Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan-Spy.HTML.Smitfraud.c


  • This topic is locked This topic is locked

#1
fitzh2o

fitzh2o

    New Member

  • Member
  • Pip
  • 7 posts
I get this message when I turn on my computer. "The application failed to inialize properly (0XC0000005). Click on OK to terminate the application." When I click OK, I get this message:

A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01) + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c

* System cannot function in normal mode.

* Scan your PC with any available antivirus / spyware remover program to fix
the problem.

These errors lock up my computer almost completely. I can't even start windows in safe mode. The only option I can use to start the computer is Safe Mode with command prompt. Can you help me with this problem. Thanks in advance.
  • 0

Advertisements


#2
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome fitzh2o to Geeks to Go!

Let's see what we can do.

We'll need to transport some files from the computer you are now using, to your infected computer.

Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.
So you'll get a new folder called smitrem on your desktop.
I want you to put that folder on cd, floppy or usb-stick.

On the infected computer:

create a directory smitrem

copy the content for the folder on your transport disk, stick or floppy into that new folder.

type runthis.bat and press enter.

Normally, you'll have to drag the different windows you'll see to left or to right, because normally they will open on top of each other and you wont see the command window the tool starts that is under it.
You'll see a blue window now.
Follow the prompts on screen.
Wait for the tool to complete.

When it's done, reboot.

Let me know how things are now.

Edited by g2i2r4, 24 July 2005 - 02:10 PM.

  • 0

#3
fitzh2o

fitzh2o

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I have loaded all the files on the infected computer. I ran runthis.bat and rebooted the computer, but I still get the error message "The application failed to inialize properly (0XC0000005). Click on OK to terminate the application."

Once I hit OK, it now shows a blue screen. It no longer gives the error message about Trojan-Spy.HTML.Smitfraud.c. But it is still locked up, and I can only start in safe mode with command prompt. If you have any additional suggestions, I would appreciate it.
  • 0

#4
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Let's see if this helps.
Download FixO by Miekiemoes and unzip it. Transfer the entire folder to the infected computer.
Make sure all the files remain in the unzipped folder.
Click FixO.bat and run it.
When it's finished, press a button and notepad will open with some txt in it.
Save that text to post here.

Reboot the computer.

How are things now? And what system are you running (XP, Win95, 98, ME)?
  • 0

#5
fitzh2o

fitzh2o

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I have run FixO.bat as instructed, but I still have the same error messages. I am running Windows XP. Since I can only get into the system in safe mode with command prompt, I cannot get the check.txt file off of the hard drive, because I do not a have a disk drive. Please let me know if you know of anything else I can try. Thanks.
  • 0

#6
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
I'm a bit confused.

because I do not a have a disk drive

.

We transported smitrem to the infected computer, you ran it.

We transported fixO to that computer, you ran that one too.

How on earth did you transport those files...?
  • 0

#7
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Along with FixO came restore.reg. Can you double-click that one and grant permission to add it to the registry?
  • 0

#8
fitzh2o

fitzh2o

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I can only run only run safe mode with command prompt. With this, I am able to access the CD drive. I copied the suggested files to a CD and transferred them that way. However, I can't get any files off the infected computer, since safe mode with command prompt will not let me write anything to a CD. I have run restore.reg and added it to the registry.
  • 0

#9
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Let's check what is missing then.

move to C:\WINDOWS\System32\
see if you have these files:
control.exe

At the command prompt type
c:\windows\explorer.exe

Let me know what happens.
  • 0

#10
fitzh2o

fitzh2o

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I have control.exe. It's 8,192 bytes.

When I run c:\windows\explorer.exe, it gives an error message:

"The application failed to initialize properly (0xc0000005). Click on OK to terminate the application."

If I hit the OK, the message pops up again. If I hit the OK again, it takes me back to the command prompt.
  • 0

Advertisements


#11
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
c:\windows\explorer.exe itself is present too?
  • 0

#12
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Can you put in the XP CD and hard reboot: press the on/off button and hold it for 5 seconds to turn the computer off. Wait a minute and turn it back on. See if it will start from CD.
  • 0

#13
fitzh2o

fitzh2o

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I am able to start Windows from the CD. It takes me to the repair Windows or install Windows screen. When I try to do a repair, it asks me for the administrator password, which I don't think I set one initially.
  • 0

#14
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Let me consult my collegues on the best next step to take.
  • 0

#15
noahdfear

noahdfear

    Malware Expert

  • Expert
  • 1,316 posts
  • MVP
It sounds as though wininet.dll is infected yet. The smitRem tool can normally repair that, but I believe the problem is that you're running from the command prompt and it won't run a batch from a directory other than the one you're in. First, lets try this. Change to a C: prompt. From the smitRem folder on the CD, copy replace.cmd and delfiles.cmd to C:, then type C:\replace.cmd

Reboot when finished. If no go, go back to command prompt and change directories to C:\Windows\system32\dllcache, then type dir /p and hit enter. If wininet.dll is present, change directories again back to system32 and type
ren wininet.dll wininet.old
Change again to the dllcache folder and type
copy wininet.dll C:\Windows\system32

Note the spaces in the commands!

Reboot and let us know. If it boots properly, suggest you try safe mode and run the smitRem tool from the desktop. All files must be in a folder!

If there is no wininet.dll in the cache folder, let us know as well. There are other places to look. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP