[Awoll1]

Hello eveyone,

I have a computer repair buisness and have never seen this one before a client called and they said they had a major problem. They were right, the desktop backgroud has been changed to a blue screen with the spybot-trojan.htm.smitfraud.c message and that is has fatal exectption error. The run menu is gone, allong with accessing all programs, administrative tools won't open, norton IS 2005 won't run, add/remove programs wont' run, or will internet explorer, i killed just about every thing that looked suspicious in hijack before i brought the machine in for testing. The machine has Windows media center edition with SP2 and all updates applied. with current virus defs. Dropped her into safemode and norton will still not scan as with any of the other features mentioned above, no change at all in safe mode, even with only 12 processes runing... all M$.

What the... is going on with this one there is virutuall no info on the net at all.

[Advertisements]

The first thing is to post your HijackThis log.

This bug is caused by a file wp.exe. You will see him down in the O4 entries.


O4 - HKCU\..\Run: [WindowsFY] C:\wp.exe

Terminate the process . You can use HijackThis, Config, Misc Tools, Open Process Manager, find and highlight the C:\wp.exe and Kill Process then Back and Scan and then check his box and Fix Checked. That still leaves a problem in your registry.

Start, Run, regedit, OK to bring up the regedit program.

find HKey_Current_User->Software ->Microsoft->Windows->CurrentVersion>policies (Hit the + sign in front of each Key as you find them. That will open up the subkeys.)

Under Policies is usually an entry named System. If you find it highlight it and press the Delete key. Then OK. Close the program and reboot.

Start, Control Panel, Display (Properties). This should bring up Display Properties/Background. Change the wallpaper to something else and Apply. You may also need to select Web and uncheck the box where it says View My Active Desktop as a web page. OK

It's possible that there are other registry entries but this is one I know about.

Ron

[RKinner]

The first thing is to post your HijackThis log.

This bug is caused by a file wp.exe. You will see him down in the O4 entries.


O4 - HKCU\..\Run: [WindowsFY] C:\wp.exe

Terminate the process . You can use HijackThis, Config, Misc Tools, Open Process Manager, find and highlight the C:\wp.exe and Kill Process then Back and Scan and then check his box and Fix Checked. That still leaves a problem in your registry.

Start, Run, regedit, OK to bring up the regedit program.

find HKey_Current_User->Software ->Microsoft->Windows->CurrentVersion>policies (Hit the + sign in front of each Key as you find them. That will open up the subkeys.)

Under Policies is usually an entry named System. If you find it highlight it and press the Delete key. Then OK. Close the program and reboot.

Start, Control Panel, Display (Properties). This should bring up Display Properties/Background. Change the wallpaper to something else and Apply. You may also need to select Web and uncheck the box where it says View My Active Desktop as a web page. OK

It's possible that there are other registry entries but this is one I know about.

Ron