I'm trying to help out a friend who inadvertently infected his W98SE system with the Trojan-Spy.HTML.Smitfraud.c virus.
I followed Grinler's very helpful guide to removing it:-
4) Security IGuard uninstalled in Add/Remove Programs
5) Double-clicked smitfraud.reg file and a window opened up asking if I wanted to add to the registry, to which I said yes (despite the instructions stating that I should get a message asking if I want to merge with the registry) - is this a problem?
7-11) Ran Killbox - found a box with 'Kernel32.dll' in it (ignored it at the time). Entered each line as stated in turn, and deleted on reboot.
13) Could not find ANY of the folders stated
14) Hijackthis - found and FIX CHECKED 'O4 ..... c:\wp.exe', 'O4 .... iGuard.exe' and several 'O9 ....' lines with 'AntiSpyware' in them despite them not matching the actual ones quoted.
16) Tried to run Hoster - but instead got 'This program has performed an illegal operation and will be shut down. If the problem persists etc etc', under details, 'Hoster.exe caused an invalid page fault in module ....'
18) Installed DelDomains.inf
19) Ran CleanUp!
20) Installed new McAfee VirusScan, could not register with McAfee for updates despite internet connection seemingly being OK. Scan revealed W32/generic.worm!p2p (which apparently is VirusScan thinking Hijackthis is a virus!) and nothing else.
a) Blue background has gone,
Can access display properties/change wallpaper etc but cannot change resolution,
c) After five/ten minutes following 'normal' startup, lots and lots of small IE windows keep opening up (now with no internet addresses in them, before following Grinler's advice they did contain an internet address with 'wizard' in it) thereby disabling the PC completely,
d) Still getting invalid page fault when trying to run Hoster.
Any ideas greatly received.