Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

trojan problem

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 9 posts
Ok I hope someone will be able to help me with this problem.

Now, this problem is not on my computer, but it is on my buddies computer and I am not currently at his house. However I have been over there and checked out what was going on and I got nowhere with it.

Currently I cannot get IE to run on his computer because when you click the shortcut or the actual target it says the same thing. Something like: either the file has been moved or dosent exist OR you donot have clearence to access this file.

The larger problem however is the blue background that says an error has occured in IE and it is called Trojan-spy.HTML.smitfraud.c. When I first got onto his computer his desktop would load and all of the Icons were present so ofcourse thinking this was a "normal" virus/spyware/Trojan I ran the gauntlent of spyware programs. (Norton,AdAware,Microsoft AntiSpyware) When I ran these programs I found a few threats and deleted them (to get some of them I had boot into safe mode) however when I rebooted in normal mode I found that I had some how made something worse. Because when windows restarted I didn't get windows explorer. I remember the name of the two main file that I deleted, and they were: SMSSU.EXE and Tmntsrv32.EXE and were both located in C:/windows/system32 folder.

Because I am not able to access the internet from his house I was hoping that someone could give me some general information on what to do to remove this threat and if there are any programs that might be able to help me.

I am at the end of my freshman year of an Information Technology degree so I have about that much technological knowledge, if that will help you to know what level I am on compared to you smart people.

Thanks a lot to anyone who can help me with this problem
  • 0




    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Ok sorry for the new post but edit didn't work.

I think it is important to note that I don't think that I will be able to add any programs to the computer, because I can't get the desktop icons or even the start menu to load up. I do have a jump drive that I could download the programs to but I don't know if it will let me install it through task manager.

However, even if I do get that hijackthis program to run I won't be able to post the log of it here.

I have just found out that my friends dad has a laptop that we can use to conect to the internet so that i will be able to post my logs if that will help.

Edited by Tu_mater, 03 May 2005 - 07:05 PM.

  • 0



    Spyware Veteran

  • GeekU Moderator
  • 32,352 posts
copy the part below into notepad and save it as unhko.reg





[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ATLASSstp]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\HTASSstp]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\MSMsgSvc]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SEHLPstp]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\WTLBAstp]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]



Doubleclick the file and confirm you want to merge it with the registry.

*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:


*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
After the reboot run HijackThis again and check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:
Then run HijackThis again and check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home
O2 - BHO: XMLDP Class - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - C:\WINDOWS\xmllib.dll

O4 - HKCU\..\Run: [Tmntsrv32] C:\WINDOWS\System32\Tmntsrv32.EXE

Reboot once more and post a new HijackThis log.

Maybe you can put the file I made and Killbox on a floppy and take it to theinfected computer. You should be able to get back on the net once you have performed the actions above.

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP