Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trjan spy smitfraud


  • Please log in to reply

#1
ebo0604

ebo0604

    New Member

  • Member
  • Pip
  • 2 posts
Good evening,

This is my first post and unfortunately it will not be the last. I have several infections I think but the major infection, I think is the root of all of the others. The following steps have been taken thus far:

- downloaded Spybot and ran
- downloaded AVG and ran
- downloaded and ran Ad-Aware and ran
- downloaded windows updates
- downloaded and ran HIJACKTHIS

None of the above solutions have worked. I have the infamous blue screen with the all to well known error prompt stating that my computer is infected with Trojan Spy Smitfraud.c.

Several other smaller issues are also popping up as I try to clean my computer. They are as follows:

- dialogue box stating "windows cannot find 'C:\windows\system32\msoffice exe."
- dialogue box stating "Could not load or run 'C:\windows\system32\msoffice exe specified in the registry"
- Uninstalled Norton but as I use the downloaded scans, they scan up to the point of scanning the Program files of Norton (which I have tried to remove but they remain) and simply get hung up for lack of a better term.

If I understand the rules correctly, I have to allow this to post first before I paste the log file from HIJACKTHIS. So, here is my post and I wait patiently for someones all knowing assistance. Thank you in advance.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 17,336 posts
  • MVP
The first thing is to post your HijackThis log.

The smitfraud bug is caused by a file wp.exe. You will see him down in the O4 entries.


O4 - HKCU\..\Run: [WindowsFY] C:\wp.exe

Terminate the process . You can use HijackThis, Config, Misc Tools, Open Process Manager, find and highlight the C:\wp.exe and Kill Process then Back and Scan and then check his box and Fix Checked. That still leaves a problem in your registry.

Start, Run, regedit, OK to bring up the regedit program.

find HKey_Current_User->Software ->Microsoft->Windows->CurrentVersion>policies (Hit the + sign in front of each Key as you find them. That will open up the subkeys.)

Under Policies is usually an entry named System. If you find it highlight it and press the Delete key. Then OK. Close the program and reboot.

Start, Control Panel, Display (Properties). This should bring up Display Properties/Background. Change the wallpaper to something else and Apply. You may also need to select Web and uncheck the box where it says View My Active Desktop as a web page. OK

I'll need your logfile to do get rid of the other stuff.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP