trojan-spy.html.smitfraud.c help... I'm melting

Not open for further replies.


Solid State Member
Hi all,

I am trying to sort out a friends PC for him. He's using Win 2000 Pro (still SP3!!) and has acquired the trojan-spy.html.smitfraud.c trojan/virus.

When you turn the machine on, it seems to boot, but within seconds of loading up you get a message saying that an illegal operation has occured and the desktop flips from black to the blue "the system is not stable, use your antivirus, there;s a trojan-spy......." message.

At this point I can't boot a CD, can't boot into safe mode or for that matter very much else at all. I can ctrl, alt delete and get the task manager up, otherwise nothing.

Does anyone have any idea how on earth I can get in for long enough to run HJT or get rid of it another way??

Help! I can't seem to get anything to work and he's not keen on me re-installing the system as all his Ipod tunes etc are on the HD, and haven't been backed up (It doesn't matter how many times you tell them!!!)

Looking forward to your responses!

kevsmovies1 said:

Does anyone have any idea how on earth I can get in for long enough to run HJT or get rid of it another way??

If you have another computer you might try to create an antivirus boot disk. I think there are some available from certain vendors like fprot. I hope others know of vendors as I am unsure there. Once you boot off that disk it should be able to find and quarantine the virus, otherwise you may be SOL :(
Thanks, I'll see if I can get a boot disk sorted and take it from there. As and when & if I get into the system, I'll try and get a HJT log to see whats going on in there. I think it may well be the usual case of no AV, no updates, no firewall and wide open to the nasties of the big bad web!
yea i think there maybe more then smithfraud
this is the first time i heard a person couldn't boot because of smithfraud.

can you boot up in safe mode
Hi, No, I tried booting into safe mode and I get a black screen with the words safe mode in each corner, but the "loading" message sits on the screen and goes no further, so in safe mode I can't actually get in either, which made me think that this may be double trouble as it were.

I am thinking because he's not used anything much in the way of security up until now and has never even done the Win2k SP4 update, that there could be a multitude of viruses, trojans, malware & spyware on the system and this has only really been picked up because of this latest addition......

I am thinking whether to get the drive out, do a fresh install on a new 'clean' drive and then daisy chain his old one to get all his music etc off that way... presumably that should be safe with an antivirus installed before daisy chaining the drives...
Not open for further replies.
Top Bottom