[fitzh2o]

I get this message when I turn on my computer. "The application failed to inialize properly (0XC0000005). Click on OK to terminate the application." When I click OK, I get this message:

A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01) + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c

* System cannot function in normal mode.

* Scan your PC with any available antivirus / spyware remover program to fix
the problem.

These errors lock up my computer almost completely. I can't even start windows in safe mode. The only option I can use to start the computer is Safe Mode with command prompt. Can you help me with this problem. Thanks in advance.

[Advertisements]

Welcome fitzh2o to Geeks to Go!

Let's see what we can do.

We'll need to transport some files from the computer you are now using, to your infected computer.

Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.
So you'll get a new folder called smitrem on your desktop.
I want you to put that folder on cd, floppy or usb-stick.

On the infected computer:

create a directory smitrem

copy the content for the folder on your transport disk, stick or floppy into that new folder.

type runthis.bat and press enter.

Normally, you'll have to drag the different windows you'll see to left or to right, because normally they will open on top of each other and you wont see the command window the tool starts that is under it.
You'll see a blue window now.
Follow the prompts on screen.
Wait for the tool to complete.

When it's done, reboot.

Let me know how things are now.

Edited by g2i2r4, 24 July 2005 - 02:10 PM.

[g2i2r4]

Welcome fitzh2o to Geeks to Go!

Let's see what we can do.

We'll need to transport some files from the computer you are now using, to your infected computer.

Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.
So you'll get a new folder called smitrem on your desktop.
I want you to put that folder on cd, floppy or usb-stick.

On the infected computer:

create a directory smitrem

copy the content for the folder on your transport disk, stick or floppy into that new folder.

type runthis.bat and press enter.

Normally, you'll have to drag the different windows you'll see to left or to right, because normally they will open on top of each other and you wont see the command window the tool starts that is under it.
You'll see a blue window now.
Follow the prompts on screen.
Wait for the tool to complete.

When it's done, reboot.

Let me know how things are now.

Edited by g2i2r4, 24 July 2005 - 02:10 PM.

[fitzh2o]

I have loaded all the files on the infected computer. I ran runthis.bat and rebooted the computer, but I still get the error message "The application failed to inialize properly (0XC0000005). Click on OK to terminate the application."

Once I hit OK, it now shows a blue screen. It no longer gives the error message about Trojan-Spy.HTML.Smitfraud.c. But it is still locked up, and I can only start in safe mode with command prompt. If you have any additional suggestions, I would appreciate it.

[g2i2r4]

Let's see if this helps.
Download FixO by Miekiemoes and unzip it. Transfer the entire folder to the infected computer.
Make sure all the files remain in the unzipped folder.
Click FixO.bat and run it.
When it's finished, press a button and notepad will open with some txt in it.
Save that text to post here.

Reboot the computer.

How are things now? And what system are you running (XP, Win95, 98, ME)?

[fitzh2o]

I have run FixO.bat as instructed, but I still have the same error messages. I am running Windows XP. Since I can only get into the system in safe mode with command prompt, I cannot get the check.txt file off of the hard drive, because I do not a have a disk drive. Please let me know if you know of anything else I can try. Thanks.

[g2i2r4]

I'm a bit confused.

because I do not a have a disk drive

.

We transported smitrem to the infected computer, you ran it.

We transported fixO to that computer, you ran that one too.

How on earth did you transport those files...?

[g2i2r4]

Along with FixO came restore.reg. Can you double-click that one and grant permission to add it to the registry?

[fitzh2o]

I can only run only run safe mode with command prompt. With this, I am able to access the CD drive. I copied the suggested files to a CD and transferred them that way. However, I can't get any files off the infected computer, since safe mode with command prompt will not let me write anything to a CD. I have run restore.reg and added it to the registry.

[g2i2r4]

Let's check what is missing then.

move to C:\WINDOWS\System32\
see if you have these files:
control.exe

At the command prompt type
c:\windows\explorer.exe

Let me know what happens.

[fitzh2o]

I have control.exe. It's 8,192 bytes.

When I run c:\windows\explorer.exe, it gives an error message:

"The application failed to initialize properly (0xc0000005). Click on OK to terminate the application."

If I hit the OK, the message pops up again. If I hit the OK again, it takes me back to the command prompt.

[g2i2r4]

c:\windows\explorer.exe itself is present too?

[g2i2r4]

Can you put in the XP CD and hard reboot: press the on/off button and hold it for 5 seconds to turn the computer off. Wait a minute and turn it back on. See if it will start from CD.

[fitzh2o]

I am able to start Windows from the CD. It takes me to the repair Windows or install Windows screen. When I try to do a repair, it asks me for the administrator password, which I don't think I set one initially.

[g2i2r4]

Let me consult my collegues on the best next step to take.

[noahdfear]

It sounds as though wininet.dll is infected yet. The smitRem tool can normally repair that, but I believe the problem is that you're running from the command prompt and it won't run a batch from a directory other than the one you're in. First, lets try this. Change to a C: prompt. From the smitRem folder on the CD, copy replace.cmd and delfiles.cmd to C:, then type C:\replace.cmd

Reboot when finished. If no go, go back to command prompt and change directories to C:\Windows\system32\dllcache, then type dir /p and hit enter. If wininet.dll is present, change directories again back to system32 and type
ren wininet.dll wininet.old
Change again to the dllcache folder and type
copy wininet.dll C:\Windows\system32

Note the spaces in the commands!

Reboot and let us know. If it boots properly, suggest you try safe mode and run the smitRem tool from the desktop. All files must be in a folder!

If there is no wininet.dll in the cache folder, let us know as well. There are other places to look.