Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Spy HTML Smitfraud


  • Please log in to reply

#1
paulm

paulm

    New Member

  • Member
  • Pip
  • 4 posts
Yesterday my desktop picture changed to the blue screen of death informing me that I have "fatal error in IE occurred at 0028:c0011e36 in VXD VMM (01) 00010e36. Error was caused by trojan-spy.HTML.smitfraud.c" It then says system cannot operate properly in normal mode, check security settings and to run all spyware & anti virus progs. Also have an icon in system tray that looks like an exclamation mark and continually flashes and offers all sorts of things to supposedly stop my computer being hijacked/infected/accessed etc. Have followed guidelines on other topics and run Adaware, cwshredder, spybot, housecall, pandasoft, TDS and norton antivirus but none of them have fixed the problem, although they have got rid of other bits and pieces. Have run hijack this to create a log file but as soon as the prog creates one as a txt file, norton antivirus pops up saying the file is being deleted as it is "MHTMLRedir.exploit" and wont let me access it so i cant put up a log file for you. So firstly how do i get around this so i can post a log file to get started on the smitfraud prob? Thanks in advance Paul :tazz:
  • 0

Advertisements


#2
Guest_nommork_*

Guest_nommork_*
  • Guest
For Smitfraud Only
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!
Print these instructions

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid

Exit Add/Remove Programs.

*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES http://www.xtra.co.n...1916458,00.html

Press CTRL ALT DELETE to open Windows Task Manger. Click on the Processes tab and end the following processes:

C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\intmonp.exe

Exit Task Manager.

*Click Here http://www.geekstogo...n=download&id=4 to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*In the field labeled Full Path of File to Delete enter the file paths listed below ONE AT A TIME (EXACTLY as it appears, please double check to make sure! I would just copy each file path and paste it in the field) MAKE SURE TO ENTER ALL FILE PATHS!:

C:\wp.exe
C:\wp.bmp
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe

Press the button that looks like a red circle with a white X in it after each one. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the NO button. Do this after each one until you have entered the LAST file path I have listed above. After that LAST file path has been entered press the YES button at both prompts so that your computer restarts. If you recieve an error message "PendingRenameOperation...." and your computer doesn't restart, please restart it manually.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Make sure you can view hidden files.

Using Windows Explorer, delete the following (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard

Reboot into normal mode.

*Download and install Registrar Lite version 2.00 http://www.resplendence.com/download
*Double click the purple Registrar Lite icon on your desktop.
*Copy the line below and paste it into the "Address" field (located at the top) of the program:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies

*Click the "Go" button.
*It will take you into the "Policies" folder.
*Locate the "System" folder (in the right panel)
*If found, right-click on the System folder and go to Delete
*Be very careful that you only delete the System folder that is inside the Policies folder.

Reboot your computer again.

1.) Download the Hoster from HERE <http://www.funkytoad...oad/hoster.zip> Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Download: http://www.mvps.org/.../DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp! http://www.greyknigh...spy/Cleanup.exe

4.) Run this online virus scan: ActiveScan http://www.pandasoft...com/activescan/ - Save the results from the scan!



Run at least two of these anti-spyware programs

Make sure all defintion files are up to date for all programs

Microsoft WIndows Anti-spyware
http://www.microsoft...re/default.mspx

Ad-aware se
http://www.lavasoft....ftware/adaware/

For Ad-ware se run a Full System Scan and ADS scan

Spysweeper
http://www.webroot.com

Ewido
http://www.ewido.net


Run at least two of the online AV scans:
http://www.trojanhunter.com/ Trojan hunter
http://www.pandasoft...n_principal.htm Panda Active Scan
http://housecall.trendmicro.com/ House Call (Trend Micro)
http://www.bitdefend...can/licence.php BitDefender Free OnlineVirus Scan
http://support.f-sec.../home/ols.shtml F-Secure Free OnlineVirus Scan
http://security.syma...IHKERRDTIPOKYJL Symantec Security Scan & Virus Detection
http://www.ravantivirus.com/scan/ RAV AntiVirus Online VirusScan
http://us.mcafee.com....asp?catid=free McAfee Antivirus scan
http://www.virus112....an_registration Danish Antivirus scan
http://support.f-sec.../home/ols.shtml F-SecureAntivirus scan

Post a HiJackThis log.

Edited by nommork, 08 May 2005 - 10:27 AM.

  • 0

#3
paulm

paulm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Before i go any further i just wanna check this. Have been to add remove progs and none of three progs are on there. Also run task manager and the 'processes' and neither of the 2 processes mentioned are there. Should I still continue with the rest of the instructions or is something else going on? Thanks
  • 0

#4
paulm

paulm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for the great help. All solved! Fab set of easy to follow instructions. Cheers :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP