Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud Virus And Boot Problem Win-xp


  • Please log in to reply
4 replies to this topic

#1 jakob

jakob

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 08 January 2006 - 07:09 AM

Hi,

My PC was infected with the Smitfraud virus and started behaving a bit strange: constantly calling out new virus infections, that my Panda antivirus software could not get rid of, and the screen changed as is custom for this type of virus.

After several restarts, now it will not boot. I get the first "RAM count" page and then the screen goes black and the cursor is blinking in the upper left corner.... and then nothing.

What should I do now?

Thanks in advance
Jakob

[Moderator edit: topic moved to more appropriate forum. jgweed]

Edited by jgweed, 08 January 2006 - 11:19 AM.


BC AdBot (Login to Remove)

 


#2 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 AM

Posted 09 January 2006 - 03:27 AM

If you think you are infected submit a hijackthis log to the HJT Forum.

How to submit a hijackthis log

Download Hijackthis

Try running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.zip remember to extract the contents of the zip file into the same folder as Sysclean.com

or

DrWeb CureIT

or

KASFX which is powered by the Kaspersky AV engine, you will need internet access to update it. If you haven't got net access in safe mode, update it before you use it.

If your good with the command line also try Sophos Command Line scanner this command will scan all of your hdd's SAV32CLI.EXE -F -di -remove -dn -mbr -all -zip -p=avscanlog.txt and give you a log file to review afterwards.

Also try installing and running A2 Free and Ewido again run from safe mode.

I'd also run Spybot(Spybot Tutorial) and Adaware

If your using Win2K/XP run adaware/spybot from "safe mode with command prompt" If your using Win9x just run it from safe mode the command line options aren't needed..

At the C:\ prompt type the following:-

cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe

#3 jakob

jakob
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 09 January 2006 - 07:43 AM

Thanks for the advice Stidyup,

However, I cannot even boot the PC. I have tried the safe mode booting (and the several other boot modes that appears when pressing F8).

I have also tried to regenerate Windows XP home edition (by pressing F2 and choosing to boot from CD-ROM with the original regeneration CD).
Even when after I apparently have succesfully regenerated Windows, by uploading all the files from the CD, I still cannot get beyond the initial file upload. The PC just freezes before it even gets to Windows.

I can see that the PC read several files in the Windows32 folder, and then gets to some drivers, and then it just freezes?!


Please Help!

Edited by jakob, 09 January 2006 - 07:44 AM.


#4 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 AM

Posted 09 January 2006 - 08:13 AM

I would advise building UBCD4Win and try cleaning your infected hdd with the tools that are on the CD. The UBCD4Win is a mini OS which runs from CD and is based on WinXP. All instructions for building can be found on the site.

V2.55 does have a few bugs but all the fixes you need can be found here.

Edited by stidyup, 09 January 2006 - 08:14 AM.


#5 jakob

jakob
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 09 January 2006 - 08:18 AM

Thanks I will try this now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users