Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud Trojan on W98SE


  • Please log in to reply
1 reply to this topic

#1 davidmac

davidmac

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 23 May 2005 - 03:57 PM

I'm trying to help out a friend who inadvertently infected his W98SE system with the Trojan-Spy.HTML.Smitfraud.c virus.

I followed Grinler's very helpful guide to removing it:-

4) Security IGuard uninstalled in Add/Remove Programs

5) Double-clicked smitfraud.reg file and a window opened up asking if I wanted to add to the registry, to which I said yes (despite the instructions stating that I should get a message asking if I want to merge with the registry) - is this a problem?

7-11) Ran Killbox - found a box with 'Kernel32.dll' in it (ignored it at the time). Entered each line as stated in turn, and deleted on reboot.

13) Could not find ANY of the folders stated

14) Hijackthis - found and FIX CHECKED 'O4 ..... c:\wp.exe', 'O4 .... iGuard.exe' and several 'O9 ....' lines with 'AntiSpyware' in them despite them not matching the actual ones quoted.

16) Tried to run Hoster - but instead got 'This program has performed an illegal operation and will be shut down. If the problem persists etc etc', under details, 'Hoster.exe caused an invalid page fault in module ....'

18) Installed DelDomains.inf

19) Ran CleanUp!

20) Installed new McAfee VirusScan, could not register with McAfee for updates despite internet connection seemingly being OK. Scan revealed W32/generic.worm!p2p (which apparently is VirusScan thinking Hijackthis is a virus!) and nothing else.

RESULT:-
a) Blue background has gone,
:thumbsup: Can access display properties/change wallpaper etc but cannot change resolution,
c) After five/ten minutes following 'normal' startup, lots and lots of small IE windows keep opening up (now with no internet addresses in them, before following Grinler's advice they did contain an internet address with 'wizard' in it) thereby disabling the PC completely,
d) Still getting invalid page fault when trying to run Hoster.

Any ideas greatly received.

Regards

David :flowers:

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:01:19 PM

Posted 27 May 2005 - 06:00 PM

I suggest you post a HijackThis log for examination.

Read the pinned post in the HijackThis forum, here
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users