Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Avoidance of smitfraud


  • Please log in to reply

#1
Illinois

Illinois

    New Member

  • Member
  • Pip
  • 4 posts
My son's computer is infected with this smitfraud and an about:blank too I think. The fix is beyond my computer expertise so I am waiting for my husband to get home next Saturday and fix it. I have disconnected the infected computer from the lan. I cannot afford to lose my main computer to this infection. Do you know if any of the virus protections will spot smitfraud and keep it from infecting my computer? I need to work online for a school project but cannot allow this computer to go down. My son did not have any virus protection on when his computer was infected.
Thanks, I apologize if there is a better forum for this question - I didn't see one.

TW
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Do you have any Antivirus Software Installed on the PC now?
  • 0

#3
Illinois

Illinois

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Yes, norton 2004 with regular updates
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Hi Illinois,

Smitfraud.C is spread as a phishing scam by mail.

So if you don't open any suspect mails from banks (even if it is your own) or any other mails asking you to login on a website, you should be fine.

Regards,
  • 0

#5
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK Illinois,If you have a functional PC and can keep posting,I think we can get this PC back up and running!

Illinois,only if you want to,Download HijackThis to your PC and Burn it onto a CD-R or a Floopy Disc!

Ultimately,if you can burn HijackThis to a Floppy,you can use that floppy to Scan the PC and Save the Log,The Log should be saved to the Floppy so you can take the Floppy back to your PC and Copy&Paste the Log to this Post!

HijackThis 1.99.1:
http://majorgeeks.co...wnload3155.html

Also,this may prove to be a useful little utility and should fit on a floppy with HijackThis:

Download the Hoster from here:
http://www.funkytoad...load/hoster.zip
Press "Restore Original Hosts" and press "OK". Exit Program.
This will restore the original Hosts file.


Start the Infected PC up in Normal Mode but leave the Internet Connection Unplugged!


Scan the Infected PC with HijackThis and Save the Log to the Floppy Disc!

Take the Floppy back to your PC and Post the Contents of that Log!

Before doing anything else,Run the Hoster Program!

Something I have had success with lately is to go to Safe Mode and Launch the Antivirus but dont run it yet,you just want to open it and leave it be for a minute!

Open the TaskManager>>Click Processes>>Locate these 2 Processes:

RunDll32.exe
and
Explorer.exe

Right Click each and select End Process!

Now when you end the Explorer Process,the TaskBar and Desktop will disappear,this is completely normal and totally safe to do!

Just make sure to leave the Task Manager Open,so you can use it to Shut Down the PC!

With all this in place,Go to the Antivirus Program that will still be open,this is the best chance the Antivirus Program is going to have to remove any Infections it Identifies!

Also,some files and folders to look for on the PC:

From Add\Remove Programs:

Security IGuard
Virtual Maid
Search Maid

Files and Folders from Various locations:

C:\wp.exe
C:\wp.bmp
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard


I hope this will help you out a little,atleast it will be a good start!!!

Post back with any questions!!!
  • 0

#6
Illinois

Illinois

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you for the offer but I think it will be good for my son to lose his computer for a week - he will learn not to open unknown emails. I'll wait for my husband, who knows the computer inside and out, so he knows what is being changed and why. But thank you. I just wanted to be sure I wouldn't infect the other three computers by surfing - I thought he caught it on-line, not by email.

Thank you for the quick responses.
  • 0

#7
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Not a problem,I have a 16 yr old boy and a 18 yr old girl,I know exactly what you are talking about!!!

If yall need us,you know where to find us!!!

Thanks for Metallica giving us that Info,I have a world of respect for any advice he has!

Good Luck :tazz:
  • 0

#8
Illinois

Illinois

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Everyone,

Thanks for the inputs. I am Illinois husband and I can whip this puppy next Saturday. Turns out, I had a "helpful" father-in-law that gifted a computer upgrade to my son while I was gone. I have a pretty good hunch the virus was already there but I can trace it's origin when I get back.

The machine is behind a firewalled router so it had at least some protection but it did not have Zone Alarm Pro installed like my other machines. It also did not have virus protection like my other machines. Some gift eh?

No worries, I'll wrestle that pesky virus to the ground, rips it's heart out, and feed it to the fish. If it get's stubborn I'll ghost the drive and fry that sucker.

Lesson learned - Do it yourself if you want it done right.

Thanks,

Ambassador
  • 0

#9
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
LMAO!!!!!!!!!!!!!!!! Aint Family great!!!!! ;)

Thanks for the smiles,I needed them!!!

Have fun!!!! :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP