Spylocked BUT explorer frozen, can't run smitfraud

[Guest]

I have the infamous spylocked on my other computer. I know it's that, and my
AVG antivirus tried to remove it, but only made it worse I think. I cannot
connect to the internet on that computer. When windows starts, explorer
freezes, then closes and restarts again and again. I can't click on any icons
on the desktop, even in safe mode. I know about the smitfraud fix etc from
the bleeping computer site, and from geeks to go. But I cannot run smitfraud,
because windows explorer stops responding. Assuming I can download smitfraud
& whatever I need on my working computer, and assuming I can figure out how
to then copy it to my non working computer via a safe mode command prompt, is
there then a way to run these fixes from a command prompt, and not actually
inside windows? Or am I going to have to (shudder) reformat?

 

[Michael Solomon]

I have the infamous spylocked on my other computer. I know it's that, and
my
AVG antivirus tried to remove it, but only made it worse I think. I cannot
connect to the internet on that computer. When windows starts, explorer
freezes, then closes and restarts again and again. I can't click on any
icons
on the desktop, even in safe mode. I know about the smitfraud fix etc from
the bleeping computer site, and from geeks to go. But I cannot run
smitfraud,
because windows explorer stops responding. Assuming I can download
smitfraud
& whatever I need on my working computer, and assuming I can figure out
how
to then copy it to my non working computer via a safe mode command prompt,
is
there then a way to run these fixes from a command prompt, and not
actually
inside windows? Or am I going to have to (shudder) reformat?

According to the instructions at Bleepingcomputer.com, you only need to be
able to download smitfraudfix.exe to your desktop. Once there, for
automated removal, it says to reboot into safe mode and click the
smitfraudfix.exe which should be on your safe mode desktop. Go to the link
below and scroll to the automated removal instructions, it's appears, all
you need do is save it to your desktop, then click on the icon in Safe Mode
and it does the rest:
http://www.bleepingcomputer.com/forums/topic85376.html

 

[NotMe]

If you can't get it on your machine due to the internet being disconnected,
can you download it elsewhere and burn it to a CD or put it on a USB
flashdrive?

 

[David H. Lipman]

From: "Michael Solomon" <user@#notme.com>


|
| According to the instructions at Bleepingcomputer.com, you only need to be
| able to download smitfraudfix.exe to your desktop. Once there, for
| automated removal, it says to reboot into safe mode and click the
| smitfraudfix.exe which should be on your safe mode desktop. Go to the link
| below and scroll to the automated removal instructions, it's appears, all
| you need do is save it to your desktop, then click on the icon in Safe Mode
| and it does the rest:
| http://www.bleepingcomputer.com/forums/topic85376.html
|

According to S!Ri, SmitFraudFix will NOT work on Vista. The version compliant for Vista has
not been released yet.

SuperAntiSpyware will run under Vista.

SuperAntiSpyware -- http://www.superantispyware.com/superantispywarefreevspro.html

 

[Malke]

If you can't get it on your machine due to the internet being disconnected,
can you download it elsewhere and burn it to a CD or put it on a USB
flashdrive?

Of course. In fact, that's the best way to deal with removing malware.
Ideally you don't want the infected machine on the Internet or LAN.


Malke

 

[Michael Solomon]

From: "Michael Solomon" <user@#notme.com>


|
| According to the instructions at Bleepingcomputer.com, you only need to
be
| able to download smitfraudfix.exe to your desktop. Once there, for
| automated removal, it says to reboot into safe mode and click the
| smitfraudfix.exe which should be on your safe mode desktop. Go to the
link
| below and scroll to the automated removal instructions, it's appears,
all
| you need do is save it to your desktop, then click on the icon in Safe
Mode
| and it does the rest:
| http://www.bleepingcomputer.com/forums/topic85376.html
|

According to S!Ri, SmitFraudFix will NOT work on Vista. The version
compliant for Vista has
not been released yet.

SuperAntiSpyware will run under Vista.

SuperAntiSpyware --
http://www.superantispyware.com/superantispywarefreevspro.html

Thanks for the catch, Dave, I should have dug a little deeper on this. Do
you have link to this information for future reference. I only came by it
by having checked through a thread on the subject at Aumha.org newsgroups.

 

[David H. Lipman]

From: "Michael Solomon" <user@#notme.com>


| Thanks for the catch, Dave, I should have dug a little deeper on this. Do
| you have link to this information for future reference. I only came by it
| by having checked through a thread on the subject at Aumha.org newsgroups.
|

I was given a PC infected with the Video ActiveX (VAX) which is a ZLob Trojan and is part of
the SmitFraud family. I tried S!Ri's tool and found out it wasn't Vista compliant. I know
S!Ri so I emailed him and his reply was...

"Hello

I'm very busy at this time to code a new version of the fix.
It won't be in batch and will run with vista.
I don't know how much time it will take. But it will be too late for this machine.

Regards
S!Ri"


I also know Nick Skrepetos, author of SuperAntiSpyware, and I know it is very good on the
SmitFraud Family. It worked well for me on the Vista PC I was given to clean and I am quite
sure it works very well on all the SpyLock variants.

 

[NotMe]

I carry a bootable CD with several anti-malware and AV programs, as well as
a ram tester in my repair kit when making housecalls.
In most case's, I don't need to download anything until the machine is
repaired, then I download/install whatever programs would best protect the
customer from future infections.

 

[choronik]

I carry a bootable CD with several anti-malware and AV programs, as well as
a ram tester in my repair kit when making housecalls.

What is RAM tester? Could it by any chance be a ewe on heat? <G>

 

[Michael Solomon]

From: "Michael Solomon" <user@#notme.com>


| Thanks for the catch, Dave, I should have dug a little deeper on this.
Do
| you have link to this information for future reference. I only came by
it
| by having checked through a thread on the subject at Aumha.org
newsgroups.
|

I was given a PC infected with the Video ActiveX (VAX) which is a ZLob
Trojan and is part of
the SmitFraud family. I tried S!Ri's tool and found out it wasn't Vista
compliant. I know
S!Ri so I emailed him and his reply was...

"Hello

I'm very busy at this time to code a new version of the fix.
It won't be in batch and will run with vista.
I don't know how much time it will take. But it will be too late for this
machine.

Regards
S!Ri"


I also know Nick Skrepetos, author of SuperAntiSpyware, and I know it is
very good on the
SmitFraud Family. It worked well for me on the Vista PC I was given to
clean and I am quite
sure it works very well on all the SpyLock variants.

Thanks, Dave.

 

[Guest]

Well, thank you to everyone who responded to this problem. David, I did
eventually discover that the smitfraud will not run on Vista, so your link to
the other spyware one is helpful.
I could not click on ANYTHING on my desktop, even in safe mode. I was able
to copy the smitfraud to my computer in windows safe mode command prompt, and
then tried to run it from a command prompt, but of course it didn't work in
Vista. So I ended up getting the Vista restore program to run, and restored
to an earlier date. This stopped explorer from crashing, so I could go in and
get rid of the spylocked thing. In fact, my own anti spyware program cleaned
up most of it, and with the bleeping computer site instructions for manual
removal I finished it up. It's now clean & working, but I will download the
superantispyware for just in case.

Co-incidentally, at the same time this problem was occcuring, I found I
could not get this discussion group to load right.....my e-mails were telling
me I had answers to read, but I could not find the answers. I know how to
post here, I could find other posts I had made, but for 3 days it kept
telling me I had no recent posts....and for that matter, I discovered I could
not find anyone else's posts from the last 3 days......very weird. Today it
popped right up when I searched for it.