A Fatal Error in IE has occurred at 0028:C0011E36 in VXD VMM(01)+00010E36. Error was caused by Troja

Posted 6/16/2005 2:07 PM
#16312
User avatar

joewilliams697 Member

Date Joined Nov 2016
Total Posts: 2
Morning,

After rebooting I now have a blue screen of death type background on my desktop with the following message:
"A Fatal Error in IE has occurred at 0028:C0011E36 in VXD VMM(01)+00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c "

I then ran Ad-Aware, Spybot, and Norton AntiVirus (all with updated def files) to no effect.

I have since downloaded and run Hijackthis. The log follows. Any help would be greatly appreciated!

Thanks,
Joe

Logfile of HijackThis v1.99.1
Scan saved at 8:56:26 AM, on 6/16/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\DRIVERS\CDAC11BA.EXE
C:\WINNT\system32\crypserv.exe
D:\program files\bin\db2jds.exe
D:\program files\bin\db2sec.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\r_server.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
D:\Program Files\IntraPort Client\vpn5000service.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Advanced Interactive Multimedia\aim.exe
C:\Program Files\Xgrznph\Vwopypc.exe
C:\WINNT\system32\HPJETDSC.EXE
E:\Program Files\Lotus\Sametime Client\Connect.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.EXE
D:\Program Files\MS Office\Office\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\Program Files\Copernic

Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - E:\PROGRA~1\COPERN~1\COPERN~1.DLL
O1 - Hosts: 209.251.166.179 stlbkup1 stlbkup1.stl1.dbn.net
O1 - Hosts: 209.251.166.180 stlbkup2 stlbkup2.stl1.dbn.net
O1 - Hosts: 209.251.167.100 admin.stl1.dbn.net admin
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - d:\program files\WS FTP\wsbho2k0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\downloaded program files\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\downloaded program files\googletoolbar1.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - E:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] d:\ElbyCheck.exe /L ElbyCDFL
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Advanced Interactive Multimedia] C:\Program Files\Advanced Interactive Multimedia\aim.exe
O4 - HKLM\..\Run: [Bkvdmio] C:\Program Files\Xgrznph\Vwopypc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Ezio"
O4 - HKLM\..\RunServicesOnce: [washindex] D:\Program Files\Washer\washidx.exe "Ezio"
O4 - HKCU\..\Run: [HP JetDiscovery] HPJETDSC.EXE
O4 - HKCU\..\Run: [Sametime Connect] "E:\Program Files\Lotus\Sametime Client\Connect.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1058.dll,InstantAccess
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Ezio"
O4 - Startup: twksup.lnk = C:\Program Files\JerMar Software\Tweaki...for Power Users\twksup.exe
O8 - Extra context menu item: &Copy Location - C:\WINNT\WEB\graburl.htm
O8 - Extra context menu item: &Google Search - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Highlight - C:\WINNT\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINNT\WEB\urllist.htm
O8 - Extra context menu item: Backward Links - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: I&mages List - C:\WINNT\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINNT\WEB\frm2new.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://E:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Search Using Copernic Shopper - D:\PROGRA~1\COPERN~2\Web\Find.htm
O8 - Extra context menu item: Similar Pages - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Decompiler - E:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O8 - Extra context menu item: Translate into English - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Validate XML - C:\WINNT\web\msxmlval.htm
O8 - Extra context menu item: View XSL Output - C:\WINNT\web\msxmlvw.htm
O8 - Extra context menu item: Zoom &In - C:\WINNT\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINNT\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {4B981DDB-ED12-4772-ABF4-76E3C14982E0} - D:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Shop Using Copernic Shopper - {4B981DDB-ED12-4772-ABF4-76E3C14982E0} - D:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: Shop - {7149E60F-754A-47EB-8916-F60021678D84} - D:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MSOFFI~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINNT\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINNT\System32\webzone.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINNT\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINNT\System32\webzone.dll
O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - E:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - E:\Program Files\SourceTec\Sothink SWF

Decompiler\InternetExplorer.htm
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINNT\System32\oline.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

https://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - https://www-1.ibm.com/sametime/stmeetingroomclient/STJNILoader.cab
O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser Integration Classes) - https://live.landsend.com/webline/applets/msie40x.cab
O16 - DPF: {9DF7B111-630C-11D4-B1E4-00A0C95612AF} (LnchCtl Class) - https://inside.alpineinc.com/wps/PA_1_0_47/html/nlaunch.cab
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - https://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1058.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://stellent.webex.com/client/v_mywebex/webex/ieatgpc.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.usatstore.com/admin/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B8D0D07-556B-4425-A6D9-C6937B4A8154}: NameServer = 206.141.192.60,206.141.196.13
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B8D0D07-556B-4425-A6D9-C6937B4A8154}: NameServer = 206.141.192.60,206.141.196.13
O17 - HKLM\System\CS2\Services\Tcpip\..\{3B8D0D07-556B-4425-A6D9-C6937B4A8154}: NameServer = 206.141.192.60,206.141.196.13
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDAC11BA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: DB2 JDBC Applet Server - Control Center (DB2ControlCenterServer) - Unknown owner - D:\program files\bin\db2ccs.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - D:\program files\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - D:\program files\bin\db2sec.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Funnel Web 5 - Scheduler - Quest Software (NASDAQ=QSFT) (www.quest.com) - E:\Program Files\Quest Software\Funnel Web Analyzer (Free)

5.0\AnalyzerFree.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - D:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\system32\r_server.exe" /service (file missing)
O23 - Service: VPN 5000 Service 1.00.00 (VPN5000Service) - Unknown owner - D:\Program Files\IntraPort Client\vpn5000service.exe
Posted 6/22/2005 2:28 PM
#16437
User avatar

JACO Member

Date Joined Nov 2016
Total Posts: 1
Hi,

I've the same problem since last night. ie

""After rebooting I now have a blue screen of death type background on my desktop with the following message:
"A Fatal Error in IE has occurred at 0028:C0011E36 in VXD VMM(01)+00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c ""

However, I'm unable to get to an active desktop to run AntiVirus programs and can't boot up in "Safe Mode" or any mode that gives access to programs.

Anyone help?

JACO ILLITERATE
Posted 6/22/2005 3:16 PM
#16439
User avatar

joewilliams697 Member

Date Joined Nov 2016
Total Posts: 2
Not having got a response on this site I happen to come across ActiveScan from Panda Software. They scanned my PC and found what Ad-aware, Spybot, and Norton did not. I was able to use the text file outout from Panda and go through my system and manually delete the items which they found. Pretty pleased overall and was surprised I had not heard of them before. Here's the link...

https://www.pandasoftware.com/products/activescan/com/activescan_principal.htm

Good luck!
Posted 6/22/2005 5:29 PM
#16453
User avatar

Thaiphoon Member

Date Joined Nov 2016
Total Posts: 1
Hi Joe Williams,

thanks for the link! Did your message now disappear on your desktop?
Posted 6/25/2005 7:12 PM
#16582
User avatar

digital soul Member

Date Joined Nov 2016
Total Posts: 2
scan your computer with pandasoft online scan utility and then download the sumry delete the infected files manually and you will be having your desk top back on

Good luck :hop:
Posted 6/25/2005 7:13 PM
#16583
User avatar

digital soul Member

Date Joined Nov 2016
Total Posts: 2
Posted 6/25/2005 7:50 PM
#16584
User avatar

Bazzatron Member

Date Joined Nov 2016
Total Posts: 3
erm, there are techs on here right, ly people that can actually help with this kinda stuff?
i got the smitfraud virus thing, its ANNOYING!!!!!!!
i got the lil error mssg off my desktop, i used hijack this, i used panda, i used everything i could think of, adn everything i read off other sites, but althought i have no secruity message saying to use antivirus software etc i still have tht soddin' blue screen of death type thing one my desktop, with no writing on it, and i cant change it, so i sit here forever in the blue,

heres my hijackthis log if you need it.....


Logfile of HijackThis v1.99.1
Scan saved at 20:30:27, on 25/06/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
D:\PROGRAM FILES\MESSENGERPLUS! 3\MSGPLUS.EXE
D:\PROGRAM FILES\IMT LABS MESSENGER PLUGIN\CLOUD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TEMP\ICSUPP95.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
D:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
D:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.co.uk/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InterCheckMonitor] "D:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE" -minimised
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [oxpFt] C:\WINDOWS\VAUVPMOV.EXE
O4 - HKLM\..\Run: [Yqjya] C:\PROGRAM FILES\TMXD\TFUFB.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\SYSTEM\msmsgs.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Sweep95] D:\Program Files\Sophos SWEEP\ICLOAD95.EXE
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [CloudPlugin] "D:\Program Files\IMT Labs Messenger Plugin\Cloud.exe"
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Search - https://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYGB
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR3.DLL/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - https://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - https://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - https://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - https://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - https://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - https://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - https://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - https://www.bang-olufsen.com/InstallObjs/isetup.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - https://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasoftware.com/activescan/as5/asinst.cab




Please help me all you there out in computer land! i am forever in your debt!

Yours scincerely
-The Bazzatron
Posted 6/27/2005 12:29 AM
#16642
User avatar

Bianc@ Valued member

Date Joined Nov 2016
Total Posts: 17
Hi Bazzatron!






The infection you have changes your desktop to display an alert in an attempt to persuade you to purchase spyware removal software. It also edits your registry to prevent you from changing your desktop.

Follow these steps in to remove Smitfraud and restore your desktop.

Print out these instructions and then close all windows including Internet Explorer.


Step 1


Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if they are found:

Security IGuard
Virtual Maid
Search Maid


Exit Add/Remove Programs.


Step 2


Make sure that you can [color=#136b74>.[/b]

- open Windows Explorer, go to Tools->Folder Options->View and within hidden files and folders please:

- check 'Show hidden files and folders',

- uncheck: 'Hide protected operating system files'



Step 3


Run again HijackThis and place a checkmark in front of the following entries:


O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [oxpFt] C:\WINDOWS\VAUVPMOV.EXE
O4 - HKLM\..\Run: [Yqjya] C:\PROGRAM FILES\TMXD\TFUFB.EXE
O8 - Extra context menu item: &Search -
https://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYGB[/color][/url]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [color=blue>Step][/color]


Reboot your computer into
[color=#136b74>SAFE]. You can find a guide on how to do that here:



https://www.computerhope.com/issues/chsafe.htm[/color][/url]



Step 5


Then delete these files or directories (Do not be concerned if they do not exist):

C:\wp.exe
C:\wp.bmp
c:\bsw.exe
c:\bsw.bmp
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\WINDOWS\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe
C:\Windows\System32\Log Files
C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Program Files\Security IGuard
C:\WINDOWS\TEMP\ICSUPP95.EXE
C:\WINDOWS\TASKMON.EXE


Step 6


Reboot your computer to go back to normal mode. Your desktop may be restored or it may be black at this time.

Step 7


In order to restore your desktop settings download the following reg file to your desktop by right clicking on the link, and selecting “save as”.

https://www.bleepingcomputer.com/files/reg/smitfraud.reg

Once it has downloaded, double-click on the smitfraud.reg file on your desktop and when it asks if you would like to merge the data, click on the Yes button.

Reboot your computer and you should now be able to change your desktop settings back to how you would like it. If your desktop still looks strange, go into your display properties and click on the Themes tab. Change the theme to Windows XP and you will now be using the default Windows XP settings. Then change them as you see fit.



Kind Regards,



Bianca Simion

BullGuard Support Team

www.bullguard.com

Posted 6/27/2005 8:58 PM
#16666
User avatar

Bazzatron Member

Date Joined Nov 2016
Total Posts: 3
thanks there bianca, your a ledge, but does it matter that im not using windows XP? im using windows ME millenium edition
Posted 6/29/2005 5:12 PM
#16786
User avatar

Bianc@ Valued member

Date Joined Nov 2016
Total Posts: 17
Hi Bazzatron!





It doesn't matter what version of Windows you are using. Please follow the steps I have indicated you and communicate me the result.



Thank you for your cooperation.

Kind Regards,



Bianca Simion

BullGuard Support Team

www.bullguard.com

Posted 6/29/2005 6:06 PM
#16789
User avatar

Bazzatron Member

Date Joined Nov 2016
Total Posts: 3
Okay, i have done all you have said, it seems to be working fine now, thanks, i have control of my desktop again, yay! but my MSS messenger seems to be giving me a hard time of things, it keeps on goin weird after i open up a few windows, the boxes lose there "consistancy" they sort of start to move all over the place, inside the widow, i usually have up full screen, and the writing gets distorted, like it has been slashed horizontally, could you help me with that?
Posted 6/30/2005 9:00 PM
#16847
User avatar

trinityjj Member

Date Joined Nov 2016
Total Posts: 1
I have this error and no start menu or desktop. How do I get started? Once I have a start menu I can follow the rest of the directions.
Posted 7/10/2005 8:40 AM
#17305
User avatar

Nickye4 Member

Date Joined Nov 2016
Total Posts: 1
I too have this error but I cannot get a start menu or desktop to come up.

Can anyone help please?
Posted 7/13/2005 6:52 PM
#17447
User avatar

Nick78 Member

Date Joined Nov 2016
Total Posts: 1
Im having the same problem right now. But i cant get into my account. I dontvrea;;y know much about computers but i have been trying to run virus scans but another message keeps popping up.

Its about a file named WININET.dll and says the i have to reinstall it but dont know how. Plus my dad is the one whos computer it is. Im on my brothers laptp right now cause its the only way i could get help. I have no idea what commands to execute or try to in cmd.exe and just cant get into anything. PLEASE HELP!!!!
Posted 7/19/2005 1:24 AM
#17605
User avatar

kerriopie Member

Date Joined Nov 2016
Total Posts: 1
Hi Guys Im new here, but just wanted to let you know I got this same thing with the blue screen of death and the warning & all... i ran hijack this & ad aware & followed all the instructions provided & still had it... any way was looking around for other helpful solutions to the prob & stumbled across a site that told me to go into my control panel look for programs that did not look familiar to me.. the one i found was INTERNET UPDATE i removed it & rebooted & TA-DA everything is back to normal... all settings desktops everything.... hope this helps some of you...


kerriopie



P.S. I also had to remove the PSGUARD from add/remove programs window as well....
Posted 7/28/2005 7:51 PM
#18033
User avatar

ajenery Member

Date Joined Nov 2016
Total Posts: 6
Hi... I'm a very new member having similar 'Smitfraud.c' virus problems. I'm keen to follow bianc@'s advice, but I do not have Security IGuard, Virtual Maid or Search Maid in Add or Remove Programs.
All I've managed to do so far, is overwrite the 'error message/blue wall of death' with a .bmp file created in MS-Paint, and remove the 'downloader.generic' virus detected by my AVG v7.0...

Regards to all...
Posted 9/10/2005 9:09 PM
#19548
User avatar

np2fast Member

Date Joined Nov 2016
Total Posts: 1
I have the same error and it appears during boot so i cant do anything.
I tried restarting it in sfae mode but it just freezes up.



I am trying to get a hold of a windows boot cd so i can reinstall windows if it lets me.



Any help guys?



thanks in advance!
Posted 10/31/2006 12:32 AM
#38685
User avatar

Captain C Member

Date Joined Nov 2016
Total Posts: 1
Bianc@, I have the same problem only when I ran Hijack this some of the files you said to check weren't there. What can I do to remove this? Do you need my Hijack this log?
Posted 6/5/2008 9:30 PM
#62676
User avatar

Boring_Benji Member

Date Joined Nov 2016
Total Posts: 2
I removed Smitfraud easy with SuperAntiSpyware but my desktop is mess up:-( I got a big white box wich I do not know how to remove and when I try to change my desktop background this message pop up:

Windows Internet Explorer:
Cannot find the file:///C:/Windows/privacy_danger/index.htm'. Make sure the path or internet address is correct.

What has that to do with my background???

The same massage appear when I lock and unlock the start thing (What its called in english) down in the bottom of my screen.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Friday, October 18, 2019, 8:45 PM (GMT +2)
There are a total of 61,732 posts in 13,617 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,527 registered members. Please welcome our newest member, luse.angus.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.