Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan-Spy.HTML.Smitfraud.c at startup [RESOLVED]


  • This topic is locked This topic is locked

#16
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Oh My Apologies for the link!
You'll have to give me a little time to conferr with my "people" but dont despair we will formulate a solution.
  • 0

Advertisements


#17
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
OK, if you dont still have it, Please download the IE6 install file again (I fixed the link in my other post) and
Complete the following:
  • Click "Start | Run"
  • Type regedit
  • Navigate through the tree on the left by clicking the + when available
  • Navigate to This registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}"
  • On the right, Double Click the item labelled IsInstalled
  • Change this value to the number 0
  • Click OK
  • and close the regedit window
  • Now use the install file to reinstall IE6

  • 0

#18
randomgeek

randomgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok it's a conspiracy.

Hi,

Well that sounded promissing. I set the isInstalled on that one to 0 and tried the setup. I got the same message about detecting a more recent version of IE and that it couldn't continue.
I tried restarting. When it came up it said IE had been removed and asked if I wanted to cleanup settings.I said yes.
I tried again but got the same message.



Looking back in the key path provided, I also found the following keys which have
(Default) set to value "Internet Explorer":

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
Name Type Data
(Default) REG_SZ Internet Explorer
ComponentID REG_SZ IEACCESS
Dontask REG_DWORD 0x000000002 (2)
IsInstalled REG_DWORD 0x000000001 (1)
Locale REG_SZ *
StubPath REG_EXPAND_SZ %systemroot%\system32\shmgrate.exe OCinstallUserConfigIE
Version REG_SZ 2,0,0,0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}
Name Type Data
(Default) REG_SZ Internet Explorer
ComponentID REG_SZ Windows Marketplace Link
IsInstalled REG_DWORD 0x00000001 (1)
Locale REG_SZ EN
StubPath REG_EXPAND_SZ %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
Version REG_SZ 1,0,0,0


The StubPath is pretty long but should be a continuous line.

I tried deleting the ...\Program Files\Internet Explorer folder as well. It told me that it couldn't do that because it was in use. Go figure.

rg

Edited by randomgeek, 05 August 2005 - 08:38 PM.

  • 0

#19
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
  • Go to start | Add/remove and on the left click Windows Components.
  • in the new window that will come up, UNcheck Internet Eplorer
  • Click "Next"
  • Now follow the prompts for uninstallation.
again, try to use that downloaded install file to set up IE again.
  • 0

#20
randomgeek

randomgeek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OK I give. I tried that too. I tried unchecked, checked, regular mode, safe mode you name it. You know what. I've learned an awfull lot more than I expected but I was looking into what I had on that system that I would have to keep before an OS reinstall and I only have 1 folder of pictures. Other than that it's been used for gaming and I can reinstall all of that...so...I think I'm going to say thanks and end it here.

oh. forgot to mention what the results were...it gives me the same message about there already being some version of IE installed.

Thanks for all your help. I really do appreciate it. Tough buggar got me this time.

Thanks again,

rg
  • 0

#21
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Im sorry we could do no more, but there is always the option of using a different web browser? might try FireFox less exploited that IE, and a very attractive setup. Otherwise you should read the following measures for future reference.

Preventative Measures

This is a good time to set up protection against further attacks. Read How Did I Get Infected In The First Place?.

Also Consider...
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 3 free ones available for personal use:I hope thing turn out better this time around.
Calvin
  • 0

#22
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP