Help With Win32 Darksma O !

[Glassman]

Darksma O, apparently a pretty rare breed of Darksma, is proving hard to remove from my system. This version has affecting my display by giving me a screen full of a dash-like pattern. I can barely read whats on the screen, so it is very dificult to work! Would someone be willing to view my Hijack log and steer me in the right direction?

Thanks!

[PhilliePhan]

Hi Glassman,

-- Please RENAME hijackthis.exe as per the instructions in the Read Me Sticky Post I linked below. Then, give us a fresh scanlog.

-- Also, do the AVG Anti-Spyware scan as directed in the link and submit that log as well.

ATTENTION: Read Me Before Posting For Help!!

Judy or I will check back as time permits

PP

[Glassman]

Right now i'm running PC Tools AOSS; it seemed worth a try. Although the screen has remained screwed-up while running it. It seems to be detecting some problems, but the question is: can it fix them? I may cancel early to run AVG (I have not done so yet). Regardless, i'll follow your suggestions and post the info; thanks alot for your help!

GM

[PhilliePhan]

Regardless, i'll follow your suggestions and post the info; thanks alot for your help!

Happy to try to help

Let us know if you have any trouble with the AVG scan - the instructions are kinda spread out. You might want to do the Online Kaspersky as well, but we should be able to get by with just HJT and AVG for the time being.

PP

[Glassman]

I was able to finally complete all scans. Of course, AVG got hits where other programs didnt. Here are the logs...thanks again!

GM

[PhilliePhan]

Hi GM,

Let's do this first:

-- Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

-- Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C:.

Please post that log for me

IMPORTANT: Do NOT run any other options until you are asked to do so!


PP

[Glassman]

Ok, here is the log.

[PhilliePhan]

Ok, here is the log.

Ok - Let's continue:

--- Download ATF-Cleaner.exe by Atribune to your Desktop. Just leave it for now . . .

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please boot to Safe Mode.

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a Fresh rapport.txt Please post that log for me.
______________________________

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK > EXIT
______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted Zone by typing 3 and press Enter.
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note: If you use SpywareBlaster and/or IE-SPYAD, you will need to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.


Give me a fresh Rapport and an update on what problems remain.

Gotta run - will try to check back later tonight...

PP

[Glassman]

Ran ATF and Smitfraud and reprotected all within Spywareblaster, but the problem is still exactly the same. I assume my HJT log was clean, because you did'nt remark on it. Attached is the new rapport.

Let me comment on the problem once again: The whole entire screen looks like a readout of a DNA test. When I move any window, the screen either blacks out, or turns all green. Also, my screen res seems lower, but it may be the effect of the dash pattern. In safe mode the dashes become larger and fewer, and the blackout ceases, but they cover the screen nonetheless.
Also, I am getting a new message that pops up upon startup :
System error! add icon fault
or fail, can't quite tell because of screen)
The messege is contained within a small window titled 'Flash Icon'
I can't tell what the result of the error actually is.

Some icons do not even appear, that might be the result.
In addition, while looking at progrm list, I noticed four MSXML entries, three relating to SP2 and one which is a parser?? I am not familiar with these, and they are probably OK, but I thought I'd throw that out there. Sorry,on closer inspection, these are legit. I guess i'm getting desperate!!

GM

[PhilliePhan]

Ran ATF and Smitfraud and reprotected all within Spywareblaster, but the problem is still exactly the same. I assume my HJT log was clean, because you did'nt remark on it.

This may take a few tries - I'm tied up doing ten things at once! (such is the life of a Forum Volunteer! We tend to visit the forums as a break from "real-life" work... )

HijackThis looked OK - There are a few things that need fixing, but we'll get to that after we figure out the hard stuff.
HijackThis does not give us a complete picture of your machine, hence we will use a number of different tools.
-- While I remember, you can uninstall BigFix, if you haven't already

-----------------------------------
See what you can find here:

Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you may see a checked entry called Security Info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

------------------------------------

Please go to this link and follow the instructions to scan with WinPFind by OldTimer.

Also, do that Online Kaspersky Scan - I'd like to see what it turns up, if anything.

Please submit the WinPFind Log and Kaspersky Scanlog for me


Hang in there
PP