Rover

 windows newsletter

250,000+ readers!

 navigate
         
Home
Articles Archive

Search
 
 
 

About
 
Free Reports
Windows Tutorials
 

Subscribe
 
 
Subscribe free using the form below!



 
Enter Unlock Code
 
Advertise
 
     
Remove Smitfraud.c Trojan (0028.C0011E36 VXD)?
by Dennis Faas | updated 20050811 @ 08:52PM EST | google it | send to friends
Category: Internet (related terms: step reboot, o4 hklmrun, remove)
 
 

Gazette Reader 'Faskia' writes:

" Dear Dennis,

One of my PCs is now failing to connect to the Internet, and is showing a Security Warning screen on a Blue Screen of Death (BSOD). The blue background reads, 'A fatal error in IE has occured at 0028.C0011E36 in VXD VMM(01)+00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c.' Would you please give me some simple steps to remove Smitfraud from my PC? "

   
   
   
 
   

My response:

The problem is that your computer has been infected with Spyware. According to the F-Secure web site, Trojan-Spy.HTML.Smithfraud.c is a phishing scam where "a fake screen is presented to user [may even be a fake Blue Screen of Death], in an attempt to collect user account information" (Source: f-Secure.com).

I did some in-depth research and from what I understand, this Trojan is difficult to remove. It may because it's a new Spyware variant and from what I read, the majority of Spyware / anti-virus programs cannot remove it.

I was, however, able to find two manual removal solutions posted on bullGuard.com and experts-Exchange. I've looked over both postings and they are very similar in instruction (but vary slightly). The posting on BullGuard.com was easiest to follow, so I've included the instructions in this posting.

From bullGuard.com:

" Follow these steps in to remove Smitfraud and restore your desktop.

Print out these instructions and then close all windows including Internet Explorer.

Step 1: Go to Start -> Control Panel -> Add or Remove Programs and remove the following programs, if they are found: Security IGuard, Virtual Maid, and Search Maid. Once complete, exit the Add/Remove Programs window.

Step 2: View All Hidden Files on your computer; to do this: Open Windows Explorer, go to Tools -> Folder Options -> View and within hidden files and folders. Once you're there, checkmark 'Show hidden files and folders' and uncheck: 'Hide protected operating system files'.

Step 3: Run HijackThis and place a checkmark in front of the following entries:

O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O4 - HKLM\..\Run: [TaskMonitor] C:\Windows\taskmon.exe

O4 - HKLM\..\Run: [oxpFt] C:\Windows\VAUVPMOV.EXE

O4 - HKLM\..\Run: [Yqjya] C:\PROGRAM FILES\TMXD\TFUFB.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com ...

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com ...

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) http://a840.g.akamai.net ...

   
   
   
 
   

Step 4: Reboot your computer into Safe Mode.

Step 5: Once in Safe Mode, delete these files or directories. If the files / directories do not exist, do not be concerned.

C:\wp.exe

C:\wp.bmp

C:\bsw.exe

C:\bsw.bmp

C:\Windows\sites.ini

C:\Windows\popuper.exe

C:\Windows\System32\wldr.dll

C:\Windows\System32\helper.exe

C:\Windows\System32\intmonp.exe

C:\Windows\System32\msmsgs.exe

C:\Windows\System32\ole32vbs.exe

C:\Windows\system32\msole32.exe

C:\Windows\System32\Log Files

C:\Program Files\Search Maid

C:\Program Files\Virtual Maid

C:\Program Files\Security IGuard

C:\Windows\Temp\icsupp95.exe

C:\Windows\taskmon.exe

Step 6: Reboot your computer. Your desktop should be restored, and the background may appear as black.

Step 7: In order to restore your desktop settings download smitfraud.reg (link below). Save this file to your desktop; once it's there, double click it and when Windows asks you to merge the data, click Yes.

http://www.bleepingcomputer.com/files/reg/smitfraud.reg

Step 8: Reboot your computer. You should now be able to change your desktop settings back to how you would like it. If your desktop still looks strange, go into your display properties and click on the Themes tab. Change the theme to Windows XP and you will now be using the default Windows XP settings. Then change them as you see fit. " (Source: bullGuard.com)

Good luck!

--

Related newsletter articles:

2003/08/14 WinBackup Review (step)
2004/07/13 Quick Launch and MS Office toolbar disappeared? (reboot)
2002/09/17 How can I set up my modem to my network (ethernet) ... (reboot)
2005/04/27 Step-by-Step how to Build a Web Site? (step)
2004/11/09 Restrict access to portions of Start menu? (remove)
2003/11/18 Remove programs from my Startup? (remove)
2003/01/21 Remove Forwarding Brackets from Outlook Express emails, Part 2 (remove)
2004/03/11 What Spyware is safe to remove? (remove)
2004/12/16 Uninstall, Remove Bargain Buddy Spyware and related ... (remove)
2004/03/23 Uninstall Matcli vendor support? (remove)
2005/03/17 Spyware won't remove and keeps coming back! (remove)
2003/11/13 Remove traceable objects from PC? (remove)
2003/06/16 Remove shortcut arrows from icons? (remove)

--

Recent articles (from all channels):

2008/05/12 Today in History: for Monday, May 12, 2008
2008/05/12 [ShellX 20080512]: 'Remote Manager', and 'Cyber Bandwidth ...
2008/05/12 Video Gaming Trade Group Struggling
2008/05/12 T-Mobile Finally Joins 3G Phone Race
2008/05/12 Apple Slammed by Environment Watchdog
2008/05/09 [ShellX 20080509]: 'Advanced Run', and 'Diver Windows Manager'
2008/05/09 Texas Refuses Facebook Friend Request
2008/05/09 Photo-Enforcement Technology Replaces Officers On Patrol
2008/05/09 Cuban Government Says 'Ok Computer'
2008/05/09 Excel Can E-Mail Your Weekly Reports For You!
2008/05/08 [ShellX 20080508]: 'Shell Enhancer', and 'Lansweeper'
2008/05/08 Xobni: MS Outlook Social Networking Technology for your Inbox
2008/05/08 Music Companies Jump on GTA IV Bandwagon
2008/05/08 Fascinating: Memristor to replace Binary
2008/05/08 Adobe Hopes To Make Flash Master Of The (Mobile) Universe
2008/05/08 Spiffy Envelopes and Labels in MS Word
2008/05/07 [ShellX 20080507]: 'Winbin2iso', and 'Loop Typer'
2008/05/07 Yahoo Adds Security Warnings To Search Results
2008/05/07 Apple to Lose Money on iTunes Movie Releases
2008/05/07 Amazon.com takes New York Tax to Court
2008/05/07 Need Glasses for the Slide Sorter View in MS PowerPoint?
2008/05/07 After Winning The DVD Format War, Blu-Ray Sales Tank
2008/05/06 [ShellX 20080506]: 'Visual Basic 6.0 Portable', and 'Double-...
2008/05/06 Yahoo Outsources to Jajah
2008/05/06 New HP Circuit Could Change Technology Forever
2008/05/06 Movie Downloads To Match DVD Release Dates
2008/05/06 Microsoft Ends Yahoo Bid
2008/05/05 [ShellX 20080505]: 'Ie7 Pro', and 'Desktop Ok'
2008/05/05 The WB Network Hops Online
2008/05/05 Microsoft Slashes Price of Xbox 360 Overseas
2008/05/05 Google CEO Wants YouTube to Take More of Your Money


--

Subscription Management

To subscribe to our newsletter, or to read past issues:

http://www.infopackets.com/windows+newsletter.htm

To remove or change your subscription information, visit:

http://www.infopackets.com/remove+change+email.htm
         

 

Home | Subscribe | Remove | Download | Advertise | Contact | Refund Guarantee | Privacy Policy
Copyright © Computer 411 | Infopackets.com.  All rights reserved.