Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan-spy.html.smitfraud.c


  • Please log in to reply

#1
Alex K

Alex K

    New Member

  • Member
  • Pip
  • 8 posts
Hey Guys,
great website you got going here, it helped me out quite a couple of times. Now I have a little problem though that I can't seem to solve on my own this time. I'm another victim of the "smitfraud.c" trojan. I tried to solve it the exact way " the user "Pele" been helped out - (topic: trojan-spy smitfraud.c solved"). I downloaded all the required programms but for some reason I can't open hijackthis. everytime a click on the folder there's only the dynamite icon showing which doesn't start anything when I click on it. My questions: how can I open it correctly and is it possible to solve the smitfraud problem, the exact same way as descriped in User "Pele's" thread? Or is this a individual guide suited to his particular trojan only?

thanks a lot in advance and keep up the good work.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 17,336 posts
  • MVP
Under Review
  • 0

#3
Alex K

Alex K

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Ron, thank you so much for your quick reply, your time is really appreciated.

Unfortunately I couldn't apply all the steps given by you because when I rebooted my computer I was tapping F8 all the time but it simply did not react at all and booted just as usual. Since I'm a first time XP user I don't know any other way to reboot it into the safe mode.
I also tried to select 'start' - 'run' and typed del/f/q c:wp.exe anyways without being in safemode and it stated "wp.exe access denied". What shall I do? I'm lost.

Edited by Alex K, 24 April 2005 - 09:01 PM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 17,336 posts
  • MVP
Under Review
  • 0

#5
nathan1314

nathan1314

    New Member

  • Member
  • Pip
  • 4 posts
I have this trojan-spy.html.smitfraud.c problem. i have searched the web without much help. I found this site and this thread is this the best way to solve this problem right now?
  • 0

#6
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
nathan1314

Please see this thread - http://www.geekstogo...?showtopic=2852

Also be sure you read the forum rules.

Do not post your problems into other open logs saying "I have the same issue, here is my log" etc. This is too confusing for everyone involved.


Alex K

Sorry for confusing your log with this.

ScHwErV :tazz:
  • 0

#7
Alex K

Alex K

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi, no problem the only thing that's confusing me right now is my very own computer itself...

Alright, I've downloaded killbox successfully put it on my desktop, opened it and typed c:\wp.exe into the box and pressed the red button and yes. It said file deleted. Hope everything works out fine from now on. So what's next?
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 17,336 posts
  • MVP
Under Review
  • 0

#9
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Alex and welcome
I m going to be helping you out here,

Lets get a look at the HJT log please,

everytime a click on the folder there's only the dynamite icon showing which doesn't start anything when I click on it

Double click on it :tazz:

Click Here
Its an easy to follow tutorial for HJT,

Post back a log for me please,

Thanks
Don
  • 0

#10
Alex K

Alex K

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Don,

How you doing, buddy? Thanks for helping me out. I have created a folder on my desktop and I "extracted all" into that particula folder. Again I tried to double click :tazz: on the dynamite Icon but no window opend at all. Am I doing something wrong while extracting the hijack zip file? I checked out the link ("Quick start" introduction) you provided for me but I just can't figure out what I'm doing wrong...

Thanks again for your help, man your time and effort are really appreciated.

Edited by Alex K, 27 April 2005 - 05:22 AM.

  • 0

Advertisements


#11
eireanninion

eireanninion

    New Member

  • Member
  • Pip
  • 2 posts
Please refrain from replying to topics in the malware forum until you have been traind at GeekU
Thanks
Don

  • 0

#12
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi Alex,

Your welcome.
Please take your time and review each step as needed, If you have any questions at all, just ask, We are here to help.
with that said

Please see this Topic
Run through steps 1 and 2, After you have completed those see if you can open HJT please,

Let me know
Don
  • 0

#13
Alex K

Alex K

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Don,

I really tried everything the last week but it just doesn't seem to work out. Everytime I try to download one of the programs you linked me to, the download stops at 50% and a message appears stating the" connection to the server was reset" I tried downloading each and every program from the page you refered me to - same deal every time, after 50% it stops downloading. What shall I do?

I feel kinda akward because everytime you guys give me instructions there's something new coming up but I hope we'll manage to fix it eventually. Sorry about the hassle.

Thanks again guys.
  • 0

#14
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
OK Alex lets try some manual removal,

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid


Exit Add/Remove Programs.

You said you were able to download killbox,

* Please run Killbox.

* Select "Delete on Reboot".

* Open the Notepad file where you saved the file paths earlier and copy the file paths below to the clipboard by highlighting them and pressing CTRL + C:

C:\wp.exe
C:\wp.bmp
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.



Next, We need to see if we can atleast download the following
Dowload the following program
CWShredder
It should be the current version, but check for updates
Run Program cwshredder and have it fix anything it finds.
Make sure you click the “Fix” button

If you can't download it on your computer is there another computer you can download from and save it to a floppy and carry ot over to your computer


Let us know how you make out
  • 0

#15
Alex K

Alex K

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Pal, thanks for the quick reply. I managed to download the cw shredder successfully. But what point of your instruction I don't quite get ist: "Open the Notepad file where you saved the file paths earlier". I can't recall having saved any file paths earlier and what Notepad file do you mean?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP