 |  |  |  |  |  |  |  |
big problem, I think, please help
 |
•
•
Join Date: Jul 2004
Posts: 95
Reputation: 
Solved Threads: 1
Junior Poster in Training
While on some health site, a bunch of warnings kept poping in, and I had Nod32 and counterspy installed....i thought everything would be o.k.
Anyway, here is the problem.......
My opening page has all the icons except the screen is blue and in the middle there is a Security Warning which says:
A fatal error in IE has occured at 0028:c0011E36 in VXD VNM (01) + 00010E36 error was caused by Trojan-Spy.HTML.Smitfraud.c
system cannot function in normal mode......check security settings
scan with antivirus/spyware remover to fix problem
I ran ActiveScan from Panda and ran Counterspy in Full mode, and restarted computer, but the blue screen still comes up.
Can someone please guide me to the correct fix........
Thanks
George
Anyway, here is the problem.......
My opening page has all the icons except the screen is blue and in the middle there is a Security Warning which says:
A fatal error in IE has occured at 0028:c0011E36 in VXD VNM (01) + 00010E36 error was caused by Trojan-Spy.HTML.Smitfraud.c
system cannot function in normal mode......check security settings
scan with antivirus/spyware remover to fix problem
I ran ActiveScan from Panda and ran Counterspy in Full mode, and restarted computer, but the blue screen still comes up.
Can someone please guide me to the correct fix........
Thanks
George
•
•
Join Date: Jul 2004
Posts: 95
Reputation:
Solved Threads: 1
Junior Poster in Training
I'm sorry I forgot to include HiJack This scan;
Logfile of HijackThis v1.99.1
Scan saved at 11:40:47 AM, on 01/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\WINDOWS\System32\mgabg.exe
C:\unzipped\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
George
Logfile of HijackThis v1.99.1
Scan saved at 11:40:47 AM, on 01/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\WINDOWS\System32\mgabg.exe
C:\unzipped\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
George
•
•
Join Date: Mar 2005
Posts: 864
Reputation:
Solved Threads: 21
Practically a Posting Shark
•
•
•
•
Originally Posted by geoss
While on some health site, a bunch of warnings kept poping in, and I had Nod32 and counterspy installed....i thought everything would be o.k.
Anyway, here is the problem.......
My opening page has all the icons except the screen is blue and in the middle there is a Security Warning which says:
A fatal error in IE has occured at 0028:c0011E36 in VXD VNM (01) + 00010E36 error was caused by Trojan-Spy.HTML.Smitfraud.c
system cannot function in normal mode......check security settings
scan with antivirus/spyware remover to fix problem
I ran ActiveScan from Panda and ran Counterspy in Full mode, and restarted computer, but the blue screen still comes up.
Can someone please guide me to the correct fix........
Thanks
George
my reccomendation for you is to get hold of a good antivirus program and spyware program pronto and install them then run to kill this virus.
try these sites
www.symantec.co.uk norton antivirus 2005
www.mcafee.com mcafee antivirus
www.lavasoft.com Adaware or adaware se
More information about me.
www.myspace.com/janine_therockchick
View My Blogs - search for janine's blog
www.myspace.com/janine_therockchick
View My Blogs - search for janine's blog
•
•
Join Date: Mar 2005
Posts: 864
Reputation:
Solved Threads: 21
Practically a Posting Shark
im sorry to have to say this but panda isnt really much good in this instance. i had it installed before norton and i got every virus going.
More information about me.
www.myspace.com/janine_therockchick
View My Blogs - search for janine's blog
www.myspace.com/janine_therockchick
View My Blogs - search for janine's blog
First of all, you should go to Windows Update and get SP1a for XP.
That error message is related to Joke.Smitfraudoid, which is related to HotOffers, NEWGENLOOK, and Error Message 317, so I would recommend doing the following:
Boot into Safe Mode and do a search for these files:
param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe
Delete them, reboot normally and delete any unwanted icons from your desktop.
Empty your Recycle Bin.
If any of those files could not be deleted (most likely param32.dll):
Turn off System Restore
Get the Pocket Killbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip
Unzip the file to your desktop.
Go offline until this is completed.
Run Pocket Killbox and paste the full file path of the below file in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter the file path.
C:\WINDOWS\System32\param32.dll
Reboot afterwards if the file was successfully deleted.
If the file was not deleted, do not reboot yet. Run Pocket Killbox again, and again paste the full file path in the box, but this time click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now? Click Yes to reboot.
Update Nod32 and do a full system scan.
Post a new hijackthis log and let us know if you still have the problem.
That error message is related to Joke.Smitfraudoid, which is related to HotOffers, NEWGENLOOK, and Error Message 317, so I would recommend doing the following:
Boot into Safe Mode and do a search for these files:
param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe
Delete them, reboot normally and delete any unwanted icons from your desktop.
Empty your Recycle Bin.
If any of those files could not be deleted (most likely param32.dll):
Turn off System Restore
Get the Pocket Killbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip
Unzip the file to your desktop.
Go offline until this is completed.
Run Pocket Killbox and paste the full file path of the below file in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter the file path.
C:\WINDOWS\System32\param32.dll
Reboot afterwards if the file was successfully deleted.
If the file was not deleted, do not reboot yet. Run Pocket Killbox again, and again paste the full file path in the box, but this time click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now? Click Yes to reboot.
Update Nod32 and do a full system scan.
Post a new hijackthis log and let us know if you still have the problem.
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
•
•
Join Date: Mar 2005
Posts: 864
Reputation:
Solved Threads: 21
Practically a Posting Shark
•
•
•
•
Originally Posted by dlh6213
First of all, you should go to Windows Update and get SP1a for XP.
That error message is related to Joke.Smitfraudoid, which is related to HotOffers, NEWGENLOOK, and Error Message 317, so I would recommend doing the following:
Boot into Safe Mode and do a search for these files:
param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe
Delete them, reboot normally and delete any unwanted icons from your desktop.
Empty your Recycle Bin.
If any of those files could not be deleted (most likely param32.dll):
Turn off System Restore
Get the Pocket Killbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip
Unzip the file to your desktop.
Go offline until this is completed.
Run Pocket Killbox and paste the full file path of the below file in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter the file path.
C:\WINDOWS\System32\param32.dll
Reboot afterwards if the file was successfully deleted.
If the file was not deleted, do not reboot yet. Run Pocket Killbox again, and again paste the full file path in the box, but this time click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now? Click Yes to reboot.
Update Nod32 and do a full system scan.
Post a new hijackthis log and let us know if you still have the problem.
More information about me.
www.myspace.com/janine_therockchick
View My Blogs - search for janine's blog
www.myspace.com/janine_therockchick
View My Blogs - search for janine's blog
|
Similar Threads
- non blocking getchar.. big problem :( (C)
- BIG problem with STL List Container (C)
- internet explorer / virus problem here (Viruses, Spyware and other Nasties)
- Big Problem (Viruses, Spyware and other Nasties)
- Newmember with big problem!!! (C)
- BIG problem... laptop screen shaking/whiting out! (Monitors, Displays and Video Cards)
- Big Problem!!!!!!!!!!! (Viruses, Spyware and other Nasties)
- Big Problem, Generic Error (VB.NET)
- CommonName big problem (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: what should i remove?
- Next Thread: Ie Favorites replaced with C:/ WINDOWS folder
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exploit facebook fake gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirecting reliability report research risk rogueantivirus samhain sans scareware school search security sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted usa virus viruses war warning windows worm yahoo zeroday
