Have Trojan-spy.html.smitfraud.c need help removing

Re: Trojan-Spy.HTML.Smitfraud.c

I am having problems with this trojan, but when I try to go into Safe Mode to make the fixes, all I get is a black screen. I am still able to go into the task manager in this mode but can't seem to do anything else. Is there a way to perform these corrections using the command prompt or the limited functionality I have?

Every time I start (in safe or in normal mode) I get the following message:

'Explorer.exe was not able to start because WININET.dll was not detected.'

I saw this dll available for download, but would this be able to get it working so I can perform the steps necessary to clean the computer?

Thanks for any help you can give.

 

I got the smitfraud trojan horse last night, and unfortunately, it has disabled my antivirus, spyware, and all internet access. Before norton became disabled, it instructed me that windows\system\wininet.dll was infected and after I quarantined it, I cannot get things to work. When I scanned the computer using my norton disc thru the disc drive, it told me I had bloodhound.w32.EP virus. The other thing - a link to antivirus gold 2.0 appeared on my desktop after I got infected. All hell is breaking loose! LOL

Any ideas,

JM

 

If possible, go to a friend with a cd-burner and let him download DrWeb-CureIt and burn it to a cd, go home put the cd in doubleclick (it will make a fast scan first) and choose which drive to scan, them hit the green man & let it scan, also let your friend print out this on how to manually remove smitfraud (Virus.Win32.Nsag.a), do this after the scan, then you can remove http://www.bleepingcomputer.com/forums/How_to_remove_Antivirus_Gold_or_AVGold-t22397.html (AV Gold).

 

Thanks for the working instructions. Now I have to get rid of the bloodhound.w32.EP. Any ideas?? I would much rather use this engine for assistance since my first experience was successful. Believe me I have been going at it for a long minute.
Thanks in advance

 

bloodhound.w32.EP is an heuristic detection, if i'm not mistaken and could be a false positive, you can if you know the exact file upload it to http://virusscan.jotti.org/ and get it scanned with no less than 14 anti-virus products.

I would also advice you to use at least the free online scanners from Kaspersky & BitDefender in my signature.

 

i have read the post, as i have the exact trojan mike mentions, but with me the blue security warning just flashes on and off continualy, i tried running in safe mode, but then the screen that says "you are running in safe mode are you ssure you want to coninue" just keeps flashing (looping) same as the warning. please if you can help me i would VERY much appreciate this, yours hopefully paul

 

Have you tried some of the suggestions in this thread?

 

OK i got rid of it using HJT and KillBox, thanks guyz!! I got this trojan along with AntivirusGold and PSGuard malware >_<

 

I took a look at the other tacked thread with the instructions on how to clean "Smitfraud", but I am having one problem- when I go to paste all the file names from the clipboard into Killbox, the first time only two of them pasted in, and since then nothing will paste into Killbox form the clipboard. The list of filenames shows up in the clipboard, but will not show up when I use the "paste from clipboard" option in Killbox.

 

Your supposed to enter one line at a time - see if this helps: https://www.wilderssecurity.com/showpost.php?p=501276&postcount=93

 

All i can do is pull up task manager and run some process but when i run my computer in normal mode it gives me an error saying "The application failed to intialize properly (0xc0000005).Click on OK to terminate the application" then so i click ok it says the same thing again then freezes then pulls up a blue screen saying"a fatal error in IE has occured at 0028:C001E36 in VXD VMM (01) + 00010E36. Error was caused by trojan_spy.html.smitfraud.c
*system can not function in normal mode. Please check security settings.
*Scan your pc with any antivirus/spyware remover program to remove the proble." Can tell me what to do and how thank you in advance

 

All i can do is pull up task manager and run some process but when i run my computer in normal mode it gives me an error saying "The application failed to intialize properly (0xc0000005).Click on OK to terminate the application" then so i click ok it says the same thing again then freezes then pulls up a blue screen saying"a fatal error in IE has occured at 0028:C001E36 in VXD VMM (01) + 00010E36. Error was caused by trojan_spy.html.smitfraud.c
*system can not function in normal mode. Please check security settings.
*Scan your pc with any antivirus/spyware remover program to remove the proble." Can tell me what to do and how thank you in advance

 

Do this:

If possible, go to a friend with a cd-burner and let him download DrWeb-CureIt and burn it to a cd, go home put the cd in doubleclick (it will make a fast scan first) when it's finished choose "options" > "Change settings" > "File types" choose "al Files" click apply and then choose which drive to scan, them hit the green man & let it scan (see screenshot).

You may have to do it in safemode:

If you are able to go on the internet after a reboot, then at least do a scan with the free online scanners from:

http://www.kaspersky.com/service?chapter=161739400
http://housecall.trendmicro.com/

More info:http://www.viruslist.com/en/viruses/encyclopedia?virusid=84462 .

 

desktop

How do i get up my desktop back all i get now is blue screen but it dosent say anything all i get is a error The application failed to initialize properly(0xc0000005).Click on OK to terminate program

 

Re: desktop

Did you try what i suggested?

 

Hay i cant start it in safe mode it just freezes but when i get the blue screen
i can use task manager but only in safe mode

 

Hay sorry i only get the blue screen in normal mode
The virus has deleted the backup file

 

Is this the bluescreen you see?http://www.viruslist.com/en/viruses/encyclopedia?virusid=84462, if it is then please read the whole page.

Can you do nothing with the computer, like can you click "Start" > "My computer" and see your cd drives?

 

Help having trouble with my yahoo messenger

HI everybody,
I would be glad if anybody over here could help me in sorting out the problem that i have been having with my yahoo messenger.
It gives a error message saying 'This program has performed an illegal function and will be shut down'
I deleted it and installed it once again but the problem still continues
Can anybody help me with this??
Many thanks

 

smitfraud.c

Hi. I am new to this forum, discovered it with a google search looking for help removing the smitfraud.c trojan. However, now things have gotten much worse. Before it was just the blue background with the standard message and id get a lot of popups. Now, after attempting to follow a post from another forum site , ive really messed up the pc. When i try to sign on in normal mode i get no desktop icons and just the blue screen error in the middle with the rest of the background in black. I cannot click on anything, i get no start menu, nothing possible. In safe mode the icons are on my desktop, but i cannot click on any of them. Since my PC knowledge ends right there, im pretty much stuck. If anyone can help me with this (dummy up the process as much as possible) I'd be very appreciative. I am currently using my PC at work so I wont be able to run any solutions until later this evening. Also, dont think i can download anything off this PC as only the administrator can do that and there are no cd burners. Thank you in advance for any help

 

Re: AntiVir Newsletter

Hope I am doing this right. I am trying to get rid of trojan-spy.html.smitfraud on a friends's computer. He has ME and he gets the usual red warning that tells about having this item. I cannot access the operating system even in safe? How can I get rid of this. The computer is useless.

 

i tryed a load of stuff to remove that trojan, well a load of progams and 50stg (english money) i found a program that did the job, is called XoftSpy it cost 50us dollars but it got rid of it and found other trojans and fixed the load. The Blue warning screen is gone and i can right click and change the appearnce to what i want.

hope this helps

 

There is absolutely no reason to buy something like Xoftspy at $50 just remove this, that would be ridiculous!!

Just do this:http://www.viruslist.com/en/viruses/encyclopedia?virusid=84462, you can replace Kaspersky with your AV of choice.

 

I had the same problem.
What you need to do:

- Start WIndows in save mode.
- Kill the Paydial.exe and Paytime.exe processes.
- Change all 195. etc references in regedit to e.g. google.com
- Remove all links to paydial and paytime from regedit.

System shall now be ok.

Punthooft

 

Help if possible this Smithfraud C has me defeated...(Hijack log enclosed)

Please if any experts can lend me some of their expertise im at a loss on how to deal with this desktop type virus. I have most likely tried over 10 spyware and virus related softwares to remove this with no luck. Thanks in advance

Desperate

Wilders no longer does Hijack logs. Please post your log at one of the forums in this link.