[darby33]

Glad to know I'm not the only one with this smitfraud thing. I'm pretty dumb when it comes to computers so I hope I'm doing this right. Any help on how to get rid of this thing would be GREATLY appreciated!!!

[Advertisements]

Let's see your HijackThis log. http://tomcoyote.org.../HijackThis.exe

I'll tell you how to remove it but you should still post your log. Most people seldom only have one infection.

This is actually one of the easiest to remove.

This bug is caused by a file wp.exe. You will see him down in the O4 entries.


O4 - HKCU\..\Run: [WindowsFY] C:\wp.exe

Terminate the process . You can use HijackThis, Config, Misc Tools, Open Process Manager, find and highlight the C:\wp.exe and Kill Process then Back and Scan and then check his box and Fix Checked. That still leaves a problem in your registry.

Start, Run, regedit, OK to bring up the regedit program.

find HKey_Current_User->Software ->Microsoft->Windows->CurrentVersion>policies (Hit the + sign in front of each Key as you find them. That will open up the subkeys.)

Under Policies is usually an entry named System. If you find it highlight it and press the Delete key. Then OK. Close the program and reboot.

Start, Control Panel, Display (Properties). This should bring up Display Properties/Background. Change the wallpaper to something else and Apply. You may also need to select Web and uncheck the box where it says View My Active Desktop as a web page. OK

Ron

[RKinner]

Let's see your HijackThis log. http://tomcoyote.org.../HijackThis.exe

I'll tell you how to remove it but you should still post your log. Most people seldom only have one infection.

This is actually one of the easiest to remove.

This bug is caused by a file wp.exe. You will see him down in the O4 entries.


O4 - HKCU\..\Run: [WindowsFY] C:\wp.exe

Terminate the process . You can use HijackThis, Config, Misc Tools, Open Process Manager, find and highlight the C:\wp.exe and Kill Process then Back and Scan and then check his box and Fix Checked. That still leaves a problem in your registry.

Start, Run, regedit, OK to bring up the regedit program.

find HKey_Current_User->Software ->Microsoft->Windows->CurrentVersion>policies (Hit the + sign in front of each Key as you find them. That will open up the subkeys.)

Under Policies is usually an entry named System. If you find it highlight it and press the Delete key. Then OK. Close the program and reboot.

Start, Control Panel, Display (Properties). This should bring up Display Properties/Background. Change the wallpaper to something else and Apply. You may also need to select Web and uncheck the box where it says View My Active Desktop as a web page. OK

Ron