\lgaac.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kory

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kory\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Kory\FAVORI~1

C:\DOCUME~1\Kory\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video ActiveX Access\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{655560a9-3ca8-4509-9632-6abbef21426b}"="andropogon"

[HKEY_CLASSES_ROOT\CLSID\{655560a9-3ca8-4509-9632-6abbef21426b}\InProcServer32]
@="C:\WINDOWS\system32\lgaac.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{655560a9-3ca8-4509-9632-6abbef21426b}\InProcServer32]
@="C:\WINDOWS\system32\lgaac.dll"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Dell Wireless 1370 WLAN Mini-PCI Card - Packet Scheduler Miniport
DNS Server Search Order: 10.1.1.212

HKLM\SYSTEM\CCS\Services\Tcpip\..\{08C6159C-5540-429F-8B45-6717149D5610}: DhcpNameServer=10.1.1.212
HKLM\SYSTEM\CS1\Services\Tcpip\..\{08C6159C-5540-429F-8B45-6717149D5610}: DhcpNameServer=10.1.1.212
HKLM\SYSTEM\CS3\Services\Tcpip\..\{08C6159C-5540-429F-8B45-6717149D5610}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.1.1.212
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.1.1.212
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Once in Safe Mode, open the "SmitfraudFix" folder again and double-click "smitfraudfix.cmd"
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing " Y " and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if "wininet.dll " is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing "Y" and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces.

Please post the Hijack This log requested in response #2.

Sir,

The feedback given by Mr. Jabuck, there is a link that he told me to explore just to help me. But i want to indicate the problem with that link "http://siri.urz.free.fr/Fix/Smitfra.." that there is a virus behind this site that immediately spread over the system.... the virus is "ntde1ect.com New Malware.w (Trojan)".

So plz beware of it....and reply me what do you want to say about it.

Well thanks alot to help me.
SFahad

Syed Fahad Hussain

I checked the link there is no virus loading on my computer, everything at the link is operating as it should.

You downloaded smitfraudfix once and it identified part of you problem, you should not have needed to download it again as you were not asked to do so.

Why would you not have report a problem link the first time you used it and what would cause you to believe that it originated from the smitfraudfix link?

There is a posibility that the virus on your computer reacts to certain names/web sites to discourage you from using them.