My PC has been infected with the above mentioned "trojan-spy.html.smitfraud.c" virus(?) on 15/04/05 and ever since had biggest trouble. Immediately on infection, I have started following the help threads on this site, but to no avail. As some member mentioned, every case is unique and so I have decided to post my log here and ask for help. The symptoms of infection were similar / same as that of many others. A blue warning screen, followed by disappearance of display properties and unsolited attempts to connect to internet. All possible spyware, anti-virus programs were tried to no avail. On following some of the suggestions given in this site, I could do the following:
*Deletion of Wp.exe and Wp.bmp files
*Removal of SecurityIGuard
*Deletion of all registry entries referring to Wp.bmp
The following is the present condition of my trouble:
*PC boots only into safe mode. PC appears to function OK in Safe Mode.
*When attempting to boot in normal mode, after initial log in is over, the screen goes blank and remains blank for ever. At this stage, only Ctl-Alt-Del works, giving me option to shut down / view taks manager etc., I could figure out that "explorer.exe" process was not getting loaded.
*I have tried creating new user accounts with administrator rights and limited user rights. If logged in as limited user, system boots. However, on boot up, a dialer program pops up asking to go to "wefed.biz" website. It even attempts accessing some comouters on our intranet. System remains very slow. When attempting to log in as new administrator, the system dos not boot and the symptoms are same (blank screen). However, in safe mode, I can log in as both admin or limited user.
*When logged in as limited user and try accessing registry, the following error occurs:
Under HKU, when I click on some of the classes, it denies access saying that the key is locked by some process and cannot be opened.
Also, when I try installing any antivirus software, it fails syaing that creation of some keys failed due to denial of access.
*Tried all the following software:
-SpyBot
-SpyDoctor
-Microsoft Antispyware
-KillBox
-AVG
-Norton Antivirus
-Panda Activescan
-Scores of many others
Panda Activescan showed some infections, which it could cure and a couple of others, which it could not. I have deleted all those files mentioned by Panda Scan physically. Problem remains same.
Another point is that, I have two partitions on my HD and two working XP OSs. Right now, the OS in C: drive is non functional, whereas the one on D: is working well. However, the problem is I have most of my applications installed on C - OS. Need to get out of the problem.
I am not a novice and not an expert on XP, Registry settings etc., but can follow instructions and try advices given for fixing registry entries etc.,
I am not posting an exhaustive account of all that has been done. I will post the details as asked for.
Will look forward for help from members. Thanks in anticipation.
Rags..
Edited by rags, 22 April 2005 - 11:18 AM.