A Little Computer help Please.....

bucsfan67 · Jun 3, 2005

OK guys, i know alot of you know alot more about computers than me, can u give me a little help?

Last night i start getting this little box on my desktop background saying

Security Warning
a fatal error in the IE has occurred at 0028:C0011E36 in VXD VMM<01) + 00010E36 Erro was caused by Trojan-Spy.HTML.Smitfraud.c

System cannot function in normal mode, please check security settings

Scan your PC now With Available antivirus/spyware applications to fix the problem

Ok, i ran Ad-aware, Spybot, and my AOL spyware, along with McAffee Antivirus.....of course each thing found a couple of things, and ridded them, and McAfee said it found 3 infected files, but deleted them all, and is clean....However, each time i restart, i still get this box....Is there anyway to get rid of this trojan thing, since i know its name?

Thanks for any advice.....Its greatly appreciated...

DaMan--banned · Jun 3, 2005

go to: http://www.spywarewarrior.com/viewforum.php?f=5

read the announcements first.

then you will need to install 'hijack this'.

post your log there and wait. someone will help you out.

TTinCO · Jun 3, 2005

Yeah, sounds like you have a trojan. Re run your virus scanner & let me know the name of the virus\trojan that it finds.

bucsfan67 · Jun 3, 2005

TTinCO said:
Yeah, sounds like you have a trojan. Re run your virus scanner & let me know the name of the virus\trojan that it finds.

isnt this the name of it TT?

Trojan-Spy.HTML.Smitfraud.c

wmublows · Jun 3, 2005

I had that too and had to reinstall xp. I tried everything to get rid of it but couldn't. Good luck

ZZZSpeedster · Jun 3, 2005

Looks like a keylogger...Someone is probably trying to get your sportsbook passwords/info

http://www.wilderssecurity.com/showthread.php?p=434798

http://www.wilderssecurity.com/showthread.php?t=75890

coconutman · Jun 3, 2005

wmublows said:
I had that too and had to reinstall xp. I tried everything to get rid of it but couldn't. Good luck

That's not always a bad thing. It's good to format you comp once a while.

TTinCO · Jun 3, 2005

Sorry, I didn't realize that was the "real" name of it.

Try this.... http://www.spywareaid.com/index.php?file=showsoftware&id=1 (download & run it). Then run this http://www.pandasoftware.com/activescan/

This one is nasty.....

TTinCO · Jun 3, 2005

Also, stop the wp.exe process & then search for and delete the wp.exe file (Ideally before doing the steps above)

TTinCO · Jun 3, 2005

Hey Bucs, are you on MSN or AOL IM?

TTinCO · Jun 3, 2005

Here is the fix Bucs. You probably ought to print this out and be sure to follow these instruction EXACTLY.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid

Exit Add/Remove Programs.

*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\WINDOWS\sites.ini
C:\WINDOWS\popuper.exe
C:\WINDOWS\system32\hhk.dll
C:\WINDOWS\System32\helper.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\System32\msmsgs.exe
C:\WINDOWS\System32\ole32vbs.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\intmon.exe
C:\WINDOWS\System32\msmsgs.exe

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

*IMPORTANT* Be sure you know how to VIEW HIDDEN FILES

Using Windows Explorer, delete the following (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard

Reboot into normal mode.

A registry file to undo most of the changes is available here:
http://metallica.geekstogo.com/smitfraud.reg
Doubleclick that file and confirm you want to merge it with the registry.

1.) Download the Hoster from HERE Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Download: http://www.mvps.org/winhelp2002/DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run a virus scan. If you do not have an AV installed, use ActiveScan - Save the results from the scan!

Whoson1st · Jun 3, 2005

Was this trojan gotten from an email or from downloading something ? Or any idea ?

knock-on-wood; McAfee seems to have kept me "safe"

TTinCO · Jun 3, 2005

I'm not 100% sure, but I suspect that this spreads over broadband (DSL\cable) circuits by doing port scans on all the computers on the network.

Just ANOTHER very, very good reason why everyone MUST have a firewall and real time virus scanner.

ZZZSpeedster · Jun 3, 2005

Way to copy and paste exactly what I provided TTINCO!

lol

Whoson1st · Jun 3, 2005

TTinCO said:
Here is the fix Bucs. You probably ought to print this out and be sure to follow these instruction EXACTLY.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid

Exit Add/Remove Programs.

*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\WINDOWS\sites.ini
C:\WINDOWS\popuper.exe
C:\WINDOWS\system32\hhk.dll
C:\WINDOWS\System32\helper.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\System32\msmsgs.exe
C:\WINDOWS\System32\ole32vbs.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\intmon.exe
C:\WINDOWS\System32\msmsgs.exe

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

*IMPORTANT* Be sure you know how to VIEW HIDDEN FILES

Using Windows Explorer, delete the following (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard

Reboot into normal mode.

A registry file to undo most of the changes is available here:
http://metallica.geekstogo.com/smitfraud.reg
Doubleclick that file and confirm you want to merge it with the registry.

1.) Download the Hoster from HERE Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Download: http://www.mvps.org/winhelp2002/DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run a virus scan. If you do not have an AV installed, use ActiveScan - Save the results from the scan!

When i click in CleanUp --it says I don't have access-FORBIDDEN. (It lets me see the page for a couple seconds first)

TTinCO · Jun 3, 2005

You're right (sorry, I didn't check your links, I just did some google digging)

:lolBIG: :lolBIG: :lolBIG:

wmublows · Jun 3, 2005

http://www.spywareaid.com/index.php?file=showsoftware&action=dl&softid=1&softtype=zip

Try this one

Whoson1st said:
When i click in CleanUp --it says I don't have access-FORBIDDEN. (It lets me see the page for a couple seconds first)

Whoson1st · Jun 3, 2005

Hey Thanks--I like to check up on my installed spyware to see what's what now and then.
But whoever said it wasn't a bad thing to have to "reformat"--does not know me!!!!
I would loose some of my handicapping programs as I don't understand how to save then to a CD--I've tried it a couple times and --it doesn't work .

TTinCO · Jun 3, 2005

http://downloads.stevengould.org/cleanup/CleanUp40.exe

Here is a working link to CleanUp40

bucsfan67 · Jun 3, 2005

thanks guys....

I printed those instructions and am going to try it here in a little bit after lunch...dont understand alot of this stuff, so i hope i do it right...LOL

I do have a firewall, and mcaffee antivirus, so not sure how i got it...

Did nothing out of the norm yesterday, but it popped up there last night...

Thanks for the tips again guys...

A Little Computer help Please.....

bucsfan67

Pop-culture, entertainment, sports and contest Mod

DaMan--banned

Banned

TTinCO

.

bucsfan67

Pop-culture, entertainment, sports and contest Mod

wmublows

..

ZZZSpeedster

New member

coconutman

New member

TTinCO

.

TTinCO

.

TTinCO

.

TTinCO

.

Whoson1st

New member

TTinCO

.

ZZZSpeedster

New member

Whoson1st

New member

TTinCO

.

wmublows

..

Whoson1st

New member

TTinCO

.

bucsfan67

Pop-culture, entertainment, sports and contest Mod

Forum statistics

Share this page