Ok. One of the computers I'm working on has this virus (Trojan-Spy.HTML.smitfraud.c). The computer is running Windows 2000 professional. However, the problem I'm having is different (mostly) from everything I found when I searched this forum. What happens is this:

Boots into Windows

- Black screen with small blue rectangle in the center. Nothing else, except the mouse cursor, appears.

-Security Warning
A fatal error in IE has occured at 0028:C0011E36 IN VX0VMM<01> + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c

*System cannot function in Normal Mode.
Please check your security settings.

*Scan your PC with any avaliable (this is not a typo on my part. This is how it appeared on the desktop) antivirus/spyware remover program to fix the problem.

- ctrl+alt+del works.

- Locks up after explorer.exe ends (the blue bar goes away then you have the choice of cancelling or end now. I clicked end now) when trying to shutdown using ctrl+alt+del.

The same thing, with the exception of two things, happens when I boot into Safe Mode.

Differences
- No blue security warning box.
- Normal Safe Mode information in the corners and in the top center of the screen.


I was able to boot from a simulated Windows XP environment from a CD. The program (the simulated environment) on the CD is called BartPe. I was able to use the AdAware scan and AVPersonal scan on it, as well as Spy Sweeper on one copy I tried, and it removed spyware and viruses, but it still gives me the same thing. I was also able to run a Check Disk from BartPE, but it reported no bad clusters. The person who made the CD for me was not able to put HijackThis on it, so I have no logs from that program. I am not able to put HijackThis on the computer either because of the problems stated above. Quite frankly, the only thing I can think of to fix this problem is a reinstall, or, preferably, a repair install, of Windows 2000 Professional. However, I don't want to go that far yet, so any help you all can provide will be greatly appreciated.

Try this;

Download the attached zip file and unzip fixme.reg. Close all browser windows. Double click to run it and when asked if you want to merge with your registry, answer yes.

==

Go to Jotti Virus Scan
Upload C:\WINDOWS\SYSTEM\wininet.dll
Let it scan and post the results in your next reply.

==

Open Notepad, and copy/paste the following into a new file:

dir %Systemdrive%\wininet.dll /a h /s > files.txt
start notepad files.txt

Save this as FindFiles.bat, choose to save it as *all files and place it on your desktop.

Double click on FindFiles.bat and post the content of the text file you get in your next reply

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.