Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Spm/lx: Did I Do The Right Thing?


  • Please log in to reply
3 replies to this topic

#1 mark5767

mark5767

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 30 November 2007 - 02:09 PM

Hi, I got nailed this morning with malware that said I had Trojan SPM/LX virus and needed to buy $50 worth of spyware software to get rid of it. It took over my IE home page and created pop ups and I could not manually delete the program files which were in a folder called "Video Add On."

I am using Windows XP Home and the latest version of IE.

So, I did a desperate Yahoo search and found a related topic on bleepingcomputer.com from Feb 2007 and I used the smitfraudfix.cmd tool to delete the bug. I don't think I was in safe mode the first time I ran this (and it did not look like it worked), then I again tried the F8 reboot deal a second time and it seemed to run ok. The malware seems to be gone and I seem to have no symptoms at this point. So THANK YOU!!

One question I have is this seems to have changed or deleted my default Sony VAIO wallpaper. Not a big deal, maybe I just need to reset using Control Panel?

Anyway, do you think I am all better now, or do I need to do some further work to clean up my machine or prevent this nasty bug from returning?

(I did run Yahoo's Norton Anti Spy quick and full scan and it did not fix the problem)

Anyway, thanks again for providing this great resource! :thumbsup:

Mark

Edited by mark5767, 30 November 2007 - 06:56 PM.


BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:45 AM

Posted 30 November 2007 - 02:42 PM

Trojan Spm/lx is related to a SmitFraud infection. This is a generic description for a family of rogue applications/trojans such as Win32.Zlob that uses misleading advertising, downloads rogue security products, changes (hijacks) the Windows Desktop and drops additional malware infected files. The Trojan uses bogus security warnings and fake alerts to indicate that your computer is infected with spyware or has critical errors. SmitFraud is responsible for downloading and installing programs that purport to scan for spyware and then uses false scan reports as a scare tactic to goad you into purchasing one of several rogue programs to fix it.

Smitfraudfix run in safe mode was the correct tool to use. You can reset your Desktop Settings by right-click on the Desktop, select Properties, and going to the Desktop tab.

Next, I recommend that you download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under "General and Startup", make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Click Close to exit the program.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 mark5767

mark5767
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 30 November 2007 - 09:29 PM

OK, I monitor forums for several things I'm interested in including windsurfing, kiteboarding, cars, lasik, music, fantasy football etc, etc. I never ever thought I would look at a forum about computers, cuz I am not really interested in that, just what they can do!

Anyway, this forum is one of the most active, responsive and helpful sites I've ever dealt with... in hindsight I guess that makes sense, but again I was pleasantly surprised to find this resource and may just begin to take an interest in bleeping computers after all!

Mark

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:45 AM

Posted 30 November 2007 - 10:24 PM

That's why we are here and what BC is all about. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users