I`m new here and worst of all my language is not English. I hope that you will understand me.
I caght this virus because I didnt have Antivirus product for a while. Unfortunatly here is the situation:
First of all I noticed the visual effect of the malware - AV Gold + SpyRemower(or something) adware was installed. The desktop was a webpage and so on. I immediatly tried do install some AV product, but soon enough I understood that something blocked the AV-s. I tried with Panda, Trend Micro, AVG and NOD. Panda crashes the file tcpip.dll and evry time the Windows started it crashed with blue screen in the beggining. Trend Micro PC-Ciline Internet security said that its not installed properly and it cant start. AVG and NOD dind start at all. After that I tried some online scaners, but they couldnt start too. Finaly I tried to install AV Personal. And it worked I updated it and start scanning. It found some trojans that I cant remeber the name but they were with .htm file format. I notticed that when I try to do online scans the trojans were activated and prevent to load them. Unfortenatly AV couldnt delete them so I made complete scan in Safemode. AV succeeded to delete the trojans but couldnt delete Smitfraud.B. So I decided to install Panda. Well this time I succeeded to isntall it but of course it couldnt start the resident protection but i succeeded to turn on the True Prevent and it detect Smitfraud.B but couldnt delete it because it was in wininet.dll file. So once again I did cimplete scan with Panda in safe mod it detected some addware and spyware but it couldnt desinfect/delete wininet.dll file. I also installed AD-Aware SE 1.6 and Spybot 1.41 and updated them, they found CWS and some dealers and deleted them. But none of them detect Smitfraud.B. So the only thing that left was Smitfraud.B in wininet.dll file, and when I started XP in normal mode Smitfraud.B download the same trojans again. Panda couldnt desinfect wininet.dll even in safemode so I decided to rename the file and to downloade a new one. Well I did that and then the worst thing happend - explorer.exe started to crash after a few seconds. I deleted the new file and put the old one, but this continued to happen. And the most surprising thing is that the old file according to panda is not infected now? I suppose that something in the registry inserts the virus in wininet.dll evry time when windows starts. Unfortunatly nothing can detect these bad registry. I tried to do some manual searches but I found nothing.
Now I dont have explorer. I do evrything with Firefox even I use it as file browser.
I`m writing this while Im at my workplace so I cant do Hijack log now. But I will post it here after 6-7 hours. I saw some of the posts for smitfraud.c and they are pretty useful. But my concern now is to make the explorer to work. So if you have any idea how to normalize it again?
I`m with XP+SP2 , System Restore - Off, Automatic Update - ON