Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan-Spy.HTML.Smitfraud.c infection [CLOSED]


  • This topic is locked This topic is locked

#1
yemustbebornagain

yemustbebornagain

    Member

  • Member
  • PipPip
  • 10 posts
Hello,
I'm new here, under unfortunate conditions. :tazz:
I've got the Smitfraud virus/trojan and can't really do anything to try and get rid of it because when the computer attempts to got to the desktop an error comes up. It reads: "Explorer has caused an error in OLE32.DLL. Explorer will now close..." When I click close it comes up again. I cannot do anything else. I'm only somewhat computer literate; I don't understand the 'Hijack This' thing. Is that an option for me, even though I can't get online or even use my computer? If I can get past the "Explorer has caused an error..." message, I think I can make it okay. Thank you in advance for your help!
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you.


We'll need to transport some files from the computer you are now using, to your infected computer.

Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.
So you'll get a new folder called smitrem on your desktop.
I want you to put that folder on cd, floppy or usb-stick.

On your infected computer, boot again in safe mode and open your task manager again.
Now insert the cd, floppy or usb-stick where you saved the smitrem folder in your infected computer.

In your Task Manager, click 'applications' (first tab).
Click the New Task button.
Cick browse.

Now browse to the drive where your floppy, usb-stick or cd is present (could be A or D or E or F.. you'll see..)
Search for that smitrem folder.
Right click on the smitrem folder and choose: Copy

Now browse again via Task Manager to My Documents or Program Files.
Right click somewhere in there, right click and choose: Paste
Now open the smitrem folder you just copied and pasted and click the file: RunThis.bat
Then click open.
In the window where it says 'Create new task', click OK.

Normally, you'll have to drag the different windows you'll see to left or to right, because normally they will open on top of each other and you wont see the command window the tool starts that is under it.
You'll see a blue window now.
Follow the prompts on screen.
Wait for the tool to complete.

When done, in Task Manager, click 'shut down' from the menu on top and click restart. Your computer will reboot now.
Reboot to normal mode and post a hijackthis log in your next reply.
  • 0

#3
yemustbebornagain

yemustbebornagain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you. I will try your suggestion, but I won't be able to get to the task manager. On the infected computer I can't do anything - even in safe mode, because of the error message. I do have the original backup disks - to reinstall Windows. If I did that, would it get rid of the virus? Or the error message? Thanks!
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
You won't be able to get rid of the error message while explorer is trying to load, but you still may be able to bring up task manager, even while the error message is showing. If you can do that just move the error message down and out of the way and proceed as if it wasn't there.
  • 0

#5
yemustbebornagain

yemustbebornagain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I should have been more specific. The computer basically freezes up because of the error message. I've tried using 'Control-Alt-Delete' to restart, but it won't let me. I've tried going to start, and it acts like it's going to (the start button "depresses") but it never gives me the start menu. It's the same thing in safe mode. Is there any way to bypass or disable the error message? :tazz:
  • 0

#6
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Do you have a boot disk and your Windows ME cd? You will have to reinstall Windows in order to repair the damage to your explorer file.
  • 0

#7
yemustbebornagain

yemustbebornagain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I have the three original Cds that came with my computer. They include Windows ME and backups of all drivers, etc. I don't have them here now, but I will get the titles of them so you can tell me which one to use first and how to bring it up. Thanks!
  • 0

#8
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
You will also need a boot disk, unless your computer is already set up to boot from the cd-rom.

If you don't have a boot disk you can make one. You just need a disk. Download wbootme.exe from here.

http://download.wind...dex.php?dlid=63

Make sure the disk is in the A drive and double click wbootme.exe
  • 0

#9
yemustbebornagain

yemustbebornagain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I think the computer is set to boot from one of the disks, but I made a boot disk anyway. Disk number 2 must be the one to use first. It says "Operating system restoration program." So as soon as I turn the computer on should I put in the floppy and the disk? Thanks.
  • 0

#10
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Put the cd in the drive. Then turn off the computer and turn it back on. If you are set up to boot from the CD-ROM and you have the right disk in you should be presented with options. I'm not sure exactly what options you will get because I don't know what's on your disc, but you should be able to sort it out.

Let me know if you run into problems.
  • 0

#11
yemustbebornagain

yemustbebornagain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Okay,
It worked with the CD. Now I can get the Win. ME desktop up. I didn't get any message about the virus. It appears to be gone. Is it? Thanks for your help!
  • 0

#12
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Chance are that smitfraud is still there on your computer. I need to see a hijackthis log in order to tell what you have running. Please go to this thread, scroll down to step five and follow the directions to download Hijackthis and create a log.

http://www.geekstogo..._Log-t2852.html

Please post the hijackthis log and let me know how things are running.
  • 0

#13
yemustbebornagain

yemustbebornagain

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Okay,
I assume I must download the HijackThis thing onto my 'infected' computer? I'll have to try and reinstall my ISP first. Thanks again.
  • 0

#14
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Yes, the easiest way to get a hijackthis log would be to connect to the Internet and download it so you can post directly here from the infected computer.

If you can't get a connection on your infected computer Hijackthis is small enough to fit onto a floppy disk. You can move it over, scan to get a log, save the log back onto the disk and then post it here.
  • 0

#15
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP