[ebo0604]

Good evening,

This is my first post and unfortunately it will not be the last. I have several infections I think but the major infection, I think is the root of all of the others. The following steps have been taken thus far:

- downloaded Spybot and ran
- downloaded AVG and ran
- downloaded and ran Ad-Aware and ran
- downloaded windows updates
- downloaded and ran HIJACKTHIS

None of the above solutions have worked. I have the infamous blue screen with the all to well known error prompt stating that my computer is infected with Trojan Spy Smitfraud.c.

Several other smaller issues are also popping up as I try to clean my computer. They are as follows:

- dialogue box stating "windows cannot find 'C:\windows\system32\msoffice exe."
- dialogue box stating "Could not load or run 'C:\windows\system32\msoffice exe specified in the registry"
- Uninstalled Norton but as I use the downloaded scans, they scan up to the point of scanning the Program files of Norton (which I have tried to remove but they remain) and simply get hung up for lack of a better term.

If I understand the rules correctly, I have to allow this to post first before I paste the log file from HIJACKTHIS. So, here is my post and I wait patiently for someones all knowing assistance. Thank you in advance.

[Advertisements]

The first thing is to post your HijackThis log.

The smitfraud bug is caused by a file wp.exe. You will see him down in the O4 entries.


O4 - HKCU\..\Run: [WindowsFY] C:\wp.exe

Terminate the process . You can use HijackThis, Config, Misc Tools, Open Process Manager, find and highlight the C:\wp.exe and Kill Process then Back and Scan and then check his box and Fix Checked. That still leaves a problem in your registry.

Start, Run, regedit, OK to bring up the regedit program.

find HKey_Current_User->Software ->Microsoft->Windows->CurrentVersion>policies (Hit the + sign in front of each Key as you find them. That will open up the subkeys.)

Under Policies is usually an entry named System. If you find it highlight it and press the Delete key. Then OK. Close the program and reboot.

Start, Control Panel, Display (Properties). This should bring up Display Properties/Background. Change the wallpaper to something else and Apply. You may also need to select Web and uncheck the box where it says View My Active Desktop as a web page. OK

I'll need your logfile to do get rid of the other stuff.

Ron

[RKinner]

The first thing is to post your HijackThis log.

The smitfraud bug is caused by a file wp.exe. You will see him down in the O4 entries.


O4 - HKCU\..\Run: [WindowsFY] C:\wp.exe

Terminate the process . You can use HijackThis, Config, Misc Tools, Open Process Manager, find and highlight the C:\wp.exe and Kill Process then Back and Scan and then check his box and Fix Checked. That still leaves a problem in your registry.

Start, Run, regedit, OK to bring up the regedit program.

find HKey_Current_User->Software ->Microsoft->Windows->CurrentVersion>policies (Hit the + sign in front of each Key as you find them. That will open up the subkeys.)

Under Policies is usually an entry named System. If you find it highlight it and press the Delete key. Then OK. Close the program and reboot.

Start, Control Panel, Display (Properties). This should bring up Display Properties/Background. Change the wallpaper to something else and Apply. You may also need to select Web and uncheck the box where it says View My Active Desktop as a web page. OK

I'll need your logfile to do get rid of the other stuff.

Ron