 |  |  |  |  |  |  |  |
Another Trojan-Spy.HTML.smitfraud.c problem
 |
Ok. One of the computers I'm working on has this virus (Trojan-Spy.HTML.smitfraud.c). The computer is running Windows 2000 professional. However, the problem I'm having is different (mostly) from everything I found when I searched this forum. What happens is this:
Boots into Windows
- Black screen with small blue rectangle in the center. Nothing else, except the mouse cursor, appears.
-Security Warning
A fatal error in IE has occured at 0028:C0011E36 IN VX0VMM<01> + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c
*System cannot function in Normal Mode.
Please check your security settings.
*Scan your PC with any avaliable (this is not a typo on my part. This is how it appeared on the desktop) antivirus/spyware remover program to fix the problem.
- ctrl+alt+del works.
- Locks up after explorer.exe ends (the blue bar goes away then you have the choice of cancelling or end now. I clicked end now) when trying to shutdown using ctrl+alt+del.
The same thing, with the exception of two things, happens when I boot into Safe Mode.
Differences
- No blue security warning box.
- Normal Safe Mode information in the corners and in the top center of the screen.
I was able to boot from a simulated Windows XP environment from a CD. The program (the simulated environment) on the CD is called BartPe. I was able to use the AdAware scan and AVPersonal scan on it, as well as Spy Sweeper on one copy I tried, and it removed spyware and viruses, but it still gives me the same thing. I was also able to run a Check Disk from BartPE, but it reported no bad clusters. The person who made the CD for me was not able to put HijackThis on it, so I have no logs from that program. I am not able to put HijackThis on the computer either because of the problems stated above. Quite frankly, the only thing I can think of to fix this problem is a reinstall, or, preferably, a repair install, of Windows 2000 Professional. However, I don't want to go that far yet, so any help you all can provide will be greatly appreciated.
Boots into Windows
- Black screen with small blue rectangle in the center. Nothing else, except the mouse cursor, appears.
-Security Warning
A fatal error in IE has occured at 0028:C0011E36 IN VX0VMM<01> + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c
*System cannot function in Normal Mode.
Please check your security settings.
*Scan your PC with any avaliable (this is not a typo on my part. This is how it appeared on the desktop) antivirus/spyware remover program to fix the problem.
- ctrl+alt+del works.
- Locks up after explorer.exe ends (the blue bar goes away then you have the choice of cancelling or end now. I clicked end now) when trying to shutdown using ctrl+alt+del.
The same thing, with the exception of two things, happens when I boot into Safe Mode.
Differences
- No blue security warning box.
- Normal Safe Mode information in the corners and in the top center of the screen.
I was able to boot from a simulated Windows XP environment from a CD. The program (the simulated environment) on the CD is called BartPe. I was able to use the AdAware scan and AVPersonal scan on it, as well as Spy Sweeper on one copy I tried, and it removed spyware and viruses, but it still gives me the same thing. I was also able to run a Check Disk from BartPE, but it reported no bad clusters. The person who made the CD for me was not able to put HijackThis on it, so I have no logs from that program. I am not able to put HijackThis on the computer either because of the problems stated above. Quite frankly, the only thing I can think of to fix this problem is a reinstall, or, preferably, a repair install, of Windows 2000 Professional. However, I don't want to go that far yet, so any help you all can provide will be greatly appreciated.
•
•
Join Date: Feb 2004
Posts: 10,007
Reputation: 
Solved Threads: 757
Try this;
Download the attached zip file and unzip fixme.reg. Close all browser windows. Double click to run it and when asked if you want to merge with your registry, answer yes.
==
Go to Jotti Virus Scan
Upload C:\WINDOWS\SYSTEM\wininet.dll
Let it scan and post the results in your next reply.
==
Open Notepad, and copy/paste the following into a new file:
Save this as FindFiles.bat, choose to save it as *all files and place it on your desktop.
Double click on FindFiles.bat and post the content of the text file you get in your next reply
Download the attached zip file and unzip fixme.reg. Close all browser windows. Double click to run it and when asked if you want to merge with your registry, answer yes.
==
Go to Jotti Virus Scan
Upload C:\WINDOWS\SYSTEM\wininet.dll
Let it scan and post the results in your next reply.
==
Open Notepad, and copy/paste the following into a new file:
•
•
•
•
dir %Systemdrive%\wininet.dll /a h /s > files.txt
start notepad files.txt
Double click on FindFiles.bat and post the content of the text file you get in your next reply
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- i have this on my XP desktop:TROJAN-SPY.HTML.SMITFRAUD.c (Viruses, Spyware and other Nasties)
- trojan-spy.html.smitfraud.c (Viruses, Spyware and other Nasties)
- Trojan-Spy.HTML.Smitfraud.c (Viruses, Spyware and other Nasties)
- Trojan-spy.HTML.Smitfraud.c (Viruses, Spyware and other Nasties)
- Virus/spyware: trojan-spy.html.smitfraud.c (Viruses, Spyware and other Nasties)
- big problem, I think, please help (Viruses, Spyware and other Nasties)
- Desktop background hijacked-NEW Problem (Web Browsers)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: internet trouble
- Next Thread: VB Script Error, Shaky IE, Endless Popups
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos domains education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro redirect redirecting report research risk rogueantivirus samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
