Have Trojan-spy.html.smitfraud.c need help removing

APK, the instructions do ask you to unhide your hidden files; have you done that?

To do it, you should open Windows Explorer and:-
1. Select "Tools" from the menu on top.
2. Select "Folder Options".
3. Select the "View" tab.
4. Scroll down and Select "Show hidden files and folders".
5. Unselect "Hide extentions for known file types".
6. Unselect "Hide protected operating system files".
7. If you get a "warning" prompt, say yes you want to do it anyway.
8. Click Apply and Ok.

Now look for your file.

 

I have done that, but still no folder called log files under windows\system32 :-(

 

APK

Could that folder already have been removed by a scanner (Antivirus or otherwise) ?

If you really can't get rid of it following those instructions you should post your HijackThis log on one of the other ASAP sites: https://www.wilderssecurity.com/showthread.php?t=42149

Regards,

Pieter

 

Problem sloved! if u have removed all the required files and still have the background or are unable to change destop update your display driver or video card and viola. drivers can be found easy with a simple google search

 

Thanks very much. It help me to remove the things.

Regards,

Alin_hazlin

 

I have the black screen now after removing the wp.exe. How do I get my display properties back? Also IE keeps going to about blank every time I reboot Please help...Thanks

 

I erased the wp file from my c drive by going to task manager and then processes and ending any wp files in action. Then i went back to the wp file location on the c drive and was able to delete the wp file.

 

I am downloading the Kav 5.0 trial right now , I am hoping this will work but if I need any help is there anyone out there that can help me get rid of this crap?
Thanks in advance

 

I don't know exactly what this thing is supposed to do but after messing around with stuff, here's what this thing does.

When you right click on your desktop, in the Display Properties window, you should normally see 5 tabs: Themes - Desktop - Screen Saver - Appearance - Settings. This program removes all possible ways for you to change your desktop background. My Display Properties window had only 2 tabs. Screen Saver and Settings.

There are 2 files that are placed in your C: drive:
WP.bmp and WP.exe

In order to get rid of WP.exe, you have to do a [ctrl alt delete] then find WP.exe and end the process. Then you can delete the file from the C drive along with the WP.bmp.

Next, you have to fix the registry settings that have been changed.

Go to : Start ---> Run, type regedit. Click ok.

Expand the following directories:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

The following keys (if present) must have their values (hex) changed to 0 or deleted.

NoDispBackgroundPage
NoDispSettingsPage
NoDispScrSavPage
NoDispAppearancePage

To change a key's hex value to 0, simply right click and click modify. Change the 1 to a 0 and click ok.

Also, I deleted the REG_SZ named Wallpaper. The key that directed the wallpaper to C:\WP.bmp.

 

Thnk a lot! this was the only simple version how to delete the trojan I could find, easy and quick! Thnk

 

HOLY CRAP THANKS! OMG That was driveing me insane, that was definatly the easyest way to get rid of it i saw. After it was done I did a friggen jig around my room i was so happy! THANKS!

 

U can't get much happier than that.


snowbound

 

A real dumb question

When you guys say reboot, does you mean restarting the computer. Because I have rebooted before and lost a lot of important stuff.

 

My computer has been infected with this terrible virus also. I'm reading all the advice from you guys, but I'm not understanding anything
It seems as if all of my programs had been wiped out-therefore I can't run anything (I can't even get to my control panel)
The only thing that sems to still function in my computer are my documents- where I luckily saved HijackThis- but I'm not sure if I can get rid of this Smitfraud thing with HijackThis...Everything else is just frozen or fails to open...HELP!!!!!!

 

hey guys:

I got the same bug being discussed......I downloaded and ran the KAV software....forgot to uncheck boxes etc.. that you advised.....but I think that I may have killed the virus....or did I....the blue screen still comes up with the prompt.....there were quite a few files corrupted and were deleted....and those that weren't were said to be put into some backup folder...but after the scan you can just access that folder and delete....which is what I did.....do you think I missed something...is there a way to get my desktop back.....not very computer savvy, but I can catch on fast....thanks beforehand for your help.....you guys rock

 

A follow-up to my question.....I was reading your responses on how to restore the desktop......when I go into task manager there is no wp.exe running, so I can't it or follow any of the other steps.....HELP.....thnks

 

posting #35....YOU ARE THE BEST

cancel my two questions above...jackie dennington does have the easiest and best way to correct the blue screen dilemma......all I did was run the kav or kasper software and deleted whatever and then followed her steps and everything seems to be back to normal.......THNKS

 

Jackie's method was real easy and effective. It worked for me too. Thanks a lot..

 

I hopefully "had" the smitfraud trojan but restarted into safe mode and ran antivir 3 times to get all the little bugs... I found the wp.exe in C: after antivir told me that it was bugged... deleted it, along with w.exe and a couple of other useless looking files. At least the blue warning background has changed but now its just black and I can't seem to change it. Antivir does a pretty good job of checking all the system32 files and found everything, I hope.

 

OK How did you get rid of it.I am reading all these posts and don't know which method you used. Thanks much Marsha

 

Hi Pieter,

Thanks for your tips on removing this infection. I followed your instructions and was able to get my computer close to normal before the infection. However, I now have a new problem. I can't update my windows using the windows update tab in Internet Explorer. Any suggestions? Any help is greatly appreciated!

Regards,
Kevin

 

I had the same virus on my laptop and I followed the intructions given by jackiedennington and I was able to get my laptop to a normal lookin state.
Now I am able to set the wall paper myself through properties window.
But when I open Internet explorere, it still opens some search page.It overrides the default page that I had set for the IE to open when it opens for the 1st time .
Please help me solve this.

Thanks

 

Many thanks to all for the advice available here. I used Pieter Arntz's fix and it worked perfectly.

Many thanks, Pieter

James Harper

 

I did what Jackie told and it worked, thanks. But i am not able to access my Yahoo Messenger. I guess there is some problem ?
Can anyone help ?