Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

G_W_B

2 Intern

 • 

153 Posts

70112

April 16th, 2005 23:00

Trojan-spy.HTML.smitfraud.c

One of my computers, running Windows 98, has this error message:
 
A fatal error has occured at 0028:C0011E36 in VXD VMM (01).  Error was caused by Trojan-Spy.HTML.Smitfraud.c. 
 
System cannot function in normal mode. Please check security settings. 
Scan your PC with any available Antivirus or spyware removal program to fix problem. 
 
I have run Norton, Spybot, Ad-Aware and have had no luck.  Has anyone encountered this problem and if so do you know a fix.  Thanks.

zbestwun2001

4 Apprentice

 • 

8.8K Posts

April 18th, 2005 01:00

I found this online concerning your trojan from this site /www.viruslist.com/en/viruses/encyclopedia?virusid=73615.


Home / Viruses / Virus Encyclopedia / Malware Descriptions / Trojan Programs / Trojan Spies

Trojan-Spy.HTML.Smitfraud.c




Aliases
Trojan-Spy.HTML.Smitfraud.c ( Kaspersky Lab)
is also known as:
Phish-BankFraud.eml.a ( McAfee), Trojan Horse ( Symantec), Trojan.Bankfraud ( Doctor Web), HTML.Phishing.Bank-1 ( ClamAV), Trj/Citifraud.A ( Panda), HTML/Smithfraud.gen ( Eset)







Detection added
Feb 11 2005




Behavior
TrojanSpy



Currently there is no description available for this program.



As many viruses and worms are modifications of earlier versions, it
may help you to check the descriptions of similar programs. If such
descriptions are available, they will be listed at the top of the page.



Our virus analysts work hard to ensure that descriptions of the
commonest and most potentially dangerous software are available to
users. The Virus Encyclopedia is updated on a regular basis.



If you cannot find the description you need, please check back later, or contact us on


If you download the Kaspersky virus scan, I believe they have a free version.

To be honest with you though, if you have this you could very likely have other wanted visitors.

You might want to do this:

To begin with, pick 2 of these online scans and run them and see what they find. Let me know the results.
eTrust AntiVirus Web Scanner
Panda ActiveScan
Trend Micro.

After that could you please go here and download AdAwareSE and delete what it finds. Then go here here and download its VX2 cleaner. Run it and delete what it finds.
After that go here and download SpyBot and run it. When Spybot is complete, it will be showing RED entries, BLACK entries, and GREEN entries in the window. Put a check mark beside the RED entries ONLY. Choose Fix Selected Problems and allow Spybot to fix the RED only entries.
Now go to here and download HiJackThis to its own folder that you create on your C:\ drive.
After it is downloaded open the program and click Scan and Save to log.

Post the log that it generates in the HiJackThis forum, not this forum.


Steve

Love2ServeHim

3 Posts

April 21st, 2005 01:00

Did you find a fix?  I am having the same problem.  I did initial scans and cleaned up my computer.  Scans now show everything is OK.  However I still get the message:

A fatal error in IE has occurred at 0028:C0011E36 in VXD VMM(01) + 00010E36.  Error was caused by Trogan-Spy.HTML.Smitfraud.c

*System can not function in normal mode.  Please check you security settings.

*Scan your PC with any available antivirus / spyware remover program to fix the problem.

 

Spassmacher

3 Posts

April 21st, 2005 05:00

I'm having exactly the same problem with WindowsXP. I think I've cleaned everything up, but still I have that message which looks like a BSOD, but it's my desktop.

Love2ServeHim

3 Posts

April 22nd, 2005 00:00

I have WindowsXP too.  What is the next step to get this corrected?

Spassmacher

3 Posts

April 22nd, 2005 04:00

I don't know, I'm waiting for help too.

jwatt

4.4K Posts

April 23rd, 2005 18:00

I think there as many as three different operating systems mentioned in this thread: Win98 or ME, Windows 2000, and Windows XP.

If you've already tried using Ad-Aware and Spybot to remove this Trojan, and your antivirus software won't fix it, download HijackThis, a malware analysis and removal tool, and submit the log it produces for analysis as described below.

Here's an illustrated guide to installing and running HijackThis that you may find helpful.

With the Windows Explorer, go to C:\, right click and create a folder named HJT. Unzip the downloaded file hijackthis.zip into the newly created directory, C:\HJT.

After installing HijackThis.exe in the directory C:\HJT, run Hijackthis from that directory. Click on the 'scan' button and then 'save log' button. Copy and paste the contents of the text file you saved in a new message in the HijackThis board for review by the trained volunteers. Be sure to post the log in a new message, and describe the problem you're experiencing and the operating system and Service Pack level you're experiencing it with. DON'T ATTEMPT TO FIX ANYTHING REPORTED BY HIJACKTHIS without expert advice!

Jim

fionnmccool

1 Message

April 23rd, 2005 18:00

this problem seems  rampant  and  I have  it  along  with  quite a  few  others i suspect i have  seen  its  trace in the  registry  but  I think  its  embedded even  deeper has  anyone  found  the  answer in Win prof 2000 All  current  systems  seem  to fail  search and  destroy  Norton  Adware and  loftsoftusa is a  refrmat the  only  answer
Thanks  for  any  pertinent response
 
peter jf

Techie Man

2 Posts

April 27th, 2005 18:00

These seem to be quite good solutions. They work with XP/2000 but can work with win95/98, too, with little changes:
1) Kill task "wp.exe"
2) Delete "C:\wp.exe" - You will also see a file called "C:\wp.bmp". This is the image you see on desktop (the blue screen)
3) Delete all registry entries with "wp.exe" in them
4) Uninstall SecurityIGuard (some security, this is the wolves guarding the henhouse)
5) Fix registry settings to allow control panel tabs to be visible:

If you are familiar with working with the registry it is quite simple to activate the missing tabs on control panel. The following keys (if present) must be  deleted.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
NoDispBackgroundPage
NoDispSettingsPage
NoDispScrSavPage
NoDispAppearancePage
Back up your registry for safety.
 
Delete the "System" key.[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
It will allow you to change your background and enable browsing etc of wall paper.
 
I am able now to change wallpaper again.   Overwrite all entries in registry and the root directory that display "c:\wp.bmp" or delete them entirely!
*******************************

G_W_B

2 Intern

 • 

153 Posts

April 27th, 2005 21:00

I really want to thank everybody for all the help with this problem.  I am rid of the blue screen desktop and everything seems to be working normal.  I will follow the advise to get the desktop tabs back.  I really appreciate this!!!

sespress

1 Message

April 28th, 2005 16:00

This is excellent advice, I have gone through the steps listed and everything seems to be ok
 
Win98 no SP
1.0gig processor
512 ram
 
FYI Everyone should consider backing up their registry before altering it.

Wandering

2 Posts

May 1st, 2005 01:00

Hey,

I just got the Trojan, too and have already visiteds numerous places... I tried executing your steps, but I just can't find the wp.exe. Is there any kind of advice you can give me how to find the wp.exe? (Yes, I have used the regular search).

Thank you!

 

monika123456

2 Posts

May 1st, 2005 23:00

Did you figure out how to fix this virus because i have the same one and i don't know how to get rid of it.

monika123456

2 Posts

May 1st, 2005 23:00

Did you figure out how to fix this virus because i have the same one and i don't know how to get rid of it.

Techie Man

2 Posts

May 3rd, 2005 21:00

Here is some more advanced help for the Smitfraud virus

Signs:

A flashing warning icon appears in my system tray every 10 minutes or so, sometimes with a false warning about "adult content", "virus infection" etc. When you click the icon it always sends you to a site promoting dodgy anti-spyware software (at msxpsupport.com).

Running AVG, ad-aware and spybot do nothing to kill it.

Download Pocket Killbox and unzip it; save it to your Desktop.

Please set your system to show {br}all files; please see here if you're unsure how to do this.

Press Control-Alt-Del to enter the Task Manager.
Click on the Processes tab and end the following processes:
C:\WINDOWS\Downloaded Program Files\ieloader.exe
C:\WINDOWS\system32\helper.exe
Exit the Task Manager when finished.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
O4 - HKLM\..\Run: [FX] C:\WINDOWS\Downloaded Program Files\ieloader.exe
O9 - Extra button: Microsoft AntiSpyware helper - {7104E648-D0BF-40DC-A3BB-2DE93478D91A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7104E648-D0BF-40DC-A3BB-2DE93478D91A} - (no file) (HKCU)
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://greg-tut.com/G7/chm10.chm::/ieloader.exe
O16 - DPF: {7101BF6D-E1F4-723D-4343-1F15037AB4F3} - http://216.118.71.185/1/rdgCN1828.exe
Click on Fix Checked when finished and exit HijackThis.

Spassmacher

3 Posts

May 5th, 2005 01:00

Thanks Techie Man, you saved my desktop. I looked everywhere and you're the only person that could give me a solution, you rule.

Was this post helpful?

View All

No Events found!

Top