Trojan-spy smitfraud

You're welcome. As a consultant I know how frustrating it can be to run into an issue that you just can't find an answer for.

The "easy" call is to reload everything, but rarely is that the right call. It might take quite a while for you to find a solution to something, but it's well worth it if it means you can fix the issue in 10 minutes next time you see it rather than hours of reloading an OS and rebuilding profiles.

Of course the other big thing is sharing the knowledge. If I don't post what I know about fixing an issue, how can I expect anyone else to post fixes that will help me?

Wayne

 

thanks V3T-TOO worked well

 

I hope some one can help with this, it's driving me nuts.

After booting, my destop looks normal, then in about 5 seconds, all the icons and taskbar disappear. I can run Task Manager, and launch and run programs from that. I am running XP Pro. I did an AVG virus scan which turned up nothing. I tried the regedit solution mentioned in this thread, but there was no "Image File Executions.options" I've also tried to launch "Explorer.exe" and it did not show up as a process.

From other posts, I tried running a program named "Shellfix" which was supposed to fix this, but didn't. I've also checked for processes named SYSU.EXE and BXOMEBC.EXE, but neither of these is present.

Help! Any ideas?

 

can some one help me too!!! I have the same problem my desktop is blued with a blackbox in the middle saying "system stopped, system has benn stopped due to a serious malfunction. spyware activity has been detected. It is recommended to use spyware removal tool ro preven data loss. Do not use the computer before all spyware removed.
I tried all the soloutions above, non of them worked.I didn't have any of the files in my registery.
can some one please help me. this is driving me crazy.

 

does anyone know how to do this in win98? My pc is totally locked up. can do ctrl alt del though. the warning is displayed in both safe and regular mode. I can boot to dos. Please help

 

This worked for me as well. We had a computer that was riddled with trojans and once we got it cleaned explorer stopped working. We we on the verge of reinstallling windows when I came across this post. Thans Wayne, you saved us a ton of setup and recovery time.

 

Have similar problem but don't have those registry keys to delete. Have tried system restore but doesn't work. Have restarted several times but that doesn't work either. This is on Medion AMD 2200+ 256MB, any suggestions?

 

What state is your pc in? Have you cleaned it, but now have a handicapped partition? You can always try a windows XP repair if thats the case:http://helpdesk.its.uiowa.edu/windows/instructions/repairinstall.htm or System File Checker (sfc.exe), this will scan all protected Windows files to verify their versions have not been overwritten or damaged, and if so will replace the compromised version with a fresh copy.

To run it, click Start/Run and type 'sfc.exe /scannow' (without the quotes but with the space between the 'e' and the '/').

Alternatively, you can click start/Run and type in CMD and click O.K., when the black window opens type in "sfc /scannow".

You will need to insert your Windows CD into the drive to enable sfc to effect the repair.

 

Hello Bubba,
I am having the same problem as "Casajameli" except my laptop runs Win98, and I don't have the option of the "new task" on the task manager!
Is there a virus/spyware I can on a floppy or a similiar solution you gave to the guys but for win98?
Thanks in advance,

Marco

 

~Cleaning instructions removed~

This type of assistant requires custom instructions based upon what has been seen on the person's system given from posting a HijackThis log, with followup from a spyware removal expert. The canned speech alone cannot be posted directly without these added instructions by a qualified HijackThis Analyst.

I have removed the canned speech that you posted as we no longer perform spyware cleaning services here, as referred to in this Announcement.

snapdragin

 

Khazars,
Happy New Year and thanks much for taking the time for answering my post.
Unfotunately I cannot even get to the "applications tab" on task manager, all I can see there are a "End Task" "Shut Down" and "Cancel" buttons, there are no other options.
The machine is a Toshiba LapTop, "Portege" 7010CT, running win98SE, I cannot access anything on the desktop, any attempt of opening a icon or clicking on start, just dont get me nowhere. Then I press ctrl+alt+del to get to Task Manager, then I see what I mentioned, no other options, Oh Yeah the windows shows Explorer (Not Responding)
I spent close to 30 hours on this computers already, because I dont want to lose the data there is on it. Or else I would have reformated.
Today I bought a cross-over cable in the hopes that my main computer would be able to see it, but no luck.
So I'm back to square one.

So anyway if there is any hope, I would apreciate to hear

Thanks again

and a very Happy New Year

Marco

 

Hi Marco,

I have removed the instructions from khazars post as they were incomplete and additional cleaning steps would have been required. Since we no longer provide general spyware cleaning services, please follow the instructions below:


For people who think they may be infected with the smitfraud/spyaxe infection, please see this post at DSLR for cleaning instructions: http://www.dslreports.com/faq/13542

Then follow up with a HijackThis log either posting it at DSLR, or one of the other forums that do offer HijackThis analysis and spyware cleaning:

http://castlecops.com/forums.html
http://www.spywareinfoforum.com/
http://forums.tomcoyote.org/

Regards,

snap