Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus removal [CLOSED]


  • This topic is locked This topic is locked

#1
ldavis

ldavis

    Member

  • Member
  • PipPip
  • 12 posts
I have a machine with Windows 98 that has the smitfraud spyware on it. It is preventing me from taking any action to clean it since I can't do anything due to the Security Warning box and the Explorer box with the "Program has performed an illegal operation" explanation popping up and I can't get them to go away. Is there any way to bypass this and install software to allow me to erase the spyware?
Any, and all, help is greatly appreciated.
Thank you,
Larry
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi ldavis and welcome to GeeksToGo!


You have the latest and greatest infection and it has alot of hidden files that need to be dealt with. I would high suggest that you go to the following link and follow all instructions.

http://www.geekstogo..._Log-t2852.html



:tazz:


Excal

Edited by Excal, 22 June 2005 - 07:32 PM.

  • 0

#3
ldavis

ldavis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I really appreciate the information and agree all these things certainly need to be done to my computer. But, the problem is that I can't run any type of cleanup software because I have absolutely no control of the computer. I can't even open "My Computer" since the spyware has control.

When I boot the computer, the Security Warning message comes up and stays on the monitor. It says" A fatal error in IE has occurred at 0028:C0011E36 in VXD VMM(01)+00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c" Then once the desktop comes up, the Explorer box saying "This program has performed an illegal operation and will be shut down" appears. I can't get these to go away. They prevent me from going any further.

The only time I have any control is during the boot when I can go to the Safe mode. However, this doesn't seem to help me any.

What would really be a big help is if you can tell me how to go about gaining control so I can download and run antivirus softwares. Until I can do this, I'm basically stuck.

Again, I really appreciate any, and all, help.


Thank you,
Larry
  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Do you have another computer that you might have access to that you could download the programs and trasfer them onto floppy or cd?


Excal
  • 0

#5
ldavis

ldavis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Excal,

Yes, I have Adaware, Spybot S&D, Spydoctor, and Stinger 247 on a cd. I also have McAfee Internet Suite 2005 on cd. I tried to load it but had no sucess. I'm sure there's a way. I just don't know what to do at this point.

Thanks again for your help.

Larry
  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Larry,

See if you can get these 3 downloads into the computer, if we have these two we should be able to fix your computer ;)


Adaware (which you already have)

Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/


If you get these downloaded, please do not run any of them,.


Thanks,

:tazz:

Excal
  • 0

#7
ldavis

ldavis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Good Morning Excal,

I have all three of these on cd. But, I still can't get anything to download. The spyware seems to have all my options blocked. No matter how many times I click "Close" on the Explorer error message, it pops back up. The "fatal error" screen is also there. If there is a way to disable these, I may be able to do something.

Thanks again for your help.

Larry
  • 0

#8
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Larry,


If you have the smitrem.zip on floppy, go into safe mode and try to get it transfered that way. Then run it in safe mode. This should be enough to get your running so we can clean the rest of your computer


Let em know and good luck


:tazz:


Excal
  • 0

#9
ldavis

ldavis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Excal,

I have smitrem.zip on a floppy. I can go to the safe mode and still have no control. However, I can get a dos prompt and read the "a" drive. But, as luck would have it, I can't remember how to load a program from dos. I tried all I could remember to no avail.

If you could help me with this I feel we could resolve this.

I apologize for all the trouble. But, I do appreciate all your help.

Thanks,

:tazz:

Larry
  • 0

#10
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hey Larry,

We will get thru this ;)


I need you to unzip that program into an uninfected computer. Then copy RunThis.bat on to a disk. (runthis.bat is one of two files located in this zipped folder)

After you put the disc into your machine, go to dos and do the following:

Type this

cd a:\ (or what ever letter is designated as your disc drive)

then type this

copy RunThis.bat C:\

then type

cd C:\

then type this

run RunThis.bat

pleas let me know how this works out for you before you try any fixes.



Thanks,

:tazz:

Excal

Edited by Excal, 25 June 2005 - 05:13 PM.

  • 0

Advertisements


#11
ldavis

ldavis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Good Morning Excal,

Well, I ran the RunThis as you said. It was showing a list of what it was deleting until it got to "Deleting Windows". At this point it stopped. After allowing the computer to sit for awhile, with no further action, I rebooted it. It looks as if it was actually deleting everything. Now, it seems, I have nothing. Is this what is supposed to happen?

Larry
  • 0

#12
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Larry,


I am checkking this out with other staff members.

Can you tell me if you deviated from the instuctions at all?

I will get back to you as soon as possible


Thanks,

:tazz:

Excal
  • 0

#13
ldavis

ldavis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Excal,

No, there was no deviation. I went by them line by line.

Thanks,
Larry
  • 0

#14
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Larry,


Can you boot up into safe mode now? If you can't what error does it give u if any?


Thanks,

:tazz:

Tom
  • 0

#15
ldavis

ldavis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
EXCAL,

When I boot up now, it goes to the Microsoft Windows 98 Startup Menu which is where I can choose Safe mode. It lists the 6 choices and has a warning below the list. It says "Warning: Windows has detected a registry/configuration error. Choose, Command prompt only, and run SCANREG." when I try to run SCANREG it says "The following file is missing or corrupt: scanreg. Type the name of the Command Interpreter (e.g., C:\WINDOWS\COMMAND.COM).

If I try to go to Safe mode, The Windows screen comes up for a moment then goes back to the Startup menu with the following warnings...

The following file is missing or corrupted: C:\WINDOWS\HIMEM.SYS

The following file is missing or corrupted: C:\WINDOWS\DBLBUFF.SYS

The following file is missing or corrupted: C:\WINDOWS\IFSHLP.SYS
Type the name of the Command Interpreter (e.g., C:\WINDOWS\COMMAND.COM)
C>

Thanks for all your help.

Larry
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP