Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smitfraud.B + some trojans [CLOSED]


  • This topic is locked This topic is locked

#1
BugInTheSystem

BugInTheSystem

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

I`m new here and worst of all my language is not English. I hope that you will understand me.

I caght this virus because I didnt have Antivirus product for a while. Unfortunatly here is the situation:

First of all I noticed the visual effect of the malware - AV Gold + SpyRemower(or something) adware was installed. The desktop was a webpage and so on. I immediatly tried do install some AV product, but soon enough I understood that something blocked the AV-s. I tried with Panda, Trend Micro, AVG and NOD. Panda crashes the file tcpip.dll and evry time the Windows started it crashed with blue screen in the beggining. Trend Micro PC-Ciline Internet security said that its not installed properly and it cant start. AVG and NOD dind start at all. After that I tried some online scaners, but they couldnt start too. Finaly I tried to install AV Personal. And it worked I updated it and start scanning. It found some trojans that I cant remeber the name but they were with .htm file format. I notticed that when I try to do online scans the trojans were activated and prevent to load them. Unfortenatly AV couldnt delete them so I made complete scan in Safemode. AV succeeded to delete the trojans but couldnt delete Smitfraud.B. So I decided to install Panda. Well this time I succeeded to isntall it but of course it couldnt start the resident protection but i succeeded to turn on the True Prevent and it detect Smitfraud.B but couldnt delete it because it was in wininet.dll file. So once again I did cimplete scan with Panda in safe mod it detected some addware and spyware but it couldnt desinfect/delete wininet.dll file. I also installed AD-Aware SE 1.6 and Spybot 1.41 and updated them, they found CWS and some dealers and deleted them. But none of them detect Smitfraud.B. So the only thing that left was Smitfraud.B in wininet.dll file, and when I started XP in normal mode Smitfraud.B download the same trojans again. Panda couldnt desinfect wininet.dll even in safemode so I decided to rename the file and to downloade a new one. Well I did that and then the worst thing happend - explorer.exe started to crash after a few seconds. I deleted the new file and put the old one, but this continued to happen. And the most surprising thing is that the old file according to panda is not infected now? I suppose that something in the registry inserts the virus in wininet.dll evry time when windows starts. Unfortunatly nothing can detect these bad registry. I tried to do some manual searches but I found nothing.

Now I dont have explorer. I do evrything with Firefox even I use it as file browser.
I`m writing this while Im at my workplace so I cant do Hijack log now. But I will post it here after 6-7 hours. I saw some of the posts for smitfraud.c and they are pretty useful. But my concern now is to make the explorer to work. So if you have any idea how to normalize it again?

I`m with XP+SP2 , System Restore - Off, Automatic Update - ON
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi BugInTheSystem and welcome to GeeksToGo! My name is Excal and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

:tazz:

Excal
  • 0

#3
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP