trojan-spy.html.smitfraud.c

[wahoo_128]

I have windows 2000 and boots up to windows but freezes and get this message:

SECURITY WARNING
a fatal error in IE has occured at 0028:C001E36 in VXD VMM (01) + 00010E36. Error was caused by trojan_spy.html.smitfraud.c
*system can not function in normal mode. Please check security settings.
*Scan your pc with any antivirus/spyware remover program to remove the proble.



I try safemode to no avail. Please help.

 

[talldude123]

Repair Windows 2000

http://www.windowsreinstall.com/windows2000/Repair/index.htm

 

[wahoo_128]

here is hijackthis file

Logfile of HijackThis v1.99.1
Scan saved at 3:28:21 PM, on 6/16/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\Alert on LAN\winnt\proxy\aolnsrvr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\LDCM\bin\IIDS.exe
C:\WINNT\system32\cba\pds.exe
C:\Program Files\Intel\LDCM\bin\ssm.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\System32\taskmgr.exe
A:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Clara\LOCALS~1\Temp\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
O2 - BHO: XMLDP Class - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - C:\WINNT\xmllib.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: SToolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINNT\winadvt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [User Space Manager] C:\Program Files\Intel\LDCM\Bin\USM.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Clara\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\RunOnce: [MigrateMMDrivers] rundll32.exe mmsys.cpl,mmseRunOnce
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [Tmntsrv32] C:\WINNT\System32\Tmntsrv32.EXE
O4 - HKCU\..\Run: [SMSSU] C:\WINNT\System32\SMSSU.EXE
O4 - Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {FD26AD9E-0B6C-4A6F-B000-C936E6290DA7} - C:\WINNT\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FD26AD9E-0B6C-4A6F-B000-C936E6290DA7} - C:\WINNT\System32\wldr.dll (file missing) (HKCU)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {9E1089BC-1AE8-4685-8D77-6721E5C318A8} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O21 - SSODL: DBZrcxXT - {3E7F08E0-94D5-A24A-5587-07C068D58742} - C:\WINNT\System32\whmx.dll
O23 - Service: Alert on LAN 2 Proxy (aolnsrvr) - Intel Corporation - C:\Program Files\Intel\Alert on LAN\winnt\proxy\aolnsrvr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel IIDS - Intel Corporation - C:\Program Files\Intel\LDCM\bin\IIDS.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: Intel SSM - Intel Corporation - C:\Program Files\Intel\LDCM\bin\ssm.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TMA Distribution - Unknown owner - C:\WINNT\system32\cba\lcfinst.exe

 

[talldude123]

Fix the following entries using HiJackThis:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Clara\LOCALS~1\Temp\se.dll/space.html

O2 - BHO: XMLDP Class - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - C:\WINNT\xmllib.dll (file missing)

O3 - Toolbar: SToolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINNT\winadvt.dll

O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min

O9 - Extra button: Microsoft AntiSpyware helper - {FD26AD9E-0B6C-4A6F-B000-C936E6290DA7} - C:\WINNT\System32\wldr.dll (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FD26AD9E-0B6C-4A6F-B000-C936E6290DA7} - C:\WINNT\System32\wldr.dll (file missing) (HKCU)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/f...etup1.0.0.6.cab

O16 - DPF: {9E1089BC-1AE8-4685-8D77-6721E5C318A8} - http://dload.ipbill.com/del/loader.cab

 

[wahoo_128]

I am getting the blue screen...how can i get to see my desktop?

thank u

 

[talldude123]

right-click on the desktop -> click on the active desktop menu -> uncheck view as webpage.

 

[wahoo_128]

I can't right click. i press ctrl + alt + del to get to task manager, which enables me to run programs.

 

[wahoo_128]

no explorer.exe in task manager. help anyone.

 

[MrCoffee]

CAn you load windows in safe mode? (F5 on start)

I had smitfraud.c once, very annoying malware, real pain in the *** but it never caused this sort of carnage, do you have other virus infections? what anti virus are you using?... Oh wait, mcafee

I had smitfraud when it was new and very few AV recognised it, I seem to remember using a trial of panda and Ewido which did most of the work but there were elements I had to kill manually.

DO a repair installation then get on to trend micro housecall as soon as you can. Try downloading trials of other AV soft as well e.g. Kaspersky6, nod32.