smartsecurity

[guestolo]

Removed

[grrr]

This foooker has got me mad!!! i got so mad i sent them an abusive email, telling them to sack their marketing division...as if anione would buy a product from such a company?! sum idiots must do though!  thanks for everyones advice on the desktop removal though, it did work...and im gona set a night aside for trying to get rid of it fully!   http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />

[Guest_guest]

Thank you guys (gals) so much.  Finally returned desktop to normal.  I ran Ad-aware Se after the change and found many new problems.  FYI I was hit by smartsecurity in an email.

[Guest]

Yes

Thankyou to everyone involved in this thread - I got hit today (2nd Jan 05!) and this was the only help available.

Gee... this scum at SmartSecurity have certainly put together the single worst computer virus problem I have ever dealt with. If i ever get hold of the guy responsible I'm going to stick three poles up his arse and open him up like a teepee.


Thank You All!

[Guest]

Thanks for the help.

Frankly the amount of time that I spend cleaning all this crap of my puter is enormous.  It is the biggest form of terrorism impacting american business today and that is how it should be addressed.

I would love five minutes ina back alley with any of the writers of this virus' - only one of us would be walking away!!!

Lets make it legal to kill spammers!!!!!!!!!!!!!!!!

[Michael]

I was hit by this on Monday night.
I removed 'desktop.html' straight away, changed my background to a normal screen(unclicking 'Security').

I unfortunately can't find any mstasks2.exe , mstasks.exe, mstasks3.exe or mstasks4.exe . I'm going to make the change to the '0' text document. I also can't find a notepad file called secure32 or system32.dll , have they changed the file names?

I haven't got Norton Anti-Virus but Im hoping with a swift scan from this baby I should be able to finally get rid of the Trojan. There's still no indication that its there but I've got a feeling it is.

I will check the folder 'winnt' also, but my os is XP , where would I find the files : seksdialer.exe, desktop.exe, system.exe, load.exe,

How do I check the registry ?

Please please please help!!!

[Guest_Lauren]

I used Highjackthis to scan my computer I too was hit with the smartsecurity arses and was able to get rid of the background but still have their [censored]e on my computer along with "teen [censored] pics" which I can't seem to get rid of because when I try to delete it says I have to REMOVE the program so I go to and I can't find it! Other times it says it is open or the disk is full or write protected...please help!

what should I get rid of from my highjackthis scan....

Logfile of HijackThis v1.99.0
Scan saved at 2:45:59 AM, on 1/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\kernels32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\110474~1\EE\AOLHOS~1.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\PROGRA~1\COMMON~1\AOL\110474~1\EE\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WebSiteViewer\125209.dlr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Snuggles\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Snuggles\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Snuggles\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Snuggles\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Snuggles\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Snuggles\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Snuggles\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O1 - Hosts: 127.0.0.3 www.iframedollars.biz
O1 - Hosts: 127.0.0.3 iframedollars.biz
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 www.pizdato.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4AF3A5A2-670A-46E4-BAFB-9D9BF658F75F} - C:\WINDOWS\System32\jnfi.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104745260\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0\Email RemovedEXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O18 - Filter: text/html - {3A8D399B-F35A-430A-BD84-116E65D3CD2F} - C:\WINDOWS\System32\jnfi.dll
O18 - Filter: text/plain - {3A8D399B-F35A-430A-BD84-116E65D3CD2F} - C:\WINDOWS\System32\jnfi.dll
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

[horefrost]

I understand all the pain that all of you went throught and thank god for this site!!!  I did what the first guy said to do.  Right clicked in the upper right corner and such.  I was still worried that it was on my computer as well so I went into my windows and looked for the secure folder.  Couldn't find it!  So I listed everything so that I could see the date modified and found a file that said "desktop" with an icon next to it.  I think that I'm rid of them now.  I guess we'll see.  Isn't this some form of racketeering?  Poisoning someone and then offering the antidote?  What agency governs this?  The FCC or the FBI?  I'd love to know...  I'll report these bastards!!!!  Any ideas, email me at horefrostEmail Removed.  

Thanks again!!!!

[bobby]

OK. First thing: thank you all for being smarter than me. I spent 2-3 days just trying to find a site like this with people that understand all this stuff. I didn't realize how little I knew about computers until this.
I've been on this site for a week now. I've deleted the same files so damn many times I could puke. I went to their site [ http://www.smart-security.info/removal.html ] and got their "fix" four times and of course got nothing done. I've read over the posts from you guys/gals so many times, I feel like I should send out birthday cards or something.
So...
I've got an Inspiron 1100 laptop
windows XP
black screen [temp removal thru the 'right click at the top' method]
"! protect your data" icon on desktop
blah, blah, blah [same [censored] as everybody else]
ad-aware se personal
17 smart/full scans later, the only thing I've gotten done is the removal of the "TEEN [censored] PICS" icon that came up with the S.S. bs.
Any other ideas would be greatly appreciated, and thanks to the website for being available and to all those who contributed.

Bobby

[guestolo]

Guest Lauren, would you mind starting your own post in this forum, it will get to confusing posting back to a hijackthis log in a thread this long

Simply click on this THIS LINK

And then click the START NEW near the top

Can you also redownload Hijackthis and save it to a permanent folder
C:\Documents and Settings\Snuggles\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
That tells me you just opened the zipped file or didn't save it to a permanent folder

Create a permanent folder
EG....Double Click "MY Computer"
Open your C: drive
Click "File" >>> "New" >>>> "Folder"
A new folder will be created, name it HJT

Now you will have C:\HJT

Anything removed will make backups, the backups will be lost if you clear your temp folders

You can redownload hijackthis from my signature below........

[jojo]

Thank God! There's a place in heaven for you all!

And I hope a place in hell for smart serciuty!!!!!!!!!!!!!



It was driving me crazy!

How are we going to report them?

[Guest_Paul]

I did the right click thing & it worked. I have 5 users on my machine & only my background was affected. A possible solution would be to create a new user, transfer your necessary stuff to the new one & delete the old user. Also, a small tactical nuclear weapon should take care of the wonderful people at smartsecurity. If anyone knows where they are please pass their phone # to every telemarketer that you know.

pjz037Email Removed

[John W]

ITs back  I have been fighting this thing for the part week. Spent $120 on new
Norton Virus Software and Spyware and neither can get rid of this crap.
I Will try some of the suggestions from the postings here and hope they work.

[Guest]

Is there any way to sue smart security so they cant do this to anyone else again. I think it is terrible that someone could get into your computer and royaly screw it up. I cant even use my task manager to close out programs anymore due to them. I keep getting and error message saying task manager has been disabled by administrator. If anyone has any suggestion on fixing that let me know at [email protected].

[Guest]

idd. Those smart security people almost caused me a heartattack.
A whole PC screwed up in 10 seconds.
I did a brute force cleaning with CWS, Hijackthis, adaware, Trendmicro... all at the same time. Done this 3 times and everything is clean now ( i hope so ).

Please do me a favour and wish those assholes a painfull dead on
http://www.smart-security.info/feedback.php?a=1

[kkbrown]

[quote name=\'Guest\' date=\'Jun 13 2004, 04:27 PM\']this is the only way i know of how to remove this crap..

i hate those [censored]ers at smart security..

at the very top of the screen, right click, it should appear as a standard option menu (compared to when right click the big black desktop..)

as you right click, select properties..

destop tab..

click the "customize destop" button at the bottom..

select the "web" tab..

an uncheck the "security" box..

and your done..i would suggest you dl some type of adware killer..

if anyone has anymore ideas, or questions, email [email protected][/quote]
 YOU ARE THE MAN, This damn thing had me up all night, At least I got my drives squeaky clean.
Thanks Dude

[Guest_tom_*]

This guy got me so mad!!! You can't believe it!! I send the "company" a first mail demanding them to send me removal instructions through email, they didn't respond. Then i found out through this forum this guy is based in Overijse, Belgium. I live in Belgium too, so i sent him a second mail warning him i will come to his house when he doesn't tell me how to remove this [censored]. And believe me, i will!!!

[guestolo]

Guest Tom, and any others
If you need a hand removing this from your system

Can you do what I asked from Lauren above

Simply click on this THIS LINK

And then  start a NEW TOPIC
near the top

Include a Hijackthis log
Can you Download Hijackthis 1.99
A small utility to help identify if any Hijackers, Malware, Spyware, etc.....Reside on your computer

Important: Create a Permanent folder for Hijackthis
Double Click "MY Computer"
Open your C: drive
Click "File" >>> "New" >>>> "Folder"
A new folder will be created, name it HJT

Now you will have C:\HJT

Download Hijackthis from CLICK HERE or CLICK HERE
Save it to that new folder

Do a SCAN and Save a Log file---Save the log----copy and paste the WHOLE contents of the log  here... Don't try and fix anything yet----It is all important

DO NOT post the log in this thread
It is get confusing to post in this long thread

[Geust]

I tried everything on this page and nothing worked so i went out and bought SPY Sweeper. I ran it and a bunch of IE popups came up that were very odd, i thought nothing of it till my comp shut down. After i logged in all i have is my normal back ground BUT no programs or start menu. To do anything i need to use ctrl+alt+delete, the new task. is their anyway i can get it back, to normal? Also my norton AND my spysweeper both cant clean it! and now i cant even try a system restore to see if that would work http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'\' />. HELP ME!

[Guest]

i have a question...i removed my constant white background...but why did this happen? am i still being [censored]ing hijacked?? and how do i stop it?! anyone?