Urgent problem - Smitfraud.c Trojan

[Guest]

Hi, any help would be greatly appreciated, i am in trouble with this.

I have the Smitfraud trojan apparently. My Desktop wallpaper is displaying
blue screen with the following message:

Security warning A fatal error in IE has occured at 0028:C0011E36 in VXD
VMM(01) + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c.

Not only that but my desktop keeps generating desktop icons linking to
explicit material, and keeps trying to send me to various explicit web sites.
I immediately disconnected myself from the office network for fear of
spreading around the office. I have tried everything. Everytime i delete
these icons they reappear after a few mins or when i restart. I am on Windows
XP by the way. Non of the anti virus software has worked like sophos or the
anti spyware software. I am in dire straits and any assistance would be
greatly appreciated.

There is also a red icon being displayed on my systray which has the same
icon for a critical error which we have not seen before and we are suspicious
of. And when i click on that icon it opens a window taking me to a website.

Any help would be greatly appreciated

thanks

 

[Taurarian]

http://securityresponse.symantec.com/avcenter/venc/data/joke.smitfraudoid.html

 

[David H. Lipman]

From: "vinu thomas" <[email protected]>

| Hi, any help would be greatly appreciated, i am in trouble with this.
|
| I have the Smitfraud trojan apparently. My Desktop wallpaper is displaying
| blue screen with the following message:
|
| Security warning A fatal error in IE has occured at 0028:C0011E36 in VXD
| VMM(01) + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c.
|
| Not only that but my desktop keeps generating desktop icons linking to
| explicit material, and keeps trying to send me to various explicit web sites.
| I immediately disconnected myself from the office network for fear of
| spreading around the office. I have tried everything. Everytime i delete
| these icons they reappear after a few mins or when i restart. I am on Windows
| XP by the way. Non of the anti virus software has worked like sophos or the
| anti spyware software. I am in dire straits and any assistance would be
| greatly appreciated.
|
| There is also a red icon being displayed on my systray which has the same
| icon for a critical error which we have not seen before and we are suspicious
| of. And when i click on that icon it opens a window taking me to a website.
|
| Any help would be greatly appreciated
|
| thanks

Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache
Tools --> Options --> Privacy --> Cache --> Clear

1) Download TrendMicro Sysclean by one of the following 2 methods

Trend Sysclean Method 1
---------------------------------------
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\sysclean")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt604.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

Trend Sysclean Method 2
---------------------------------------
Download the utility SYSCLEAN_FE at the following URL --
http://www.ik-cs.com/got-a-virus.htm
SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
Direct URL --
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

2) Download and install Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/
3) Update Adaware with the latest definitions then exit the software.
4) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
5) Reboot your PC into Safe Mode and shutdown as many applications as possible
6) Using the Trend Sysclean and Ad-aware SE utilities, perform a Full Scan of your
platform and clean/delete any infectors found
7) Restart your PC and perform a "final" Full Scan of your platform using both Trend
Sysclean and Ad-aware SE
8) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
9) Reboot your PC.
10) Create a new Restore point

* * Please report back your results * *

 

[David H. Lipman]

From: "vinu thomas" <[email protected]>

| Hi, any help would be greatly appreciated, i am in trouble with this.
|
| I have the Smitfraud trojan apparently. My Desktop wallpaper is displaying
| blue screen with the following message:
|
| Security warning A fatal error in IE has occured at 0028:C0011E36 in VXD
| VMM(01) + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c.
|
| Not only that but my desktop keeps generating desktop icons linking to
| explicit material, and keeps trying to send me to various explicit web sites.
| I immediately disconnected myself from the office network for fear of
| spreading around the office. I have tried everything. Everytime i delete
| these icons they reappear after a few mins or when i restart. I am on Windows
| XP by the way. Non of the anti virus software has worked like sophos or the
| anti spyware software. I am in dire straits and any assistance would be
| greatly appreciated.
|
| There is also a red icon being displayed on my systray which has the same
| icon for a critical error which we have not seen before and we are suspicious
| of. And when i click on that icon it opens a window taking me to a website.
|
| Any help would be greatly appreciated
|
| thanks


Please read and follow the directions posted at the following URL

http://www.wilderssecurity.com/showthread.php?t=75890

Please report back your results.

 

[ken]

In the info on wilderssecurity, the first instruction is to "Go to
Start > Control Panel > Add or Remove Programs and remove the following
programs, if found:" But on my friends computer, after he boots & gets
the fake blue screen, he can do nothing. Booting in safe mode doesn't
help. Can only boot to a dos prompt. Now what?

 

[David H. Lipman]

From: <[email protected]>

| In the info on wilderssecurity, the first instruction is to "Go to
Start >> Control Panel > Add or Remove Programs and remove the following
| programs, if found:" But on my friends computer, after he boots & gets
| the fake blue screen, he can do nothing. Booting in safe mode doesn't
| help. Can only boot to a dos prompt. Now what?

Repost the full problem and steps taken and the resyults in;

alt.comp.virus
or
alt.comp.anti-virus

 

[GJ.Fitzgerald]

My computer was infected with Smitfraud and I was finding it impossible
to get rid of. I'm using Windows XP. I tried various spyware cleaners
including AdAware, Microsoft, and even stupidly bought a $40 program
called Xostspy because its ad promised to remove Smitfraud (I know, I
was naive, but it came out of frustration with the Smitfraud, which had
paralyzed my browser). Xoftspy didn't work either. I was about to
download Hijack This and follow elaborate instructions for Smitfraud
removal when I saw an offer for a free trial of a ant-spyware called
Spy Sweeper. I decided to get it a try before going forward with the
other plan. Amazingly, it worked, finding thousands of infections on
my computer and completely removing Smitfraud. More than a day later
and my system is still spware-free. I later read that Spy Sweeper was
considered the best of the anti-spyware bunch by PC Magazine. I don't
work for the company or have an ulterior motive in sharing this, I'd
just like to try and help people who are as frustrated by Smitfraud as
I was. You can get the free trial at download.com. It's good for 30
days and if you decide to keep Spy Sweeper I believe it's $30 per year.
Good luck all!