I recently had one of our computers get infected with smss32/Internet Security 2010. Originally Malwarebytes was unable to deal with it, so following the instructions in other threads I:

1) Downloaded rkill
2) Downloaded and installed a new copy of MBAM
3) Ran rkill
4) Ran MBAM

Now after running MBAM again, it was able to pick up the infection, however, the system kept crashing every time MBAM tried to remove the infected files. Now this is where I'm going to get yelled at: because MBAM couldn't remove the files, I went in and manually deleted the files in my system32 folder related to the program: 41.exe, smss32.exe, winlogon32.exe and helper32.dll (I know, I know).

After that MBAM was able to complete its cleaning and I was able to go back in via regedit and make sure things like task manager and being able to change the desktop were back on. The computer is now seemingly malware free, HOWEVER I can no longer log into the internet using that computer. I read here that it was related to removing helper32.dll.

My question is:

1) Should I restore some or all of the files I manually deleted and run MBAM again (keep in mind it was crashing every time I tried to clean them before)


2) Is there a setting that this has changed that I can restore myself via regedit or msconfig?


8 Years
Discussion Span
Last Post by Nickb96

I had the same virus with internet security 2010 (I read on the internet that program caused my virus). Only thing is, I never downloaded it. Also when I scanned it I found that alot of them were related to it. Mine also said my computer was infected with worm.win32.netsky, I had the exact same file virus as you, my avg detected it and I tried healing it. My computer was soo much slower earlier when all this happened, I am still having pop-ups and what not but my computer is much better. Ok so this is what I did.

Edited by jholland1964: Illegal use of another's registration code recommended. A violation of daniweb's policy

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.