Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

smitfraud.c removed, but..............


  • Please log in to reply

#1
tim_ezell

tim_ezell

    Member

  • Member
  • PipPip
  • 21 posts
I got hit with smitfraud.c yesterday. Spybot s&d found it, but was outsmarted by it and would not take it out. I downloaded the new MS Beta spyware remover, and it removed it, BUT, left me with the, now blank, HTML page overlaying my desktop. The active part of the trojan seems to have been removed, leaving me with the active HTML page.

I tried the geek squad, the BestBuy boys, and they tried to help, but came up with no other option left but reformatting.

I am a sculptor, not a computer tech. At best a shadetree mechanic.


NO subsequent virus scans find anything any more. What do i do? :tazz:
  • 0

Advertisements


#2
phybyr0ptyk

phybyr0ptyk

    Member

  • Member
  • PipPipPip
  • 279 posts
Please Click here!, and follow the recommendations in the guide.
  • 0

#3
tim_ezell

tim_ezell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I tried earlier to download AVG 7.0 but it came in corrupted and was a no fly
  • 0

#4
tim_ezell

tim_ezell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OK, i am downloading ad aware. While i do i will try to give you what i have already done.

I got hit and imediately went for my gun. I ran spybot s&d, which found it but the canny thing would recheck itself back on when i tried to turn it off and delete it from startup menu.

So I went to msn and downloaded thier new spyware beta program. It found the trojan, isolated it, and removed all or most of it.

I also loaded a mcaffee disc a friend of mine had on hand, also updating all previous wares i had.

After the ms beta did it's thing, i ran scans with spybot, mcaffee, and the beta again. They all came up clean.

As for functionality, the autodialer was definitely gone, the link on the html page was gone.

It appears the only thing left is the html loader, probably somewhere in the registry.

The Best Buy geek squad and I ran through the system, running the msconfig task manager and shutting off every thing running in that. This was done in safe mode.

On my own i tried to do a registry restore to a previous date, but it was unsuccessful. I presume that what was left of the trojan blocked that as well as blocking the download of the avg software.

The blank html page does not interfere with anything except for not being able to see the picture of my lovely gf on my desktop, which is a true crime.

So far, it all appears clean, so thier conclusion was that the remnant is in the registry and the only solution was a full reformat. The problem with this is, i do not own an xp disc, the computer is second hand and was given to me reformatted by an friend of mine living a thousand miles from me.

i think that about covers my trials so far.
  • 0

#5
phybyr0ptyk

phybyr0ptyk

    Member

  • Member
  • PipPipPip
  • 279 posts
Have you tried to download it directly from
http://www.grisoft.com

AVG, mcaffee is a resource hog

Edited by phybyr0ptyk, 12 July 2005 - 10:50 PM.

  • 0

#6
phybyr0ptyk

phybyr0ptyk

    Member

  • Member
  • PipPipPip
  • 279 posts
I am looking into some registry keys, I will get back to you shortly.
  • 0

#7
tim_ezell

tim_ezell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
yes, i went right to the grisoft site and tried to dl from there.

And, THANK YOU for helping and for speaking english, because alot of this is all geek to me. :tazz:
  • 0

#8
tim_ezell

tim_ezell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
adaware went right into its scan upon updating without any prompt from me.

So far it has found 1 registry key (hilighted in red) and 9 registry values as well as 10 objects and 10 new critical objects.

oh yes, i also, in the midst of all this, downloaded all the security updates for sp1.
  • 0

#9
phybyr0ptyk

phybyr0ptyk

    Member

  • Member
  • PipPipPip
  • 279 posts
OK as far as I can tell XP has a key to automatically save the current desktop.
first we will want to open the registry editor
start--run (type) regedit press enter
navigate through the registry for this key

Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Modify/Create the Value Data Type(s) and Value Name(s) as detailed below.

Value Name: NoSaveSettings
(if this key doesn't exist right click in the right panel and select Dword Value
name the new key NoSaveSettings typed as seen
next set the value to "1" less the " "
Setting for Value Data: [0 = Disabled / 1 = Enabled]
Exit Registry and reboot

If the "blank is gone we have succedded and you just need to go reset your desktop and then go back to the registry editor and reset the same value to "0" so that XP will once again save your desktop settings.
  • 0

#10
phybyr0ptyk

phybyr0ptyk

    Member

  • Member
  • PipPipPip
  • 279 posts
Let all scans complete before doing the above


and glad to help if I can :tazz:
  • 0

Advertisements


#11
tim_ezell

tim_ezell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
adaware finished it's scan. it tagged 10 data miner objects and 2 aol free trials, which i knew about and had ignored
  • 0

#12
phybyr0ptyk

phybyr0ptyk

    Member

  • Member
  • PipPipPip
  • 279 posts
OK do you feel comfortable working in the registry?
please back it up before you start changing anything.
Registry -- export registry file
name it sometning simple and save somewhere easy to find.
  • 0

#13
tim_ezell

tim_ezell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
ok, i have the registry editor up, i have created a NoSaveSettings string, but how do i set the value?
  • 0

#14
phybyr0ptyk

phybyr0ptyk

    Member

  • Member
  • PipPipPip
  • 279 posts
oh sorry right click the key you created and select modify
set it as posted above hit enter
close the registry and reboot.
  • 0

#15
tim_ezell

tim_ezell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
there are already 3 strings there, as follows

(default) REG_SZ (value not set)

NoActiveDesktopChanges REG_DWORD 0x00000001 (1)

NoDriveTypeAutoRun REG_DWORD 0x00000091 (145)


and, uhm, how do i back it up?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP