Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smitfraud virus


  • This topic is locked This topic is locked

#1
Johnstonbrad

Johnstonbrad

    New Member

  • Member
  • Pip
  • 8 posts
TROJ-Smit: I have tried to research forums to cure this curse, I now bow to your expertise....
I have the "security Warning" that overcomes my desktop..... I can't move from there. If I start in 'Safe Mode', my desktop icons are incomplete and none of them are operable. I cannot activate "START", the curser just gives me the ol' hourglass, and the keyboard button won't work. I can Ctrl/Alt/Del to the Task Manager, but anything I try to do simply freezes. I am willing to purge my computer and start fresh.....AFTER I can copy files from one particular program.....if I could only get to it. Any help would be appreciated. BJ (obviously, I'm also unable to connect to the internet, and I'm using a 2nd computer)

Edited by Johnstonbrad, 07 August 2005 - 12:42 AM.

  • 0

Advertisements


#2
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome Johnstonbrad to Geeks to Go!

We'll need to transport some files from the computer you are now using, to your infected computer.

Download smitRem.exe and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.
So you'll get a new folder called smitrem on your desktop.
I want you to put that folder on cd, floppy or usb-stick.

On your infected computer, boot again in safe mode and open your task manager again.
Now insert the cd, floppy or usb-stick where you saved the smitrem folder in your infected computer.

In your Task Manager, click 'applications' (first tab).
Click the New Task button.
Cick browse.

Now browse to the drive where your floppy, usb-stick or cd is present (could be A or D or E or F.. you'll see..)
Search for that smitrem folder.
Right click on the smitrem folder and choose: Copy

Now browse again via Task Manager to My Documents or Program Files.
Right click somewhere in there, right click and choose: Paste
Now open the smitrem folder you just copied and pasted and click the file: RunThis.bat
Then click open.
In the window where it says 'Create new task', click OK.

Normally, you'll have to drag the different windows you'll see to left or to right, because normally they will open on top of each other and you wont see the command window the tool starts that is under it.
You'll see a blue window now.
Follow the prompts on screen.
Wait for the tool to complete.

When done, in Task Manager, click 'shut down' from the menu on top and click restart. Your computer will reboot now.
Reboot to normal mode and post a hijackthis log in your next reply.
  • 0

#3
Johnstonbrad

Johnstonbrad

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thankyou for your quick reply (Sat/Sun even).... I've had no problems following your steps: copying SmitRem to CD with good computer
Safe Mode on corrupt computer
Task Manager - New Task - Browse

Then,..... I'm offered 'COOKIES' 'DESKTOP' (Folder is empty) 'FAVORITES' 'MY DOCUMENTS' and START MENU. The "Look in:" is set at "Administrator.YOUR-5MS...etc. I can expand this to see the CD drive titled SmitRem {D:}. I cannot right click on it, nor will it open....I merely get the large hourglass that stays forever. Ctrl/Alt/Del will get me back to the task manager.....but I will not be allowed to 'Browse' again (large hourglass).....I have to start the computer again.

How am I able to Copy SmitRem to the cursed Computer? BJ
  • 0

#4
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Can you go to the cd in normal mode?
  • 0

#5
Johnstonbrad

Johnstonbrad

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
My 'Start' button doesn't work (large hourglass), nor does the key for 'Start'. Nothing works except being able to get to task manager via Ctrl/Alt/Del in Safe mode. It then allows me to browse once.

BTW....what city are you in (near)?
  • 0

#6
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
I'm in the city of Groningen.

Ok here's what we need to do.
First, we need to find out where on your computer the copies reside of wininet.dll. We will do that first now.

Once we know where they are, we can copy one of them to where it belongs.

Since you can only open a new task and do one command, I'm gonna make a guess to where the file may be.

On the infected computer choose 'new task'
type command and press enter.
A dos like box should appear.

type this command (do watch for the spaces)
copy C:\WINDOWS\system32\dllcache\wininet.dll c:\windows\system32
Press enter.
then type
exit

Reboot the computer.

If you computer runs on NT the folder 'windows' needs to be changed to 'WINNT'.

Let me know what happens.
  • 0

#7
Johnstonbrad

Johnstonbrad

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
...If I go to 'New Task' and type "comand".....I do not get a dos like box; the screen merely freezes on the task manager window, while my cursor can float around in the background, even appearing to go behind the window.

So, I tried a 'Safe mode with command prompt' start. I am then offered:
C:\Documents and Settings\Administrator.Your-5MSMUT6VWG.002>

So... I tried your:...VWG.002>copy C:\WINDOWS\system32\dllcache\wininet.dll c:\windows\system32 (with a space between wininet.dll and c:\windows\syst..etc.

The answer is that: "the system cannot find the path specified"

Things don't look good..... remember, I'm willing to purge, providing I can save my tax files (btw...I'm one of the top income tax specialists in the Country.....if I can answer any of your tax problems, let me know)

When I was a kid, I used to see groups of chess players sitting in large semi-circles, playing their board, while a chess-master walked around to each one and made a move on each board within a few seconds. He always won. I imagine you guys doing the same thing,.... while confronted with computer challenges.

Perhaps I will finally see a chessmaster tip his king?
  • 0

#8
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Hmm, tell me. Do you have a c:\winnt folder (just check please). If it's not found, see if you have a c:\windows folder.

So... I tried your:...VWG.002>copy C:\WINDOWS\system32\dllcache\wininet.dll c:\windows\system32 (with a space between wininet.dll and c:\windows\syst..etc.

You did try the part starting with copy c:?

I'll post back tonight. We need to find a valid copy of wininet there.

Edited by g2i2r4, 09 August 2005 - 06:40 AM.

  • 0

#9
Johnstonbrad

Johnstonbrad

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Anything I type in at the dos prompt is "not recognized as an internal or external command, operable program or batch file" . After "dir" I get 6 files: one dot, two dots, Desktop, Favorites, My Documents and Start Menu. Perhaps I'm typing in bad dos language.....(it's been awhile since I've played Olympic Decathalon on the ol' Apple IIe)
  • 0

#10
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
In the command box type cd\.

See what it says there. Can you see windows or winnt there?
  • 0

Advertisements


#11
Johnstonbrad

Johnstonbrad

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Yes...sorry...of course..."cd\" gives the c: prompt. Then 'dir' shows 7 directories, one of which is 'WINDOWS'
  • 0

#12
Johnstonbrad

Johnstonbrad

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi there,
I am unable to copy the wininet.dll file into the windows/system32 folder because the original copy of the file exists there and is already in use by windows.

I would be able to get rid of the infected wininet.dll if I were able to boot into a clean DOS session (via boot disk), but this laptop has no floppy drive.

Do you happen to know of any other methods to replace active Windows dll files?
  • 0

#13
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
If we could run the tool smitrem, it would do that for us. I'm consulting the creator to find out how we can run it in your case.
  • 0

#14
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Dave is the best :tazz:


Step 1
First we need to find a copy of wininet.

Using the command prompt, let's check if the file (wininet.dll) is in the folder like I think/hope:

Type
cd c:\windows\system32\dllcache
press enter

Then type
dir /p
press enter
a list of files will appear. If you cannot see wininet.dll because the list runs over your screen and runs past wininet:
dir w*.*
press enter.

Let's say it's not there, check the c:\windows\system32\ServicePackFiles\i386 folder and see if it's there.

-------------

Step 2


We need to go back to the folder were wininet should be. We will rename the one there (if any). Then, we will put in a copy from the dllcache (or the i386 folder)

Using the command prompt, type these one by one:

cd c:\windows\system32
ren wininet.dll wininet.old
copy c:\windows\system32\dllcache\wininet.dll c:\windows\system32


press exit and reboot

---------------

We could have an extra bump in the road if wininet.dll doesn't have a copy around there. In that case please send me an e-mail.
  • 0

#15
Johnstonbrad

Johnstonbrad

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you...... you stopped my hairs from turning grey. (I thought for sure that you would 'tip your king'. Everything works again.

Next, you need to put some quality computer time into your 'payment checkout' centre; I've tried 3 different credit cards over 1/2 an hour trying to make you a donation. The first time, 'the web page timed out' ....you could be losing a lot of money due to payer's frustrations...... ie, say that there shouldn't be spaces on the credit card #, the phone number always screws up when you have to return to the page to fill in errors (sometimes there are no errors?!!). Also when one chooses a donation amount, they have no idea that it will be converted to Euros... I was paying a Canadian amount....when it got to the conversion in Euros, it wasn't enough to give you, ....so when I clicked on conversion details.....the sight timed out. Then it wouldn't accept my card next time (even though it did the first time) ARGHHHH....fix it.... before you go broke.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP