I am trying to clean a toshiba laptop with Windows XP Media Edition that is infected with at least smitfraud, maybe zlob, plus ? These infections took place with NOD32 v3 installed. NOD32 installed and computer scanned Mar 3rd 2008. Infection first appeared 5:45 am March 24th. All NOD32 settings were at default. I have scanned with NOD32 set to maximum cleaning strength - last scan shows nothing found. Internet Explorer 7 starts with about:blank, even though set to google. I have noticed a folder date-stamped at time of infection labeled "Helper" which appears to be empty, but can't be deleted. Starting IE7 now just shows a blank page for about:blank, where before it tried to load a vermin type site selling antivirus program. (I have screen shots). Has shown "security alert" in system tray. Have tried to clean with Spybot S&D, Smitfraudfix, vundofix, and tried using restore - both to a few days before infection, and to date of NOD32 install. ALL result in stop F7 error.

Any ideas besides restoring to factory? I do have DVD, but there are many other installed programs & configurations.
Any point in removing the drive and scanning it in another computer?

Out of curiosity, what software detected smitfraud and zlob on the machine?

{QUOTE-> Out of curiosity, what software detected smitfraud and zlob on the machine? <-QUOTE}

Spybot S&D 1.5.2, updated, found but did not complete removal before stop error (It got further in Safe Mode, but not all the way.) NOD32 shows various (in order of appearance in logs): Adware.virusheat, Adware.AVSystemCare, Adware.WinFixer, Adware.AdvancedCleaner, TrojanDownloader.zlob, TrojanDownloader.FakeAlert, BHO.NCV trojan (was in the "Helper" folder previously mentoned.) I have just turned off Restore, and am about to do another NOD32 scan with new definitions.
I have Windows Ultimate Boot CD v 2.0 as well as a bench computer with trays/adapters to mount the drive if I remove it from the machine.

I have run a scan with NOD32 ver3 in Safe Mode, and got the same stop F7 error. It seems to happen upon access of some file in the evil seats. IE no longer goes to the virmin's sales page since I added "127.0.0.1 securitypills.com" to the hosts file

I have now completed two scans since turning Restore off. The first removed 4 infections, the second one came up clean. Looks like it may be gone. Still may see the F7 stop error (plan on running Spybot again), but am creating an image of drive in its current state.

why dont u try scanning with a different engine, besides eav (maybe stand alone drweb cureit in safe mode or other).??

{QUOTE-> why dont u try scanning with a different engine, besides eav (maybe stand alone drweb cureit in safe mode or other).?? <-QUOTE}

I like the overall performance and specs for NOD32, and did not have the time to sift through a number of other products which NOD32 ordinarily out-performs. It wasn't a question of identifying the problem, it was one of removal. Windows' stop error prevented efforts to eliminate it. The variety of steps I did take all provoked the same response.
I did uninstall and reinstall Spybot S&D and that didn't make any difference in its performance. I ended up uninstalling it and running Adaware 2007 which was on the computer already. That cleaned up the odd registry references.
I now consider the issue resolved.

Appreciate your thoughts, though.

@ cpututor: i was refering to the possibility of being sure that nothing was left behind. different scanning engines use different paterns and some time the results r not exactly the same. i use nod v3 also,still the best for me...

happy to hear that u came out of it clean..

Hey, I'm having a very similar problem to this, but I cant even login without the STOP F7 blue screen occurring. It is possible to login to a limited account and safe mode without crashing straight away but I cant successfully run any anti-spyware scans. Sometimes a scan will succeed and display the multitude of spyware on my system but crashes as soon as the program attempts to clean it!

I've used Spybot S&D, Ad-Aware 2007 and McAfee VirusScan with no luck...

Is it possible to scan the hard drive using my laptop connected over the network? Or will that be of any advantage?

Thanks

I'd suggest sending a log from ESET SysInspector to samples[at]eset.com with this thread's url in the subject. I'll check it out and let you know how to clean out that threat.