Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smitfraud.C ? [CLOSED]


  • This topic is locked This topic is locked

#1
Noobie One Kenobi

Noobie One Kenobi

    New Member

  • Member
  • Pip
  • 4 posts
Hi.. New to this forum, so bear with me...

I'm working on a friends computer. At first, on boot-up, I had the typical blue screen o' death related to the Smitfraud.C trojan. On another site (don't remember which) they said to delete "wp.exe" and "wp.bmp". Couldn't find the .exe but did delete "wp.bmp".
Now I'm stuck at a blank blue screen. When I boot up in safe mode, I get a good screen, but no useable desktop. When I do a ctrl-alt-del in either mode, I see no processes running, there are no tabs for selections, and the only buttons on the bottom are: "End Task", "Shut down", and "Cancel".
Since I can do absolutely nothing on his computer, all of the troubleshooting I've done so far, ie: virus scans, spy-ware scans, etc.. have all been done by removing his hard drive and plugging it into my PC as a slave drive.
What are my options?
thanks in advance.
  • 0

Advertisements


#2
Noobie One Kenobi

Noobie One Kenobi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
bump
  • 0

#3
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello, and welcome to the GeekstoGo Forums. My name is Jfcap,and I will be helping you clean your system. I would like to start off by apologizing in the delay in our response time. We try not to let posts slip through the cracks, but things do happen due the the ammount of posts on our website, so again I apologize.

Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Please RIGHT-CLICK: HERE and go to Save As (in Internet Explorer it's "Save Target As") in order to download Grinler's reg file. Save it to your desktop.

Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt then follow the rest of the instructions below.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid
PSGuard
AdwareDelete


Exit Add/Remove Programs.

*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES

* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.

* Save it to your desktop.

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\zloader3.exe
C:\Windows\System32\hhk.dll
C:\Windows\System32\wldr.dll
C:\Windows\System32\wp.bmp
C:\Windows\System32\perfcii.ini
C:\Windows\System32\oleadm.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\msole32.exe
C:\Windows\System32\ole32vbs.exe
C:\WINDOWS\system32\oleadm32.dll


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Make sure you can view hidden files.

Using Windows Explorer, delete the following, if found, (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\LogFiles
C:\Program Files\Security IGuard
C:\Program Files\PSGuard
C:\Program Files\AdwareDelete

Reboot into normal mode.

1.) Download The Hoster Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Right-Click HERE and Save As to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan.
  • 0

#4
Noobie One Kenobi

Noobie One Kenobi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I'm supposed to do this on the computer WITH the virus, right?
If so, I'm unable to comply with instructions because I'm unable to do ANYTHING on that computer.
Recommendations?
  • 0

#5
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello,

If you have a jumpdrive or flash drive, you can download the programs to that, and then run them in the correct order from task manager.

Press Ctrl Alt Delete then select File and then New Task

That is the only way I know of, but I will ask around incase you are unable to do the above.

Edited by Jfcap, 30 June 2005 - 11:57 AM.

  • 0

#6
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP