Posted 14 July 2005 - 07:36 AM
Many thanks for this. Here is a synopsis of my relatively futile attempts so far:
1. From my Windows blue screen with the smitfraud.c security warning, using the windows task manager, I installed from a CD spybotsd14.exe (spybot), aawsepersonal.exe (ad-aware se personal), cleanup40.exe (cleanup!) and a trial version of ewido security suite, ewido-setup.exe. I also tried to install spywareblastersetup34.exe but got a message that "C:\Windows\Sys32\MSINET.OCX Unable to register the DLL|OCX: LoadLibrary failed; code 998 Invalid access to memory location" after which I aborted. I tried to install, and believe I did install, drweb-432b-win-en.exe, but it would not run fully because the license key file was not found, and I got a message to that effect when trying to run it. I have since figured out that this was probably the wrong DrWeb file (not the drweb-cureit.exe file I should have had), so I am planning to try again tonight with the correct drweb-cureit.exe file. Out of frustration or ignorance I probably installed or re-installed spybot, ad-aware, cleanup, ewido and the (incorrect) drweb programs several times, both from windows blue screen and from safe mode - if I should uninstall and/or reinstall any of those please let me know.
2. I was not able to run either spybot, ad-aware or cleanup!4.0 from safe mode with command prompt. I believe that all attempts gave me the same error message "The application failed to initialize properly (Oxc0000005). Click on OK to terminate the application" That is the same error message that I get when I try to boot up Windows in regular mode, under the title "Explorer.EXE Application Error", just before the screen goes to blue with the Smitfraud.c security warning.
3. I was able to run ewido security suite from safe mode, and ewido found and cleaned 1827 infected objects. I have a log of that scan if it would be helpful, but it looked like a whole lot of spyware. I tried spybot, ad-aware and cleanup! again after this successful ewido scan, but those programs still would not initialize properly.
4. I tried to run sysclean.com (from trendmicro) but was not able to get it to run, although looking back I believe that I may have tried only from windows and not from safe mode. I will try again from safe mode. I have separately downloaded the virus template file (lpt***.zip), but do I need to do anything in particular with that file, or will the sysclean.com program find it on my C:\ or D:\ drive if it needs it?
5. I dont think I was able to do anything effective with Sophos command line scanner - is it right that I would only use that once I have the names of particular files/programs that I am having trouble deleting (i.e., after another program identifies hard-to-delete files)? I have downloaded a trial version of Sophos anti-virus software (savxp50sasfx.exe) that I can try to run tonight if that would be helpful.
6. I can also try to run hijackthis, which I now have on a CD, and get a log, although I dont know if it will run or if it is too early for that. The ultimate bootCD 4 Windows looks a bit scary to me as a novice, so I have not headed down that path thus far.
thanks in advance for any help