| View previous topic :: View next topic |
| Author |
Message |
Hijackedmatt
Cadet
Joined: Dec 10, 2005
Posts: 2
Location: USA
|
 Posted: Mon Dec 12, 2005 1:03 am Post subject: Smitfraud leftovers according to Spybot |
|
|
I was hit by the SpyAxe malware and, while it took a lot of work, it was removed using the various directions posted to do so. The problem is when I run Spybot. It is stating that the Smitfruad-C. is still found. When I click on it to be fixed, Spybot says it cannot due to the fact the item is still running or in memory. The path below is the item. Can this be manually deleted or am I missing something. I am scared to death of messing with the regestry without prior knowledge. Can someone help me?
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-2427726106-2774426341-1010874584-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=W=4
If you need Hijackthis postings or anything else, let me know. I hate this stuff! I want a virgin computer again.
|
|
| Back to top |
|
 |
Oldfrog
Special Response Team
Joined: Jun 27, 2004
Posts: 8576
Location: Deep in the Heart of Texas
|
| Posted: Mon Dec 12, 2005 1:33 am Post subject: |
|
|
That registry key refers to an entry in one of the IE Security Zones. Since the value is not shown it is impossible to tell for sure which zone it is in. I suggest that you open IE and go to Tools > Internet Options and click on the Security tab. Highlight the zones in turn and click on Sites. This will show all the sites in that particular zone. Look for free-spy-cam.net and determine which zone it is in. If it is in the restricted zone this is quite safe and provides protection should you inadvertently visit that site.
_________________
 MS MVP Security 2006-2008
|
|
| Back to top |
|
|
Hijackedmatt
Cadet
Joined: Dec 10, 2005
Posts: 2
Location: USA
|
| Posted: Mon Dec 12, 2005 6:00 am Post subject: |
|
|
Thanks for the info. It is nice to know that it may not be a problem. Is there a way to let Spybot S&D know that this is not a problem? And why would this show up after the SpyAxe attack? I have been using Spybot prior to the attack and this had never shown up before. Any ideas?
|
|
| Back to top |
|
|
Oldfrog
Special Response Team
Joined: Jun 27, 2004
Posts: 8576
Location: Deep in the Heart of Texas
|
| Posted: Mon Dec 12, 2005 2:51 pm Post subject: |
|
|
Like I said earlier, I can't tell from the information provided which zone that key places the URL in. If it is placed in your trusted zone then I would consider it a problem. If it occurs in any zone other than Restricted I would simply remove it using the IE applet. If it is in the Restricted zone then you can mark it as safe in Spybot by selecting that detection then right clicking it and selecting "Exclude this product from further searches".
_________________
MS MVP Security 2006-2008
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
