Ok. One of the computers I'm working on has this virus (Trojan-Spy.HTML.smitfraud.c). The computer is running Windows 2000 professional. However, the problem I'm having is different (mostly) from everything I found when I searched this forum. What happens is this:
Boots into Windows
- Black screen with small blue rectangle in the center. Nothing else, except the mouse cursor, appears.
-Security Warning
A fatal error in IE has occured at 0028:C0011E36 IN VX0VMM<01> + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c
*System cannot function in Normal Mode.
Please check your security settings.
*Scan your PC with any avaliable (this is not a typo on my part. This is how it appeared on the desktop) antivirus/spyware remover program to fix the problem.
- ctrl+alt+del works.
- Locks up after explorer.exe ends (the blue bar goes away then you have the choice of cancelling or end now. I clicked end now) when trying to shutdown using ctrl+alt+del.
The same thing, with the exception of two things, happens when I boot into Safe Mode.
Differences
- No blue security warning box.
- Normal Safe Mode information in the corners and in the top center of the screen.
I was able to boot from a simulated Windows XP environment from a CD. The program (the simulated environment) on the CD is called BartPe. I was able to use the AdAware scan and AVPersonal scan on it, as well as Spy Sweeper on one copy I tried, and it removed spyware and viruses, but it still gives me the same thing. I was also able to run a Check Disk from BartPE, but it reported no bad clusters. The person who made the CD for me was not able to put HijackThis on it, so I have no logs from that program. I am not able to put HijackThis on the computer either because of the problems stated above. Quite frankly, the only thing I can think of to fix this problem is a reinstall, or, preferably, a repair install, of Windows 2000 Professional. However, I don't want to go that far yet, so any help you all can provide will be greatly appreciated.
