Ok. One of the computers I'm working on has this virus (Trojan-Spy.HTML.smitfraud.c). The computer is running Windows 2000 professional. However, the problem I'm having is different (mostly) from everything I found when I searched this forum. What happens is this:

Boots into Windows

- Black screen with small blue rectangle in the center. Nothing else, except the mouse cursor, appears.

-Security Warning
A fatal error in IE has occured at 0028:C0011E36 IN VX0VMM<01> + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c

*System cannot function in Normal Mode.
Please check your security settings.

*Scan your PC with any avaliable (this is not a typo on my part. This is how it appeared on the desktop) antivirus/spyware remover program to fix the problem.

- ctrl+alt+del works.

- Locks up after explorer.exe ends (the blue bar goes away then you have the choice of cancelling or end now. I clicked end now) when trying to shutdown using ctrl+alt+del.

The same thing, with the exception of two things, happens when I boot into Safe Mode.

- No blue security warning box.
- Normal Safe Mode information in the corners and in the top center of the screen.

I was able to boot from a simulated Windows XP environment from a CD. The program (the simulated environment) on the CD is called BartPe. I was able to use the AdAware scan and AVPersonal scan on it, as well as Spy Sweeper on one copy I tried, and it removed spyware and viruses, but it still gives me the same thing. I was also able to run a Check Disk from BartPE, but it reported no bad clusters. The person who made the CD for me was not able to put HijackThis on it, so I have no logs from that program. I am not able to put HijackThis on the computer either because of the problems stated above. Quite frankly, the only thing I can think of to fix this problem is a reinstall, or, preferably, a repair install, of Windows 2000 Professional. However, I don't want to go that far yet, so any help you all can provide will be greatly appreciated.

Try this;

Download the attached zip file and unzip fixme.reg. Close all browser windows. Double click to run it and when asked if you want to merge with your registry, answer yes.


Go to Jotti Virus Scan
Upload C:\WINDOWS\SYSTEM\wininet.dll
Let it scan and post the results in your next reply.


Open Notepad, and copy/paste the following into a new file:

dir %Systemdrive%\wininet.dll /a h /s > files.txt
start notepad files.txt

Save this as FindFiles.bat, choose to save it as *all files and place it on your desktop.

Double click on FindFiles.bat and post the content of the text file you get in your next reply

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.