how do i remove a trojan spy virus?

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

I inadvertently downloaded spyware about a month ago and since then my
computer's system has been slowly deteriorating. I downloaded lavasoft
and adaware but they did absolutely nothing to remove the problems.
Recently my entire computer's screen is blue and says "A fatal error
has occurred...error caused by Trojan-Spy.html.smitfraud.c" I'm afraid
to use the internet on that computer. Can someone please tell me how I
can fix this?
5 answers Last reply
More about remove trojan virus
  1. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    It's no spyware it's a virus....
    http://www.avast.com (Home edition free to use)
    --
    ---------------------------------------
    http://www.fast-rewind.com
    ---------------------------------------


    "EE" wrote:

    > I inadvertently downloaded spyware about a month ago and since then my
    > computer's system has been slowly deteriorating. I downloaded lavasoft
    > and adaware but they did absolutely nothing to remove the problems.
    > Recently my entire computer's screen is blue and says "A fatal error
    > has occurred...error caused by Trojan-Spy.html.smitfraud.c" I'm afraid
    > to use the internet on that computer. Can someone please tell me how I
    > can fix this?
    >
    >
  2. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Go here and anything it cannot repair have it delete.

    http://www.pandasoftware.com/activescan/

    By the way, you are NOT telling us you have no virus protection on your PC
    are you?


    "EE" <eisleyunay@hotmail.com> wrote in message
    news:1120954662.457782.78910@o13g2000cwo.googlegroups.com...
    >I inadvertently downloaded spyware about a month ago and since then my
    > computer's system has been slowly deteriorating. I downloaded lavasoft
    > and adaware but they did absolutely nothing to remove the problems.
    > Recently my entire computer's screen is blue and says "A fatal error
    > has occurred...error caused by Trojan-Spy.html.smitfraud.c" I'm afraid
    > to use the internet on that computer. Can someone please tell me how I
    > can fix this?
    >
  3. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Follow this for removal:
    http://securityresponse.symantec.com/avcenter/venc/data/w32.desktophijack.html

    You probably do not have an up to date anti virus.
    Do you have a firewall?
    Is your Windows XP up to date?

    Follow this link to protect your computer and help prevent this in the
    future:
    http://www3.telus.net/dandemar/security.htm

    --
    Jupiter Jones [MVP]
    http://www3.telus.net/dandemar
    http://www.dts-l.org


    "EE" <eisleyunay@hotmail.com> wrote in message
    news:1120954662.457782.78910@o13g2000cwo.googlegroups.com...
    >I inadvertently downloaded spyware about a month ago and since then my
    > computer's system has been slowly deteriorating. I downloaded lavasoft
    > and adaware but they did absolutely nothing to remove the problems.
    > Recently my entire computer's screen is blue and says "A fatal error
    > has occurred...error caused by Trojan-Spy.html.smitfraud.c" I'm afraid
    > to use the internet on that computer. Can someone please tell me how I
    > can fix this?
    >
  4. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Have a look here..
    http://www.daniweb.com/techtalkforums/thread24491.html

    "EE" <eisleyunay@hotmail.com> wrote in message
    news:1120954662.457782.78910@o13g2000cwo.googlegroups.com...
    >I inadvertently downloaded spyware about a month ago and since then my
    > computer's system has been slowly deteriorating. I downloaded lavasoft
    > and adaware but they did absolutely nothing to remove the problems.
    > Recently my entire computer's screen is blue and says "A fatal error
    > has occurred...error caused by Trojan-Spy.html.smitfraud.c" I'm afraid
    > to use the internet on that computer. Can someone please tell me how I
    > can fix this?
    >
  5. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    In order to remove this infection you will need to use HijackThis to
    manually remove the infection:


    Print out these instructions as you will need to shutdown every window that
    is open later in the fix.


    Download HijackThis http://www.pcbutts1.com/downloads/HijackThis.zip and
    save it to your C:\ folder. Extract the hijackthis.zip file to
    c:\hijackthis. you will use this program later.


    Enter the Windows Control Panel and double-click on Add/Remove Programs.

    When the installed programs list appears, double-click on the following
    entries if they exists and allow them to uninstall.


    Security IGuard

    Virtual Maid

    Search Maid

    PSGuard


    Then exit the Add/Remove Programs screen and the Control Panel.


    click HERE http://www.pcbutts1.com/downloads/Smithfraud.reg and select Save
    As (in Internet Explorer it's labeled Save Target As) in order to download
    the Smitfraud.reg file. Save this file to your desktop.

    Locate the smitfraud.reg file on your desktop and double-click it. When
    asked if you want to merge with the registry, click the YES button. Wait for
    the "merged successfully" prompt then follow the rest of the instructions
    below.


    Configure your computer so you can see all hidden files.

    To enable the viewing of Hidden files follow these steps:


    Close all programs so that you are at your desktop.

    Double-click on the My Computer icon.

    Select the Tools menu and click Folder Options.

    After the new window appears select the View tab.

    Put a checkmark in the checkbox labeled Display the contents of system
    folders.

    Under the Hidden files and folders section select the radio button labeled
    Show hidden files and folders.

    Remove the checkmark from the checkbox labeled Hide file extensions for
    known file types.

    Press the Apply button and then the OK button.

    Now your computer is configured to show all hidden files.


    Download Killbox http://www.pcbutts1.com/downloads/killbox.zip and save it
    to your desktop. Extract killbox.zip to your desktop. Then double-click on
    the killbox.exe program.

    When the program is open, select the option labeled Delete on reboot.

    Do not close killbox, and open open notepad, by clicking on Start, then Run,
    and typing notepad.exe and pressing the OK button.

    When notepad is open, copy and paste the following text into the notepad
    screen. You do this by highlighting each of the below filenames and then
    pressing Control-C on your keyboard. Then click on the open notepad windows
    and press Control-V to paste the contents into the notepad.


    C:\wp.exe

    C:\wp.bmp

    C:\bsw.exe

    C:\Windows\sites.ini

    C:\Windows\popuper.exe

    C:\Windows\zloader3.exe

    C:\Windows\system32\wp.bmp

    C:\Windows\System32\hhk.dll

    C:\Windows\System32\wldr.dll

    C:\Windows\System32\helper.exe

    C:\Windows\System32\intmon.exe

    C:\Windows\System32\shnlog.exe

    C:\Windows\system32\perfcii.ini

    C:\Windows\System32\intmonp.exe

    C:\Windows\System32\msmsgs.exe

    C:\Windows\system32\msole32.exe

    C:\Windows\System32\ole32vbs.exe

    C:\WINDOWS\system32\oleadm.dll

    C:\WINDOWS\system32\oleadm32.dll


    Return to Killbox, go to the File menu and select Paste from Clipboard.

    Still in Killbox, click the red-and-white Delete File button. Click Yes at
    the Delete on Reboot prompt. Click No at the Pending Operations prompt. If
    your computer does not restart automatically, restart it manually.

    While your computer is restarting, tap the F8 key continually until a menu
    appears. Use your up arrow key to highlight Safe Mode, then press the enter
    button on your keyboard.


    Using Windows Explorer, delete the following files, if found, ( do NOT try
    to find them by "search" because they will not show up that way)


    FOLDERS to delete if found:

    C:\Program Files\Search Maid

    C:\Program Files\Virtual Maid

    C:\Windows\System32\Log Files

    C:\Program Files\Security IGuard

    C:\Program Files\PSGuard


    While still in Safe Mode, do the following:

    Make sure all programs and windows are closed. Double-click on
    C:\hijackthis\hijackthis.exe that you had downloaded and extracted earlier.
    When the program starts place a check next to each of the following entries,
    if found, then click FIX CHECKED button.


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http:://www.quicknavigate.com/search.php?qq=%1

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http:://www.quicknavigate.com/bar.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http:://www.quicknavigate.com/search.php?qq=%1

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http:://www.quicknavigate.com/search.php?qq=%1

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    http:://www.quicknavigate.com/search.php?qq=%1

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http:://www.quicknavigate.com/search.php?qq=%1

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page
    =http:://www.quicknavigate.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    about:blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http:://www.startsearches.net/search.php?qq=%1

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http:://www.startsearches.net/bar.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http:://www.startsearches.net/search.php?qq=%1

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http:://www.startsearches.net/search.php?qq=%1

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    http:://www.startsearches.net/search.php?qq=%1

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http:://www.startsearches.net/search.php?qq=%1

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    http:://www.startsearches.net/

    O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} -
    C:\WINDOWS\System32\hp6DD8.tmp

    O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe

    O4 - HKCU\..\Run: [WindowsFY] c:\bsw.exe

    O4 - HKLM\..\Run: [WindowsFZ] C:\WINDOWS\ZLOADER3.EXE

    O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security
    iGuard\Security iGuard.exe

    O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe

    O9 - Extra button: Microsoft AntiSpyware helper -
    {D5BC2651-6A61-4542-BF7D-84D42228772C} - C:\WINDOWS\System32\wldr.dll

    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
    {D5BC2651-6A61-4542-BF7D-84D42228772C} - C:\WINDOWS\System32\wldr.dll

    O9 - Extra button: Microsoft AntiSpyware helper -
    {D5BC2651-6A61-4542-BF7D-84D42228772C} - C:\WINDOWS\System32\wldr.dll (HKCU)

    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
    {D5BC2651-6A61-4542-BF7D-84D42228772C} - C:\WINDOWS\System32\wldr.dll (HKCU)


    When it is done fixing the entries, exit the HijackThis program and restart
    your computer so its back into normal mode.


    Download Hoster and run it http://www.pcbutts1.com/downloads/Hoster.exe .
    Press the Restore Original Hosts button and then press the press OK button.
    When it is done, exit the program.


    Click HERE and select Save As to download DelDomains.inf to your desktop
    http://www.pcbutts1.com/downloads/DelDomains.inf.


    Now RIGHT-CLICK on the DelDomains.inf file on your desktop and select the
    Install option.

    This will remove all entries in the "Trusted Zone" and "Ranges" also.


    Download, install, and run CleanUp
    http://www.pcbutts1.com/downloads/CleanUp40.exe


    Update and run your antivirus software to clean up any left over traces of
    these infections.

    Your computer should now be free of the Smitfraud / Quicknavigate /
    VirtualMaid infections.


    Some files downloaded were created by Mike Burgess MVP and others. Thanks
    Mike


    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "EE" <eisleyunay@hotmail.com> wrote in message
    news:1120954662.457782.78910@o13g2000cwo.googlegroups.com...
    >I inadvertently downloaded spyware about a month ago and since then my
    > computer's system has been slowly deteriorating. I downloaded lavasoft
    > and adaware but they did absolutely nothing to remove the problems.
    > Recently my entire computer's screen is blue and says "A fatal error
    > has occurred...error caused by Trojan-Spy.html.smitfraud.c" I'm afraid
    > to use the internet on that computer. Can someone please tell me how I
    > can fix this?
    >
Ask a new question

Read More

Trojan Computers Windows XP