•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 361,901 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,395 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Viruses, Spyware and other Nasties advertiser:
Views: 1607 | Replies: 1
 |
•
•
Join Date: Jul 2005
Posts: 1
Reputation: 
Rep Power: 0
Solved Threads: 0
Newbie Poster
Ok. One of the computers I'm working on has this virus (Trojan-Spy.HTML.smitfraud.c). The computer is running Windows 2000 professional. However, the problem I'm having is different (mostly) from everything I found when I searched this forum. What happens is this:
Boots into Windows
- Black screen with small blue rectangle in the center. Nothing else, except the mouse cursor, appears.
-Security Warning
A fatal error in IE has occured at 0028:C0011E36 IN VX0VMM<01> + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c
*System cannot function in Normal Mode.
Please check your security settings.
*Scan your PC with any avaliable (this is not a typo on my part. This is how it appeared on the desktop) antivirus/spyware remover program to fix the problem.
- ctrl+alt+del works.
- Locks up after explorer.exe ends (the blue bar goes away then you have the choice of cancelling or end now. I clicked end now) when trying to shutdown using ctrl+alt+del.
The same thing, with the exception of two things, happens when I boot into Safe Mode.
Differences
- No blue security warning box.
- Normal Safe Mode information in the corners and in the top center of the screen.
I was able to boot from a simulated Windows XP environment from a CD. The program (the simulated environment) on the CD is called BartPe. I was able to use the AdAware scan and AVPersonal scan on it, as well as Spy Sweeper on one copy I tried, and it removed spyware and viruses, but it still gives me the same thing. I was also able to run a Check Disk from BartPE, but it reported no bad clusters. The person who made the CD for me was not able to put HijackThis on it, so I have no logs from that program. I am not able to put HijackThis on the computer either because of the problems stated above. Quite frankly, the only thing I can think of to fix this problem is a reinstall, or, preferably, a repair install, of Windows 2000 Professional. However, I don't want to go that far yet, so any help you all can provide will be greatly appreciated.
Boots into Windows
- Black screen with small blue rectangle in the center. Nothing else, except the mouse cursor, appears.
-Security Warning
A fatal error in IE has occured at 0028:C0011E36 IN VX0VMM<01> + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c
*System cannot function in Normal Mode.
Please check your security settings.
*Scan your PC with any avaliable (this is not a typo on my part. This is how it appeared on the desktop) antivirus/spyware remover program to fix the problem.
- ctrl+alt+del works.
- Locks up after explorer.exe ends (the blue bar goes away then you have the choice of cancelling or end now. I clicked end now) when trying to shutdown using ctrl+alt+del.
The same thing, with the exception of two things, happens when I boot into Safe Mode.
Differences
- No blue security warning box.
- Normal Safe Mode information in the corners and in the top center of the screen.
I was able to boot from a simulated Windows XP environment from a CD. The program (the simulated environment) on the CD is called BartPe. I was able to use the AdAware scan and AVPersonal scan on it, as well as Spy Sweeper on one copy I tried, and it removed spyware and viruses, but it still gives me the same thing. I was also able to run a Check Disk from BartPE, but it reported no bad clusters. The person who made the CD for me was not able to put HijackThis on it, so I have no logs from that program. I am not able to put HijackThis on the computer either because of the problems stated above. Quite frankly, the only thing I can think of to fix this problem is a reinstall, or, preferably, a repair install, of Windows 2000 Professional. However, I don't want to go that far yet, so any help you all can provide will be greatly appreciated.
•
•
Join Date: Feb 2004
Location: Oztralya
Posts: 7,425
Reputation:
Rep Power: 21
Solved Threads: 370
Try this;
Download the attached zip file and unzip fixme.reg. Close all browser windows. Double click to run it and when asked if you want to merge with your registry, answer yes.
==
Go to Jotti Virus Scan
Upload C:\WINDOWS\SYSTEM\wininet.dll
Let it scan and post the results in your next reply.
==
Open Notepad, and copy/paste the following into a new file:
Save this as FindFiles.bat, choose to save it as *all files and place it on your desktop.
Double click on FindFiles.bat and post the content of the text file you get in your next reply
Download the attached zip file and unzip fixme.reg. Close all browser windows. Double click to run it and when asked if you want to merge with your registry, answer yes.
==
Go to Jotti Virus Scan
Upload C:\WINDOWS\SYSTEM\wininet.dll
Let it scan and post the results in your next reply.
==
Open Notepad, and copy/paste the following into a new file:
•
•
•
•
dir %Systemdrive%\wininet.dll /a h /s > files.txt
start notepad files.txt
Double click on FindFiles.bat and post the content of the text file you get in your next reply
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
|
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
•
•
•
•
•
•
•
•
DaniWeb Viruses, Spyware and other Nasties Marketplace
Linear Mode
•
•
•
•
apple botnet code complete information css defender development div dreamweaver firefox google checkout google checkout vat html html api im javascript leopard mac malware mcafee microsoft mp3 new folder new viruses news nhatquanglan phishing pirates reliability satnav search security skype software spam spyware survey svchost symantec tables trojan virus viruses vista w3c web worm wysiwyg xml
- i have this on my XP desktop:TROJAN-SPY.HTML.SMITFRAUD.c (Viruses, Spyware and other Nasties)
- trojan-spy.html.smitfraud.c (Viruses, Spyware and other Nasties)
- Trojan-Spy.HTML.Smitfraud.c (Viruses, Spyware and other Nasties)
- Trojan-spy.HTML.Smitfraud.c (Viruses, Spyware and other Nasties)
- Virus/spyware: trojan-spy.html.smitfraud.c (Viruses, Spyware and other Nasties)
- big problem, I think, please help (Viruses, Spyware and other Nasties)
- Desktop background hijacked-NEW Problem (Web Browsers)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: internet trouble
- Next Thread: VB Script Error, Shaky IE, Endless Popups
