Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

messed up html.smitfraud.c


  • Please log in to reply

#1
Awoll1

Awoll1

    New Member

  • Member
  • Pip
  • 1 posts
Hello eveyone,

I have a computer repair buisness and have never seen this one before a client called and they said they had a major problem. They were right, the desktop backgroud has been changed to a blue screen with the spybot-trojan.htm.smitfraud.c message and that is has fatal exectption error. The run menu is gone, allong with accessing all programs, administrative tools won't open, norton IS 2005 won't run, add/remove programs wont' run, or will internet explorer, i killed just about every thing that looked suspicious in hijack before i brought the machine in for testing. The machine has Windows media center edition with SP2 and all updates applied. with current virus defs. Dropped her into safemode and norton will still not scan as with any of the other features mentioned above, no change at all in safe mode, even with only 12 processes runing... all M$.

What the... is going on with this one there is virutuall no info on the net at all.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 17,353 posts
  • MVP
The first thing is to post your HijackThis log.

This bug is caused by a file wp.exe. You will see him down in the O4 entries.


O4 - HKCU\..\Run: [WindowsFY] C:\wp.exe

Terminate the process . You can use HijackThis, Config, Misc Tools, Open Process Manager, find and highlight the C:\wp.exe and Kill Process then Back and Scan and then check his box and Fix Checked. That still leaves a problem in your registry.

Start, Run, regedit, OK to bring up the regedit program.

find HKey_Current_User->Software ->Microsoft->Windows->CurrentVersion>policies (Hit the + sign in front of each Key as you find them. That will open up the subkeys.)

Under Policies is usually an entry named System. If you find it highlight it and press the Delete key. Then OK. Close the program and reboot.

Start, Control Panel, Display (Properties). This should bring up Display Properties/Background. Change the wallpaper to something else and Apply. You may also need to select Web and uncheck the box where it says View My Active Desktop as a web page. OK

It's possible that there are other registry entries but this is one I know about.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP