Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Virtumonde, Smitfraud-c, Zlob And Svchost32.exe Error

  • Please log in to reply
2 replies to this topic

#1 laredo


  • Members
  • 10 posts
  • Local time:11:18 PM

Posted 02 May 2008 - 08:22 PM

I am a school tech and a teacher asked me if I would look at his home computer and try to fix it. He said he has a lot of popups and a virus. He also said that his personal photo desktop background would only appear for a second, then the background would change to the default blue. He said he tried System Restore but there weren't any restore points, and he said he couldn't get Nortons to work.

I had hoped a simple Spybot cleanup would do the trick, but this thing is a total mess! I couldn't get anything done under the user's login because of constant failed attempts to automatically connect to the Internet (through automatic AOL (ugh!) settings) and continuous "Your Computer is Infected with a Virus!" warnings. The teacher admitted to clicking on that and downloading the fake anti-spyware programs because he said he thought the message was a legit one from Windows. I also found Limeware installed, but I haven't uninstalled it...yet.

I used Safe Mode with Networking to download and run Spybot S&D. It found and fixed a boatload of stuff, but could not clean out the above malware. Unfortunately, since running Spybot S&D, the user's desktop will no longer load in normal startup. His personal photo background is all that loads, and the error "svchost32.exe has encountered a problem and needs to close." I am able to use Task Manager to browse and connect to the Internet via IE. I used this to download HijackThis in anticipation of needing it for analysis.

I tried reinstalling Norton's from the cd he gave me, but I get the message that there is already an installation. I tried uninstalling it to reinstall, but nothing happens. I used the Windows Cleanup utility, but that didn't help.

I also ran "sfc /scannow" which I saw on another forum, but that didn't help load the desktop or allow a successful Norton's install.

His computer is running Windows XP Home. I am typing this on my own laptop, because his computer is virtually useless. I don't know what I'm going to charge this teacher, but he's going to pay! :thumbsup:

I am at a standstill. Can this be cleaned up?

BC AdBot (Login to Remove)


#2 laredo

  • Topic Starter

  • Members
  • 10 posts
  • Local time:11:18 PM

Posted 04 May 2008 - 08:56 PM

Update: Despite some success, I am still having major problems with this.

I downloaded and ran the two fixes for Smitfraud that were posted on the Resources page. I ran them logged in on each account. The desktops returned and I was able to set the background to a personal photo.

I re-ran Spybot S&D in Safe Mode (I have updated the Immunization), and it was finally clean. However, when I started in Normal mode and logged in as a user, everything was not well. My Documents windows kept opening (I forgot to mention that this was happening before) as well as a lot of Spybot S&D messages asking to allow or not allow varioius registry settings that I didn't know how to respond. Also, the following crazy error message kept opening: "w3988h75857c565216335q9558391h1r454075075b0j365940882q8n658938912m5c253856228c5f706072544t7u937680374h2r557018913 has encountered a problem and needs to close."

I have just returned to Safe Mode to run Spybot S&D again. It has found Smitfraud-C.gp (again!), Microsoft.WindowsSecurity Center_Disabled, Microsoft.WindowsSecurityCenter.AntiVirusOveride, Micrtosoft.WindowsSecurityCenter.FirewallOverride, Microsoft.WindowsSecurityCenter.SP2Update, Realsearch.Forte and Virtumonde (again!). It fixed all but the Smitfraud-C.gp. Once again, when I return to Normal Mode and a user account, the My Documents and error message returns. The good news is that the desktop loads with all icons, trays and the selected personal photo background.

I still can't get Nortons 360 to run. The program doesn't show up in the programs list, but it is in program files. When I try to run the "MainStub.exe" I get the following error: A dynamic link library (DLL) initialization routine failed. I can't find any uninstall executable so that I can uninstall and reinstall. I don't know if this has anything to do with the other problems, but I thought it might.

I would greatly appreciate some assistance. Thanks.

#3 DaChew


    Visiting Alien

  • Members
  • 10,317 posts
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:18 PM

Posted 04 May 2008 - 09:02 PM


try this powerful tool, follow the directions exactly

and pay special attention to the end of the guide where it mentions hijackthis

Edited by DaChew, 04 May 2008 - 09:05 PM.


No. Try not. Do... or do not. There is no try.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users