Bob was kind enough to let me know the download for
SmitRem wasnt working, Sorry about that Id posted the
wrong link but Ive moved it into that folder now so it
will work if you still need help with this Trojan.
Thankyou Bob
While Im Posting here's the list of files targetted by
SmitRem (the ones that are polite enough to print)
Program Files
---------------
AntiVirusGold
PSGuard
Search Maid
Security IGuard
SpySheriff
Virtual Maid
%systemroot%\system32 / system
-------------------------------
gunist.exe
helper.exe
hhk.dll
hhk.dll.tcf
hookdump.exe
hp***.tmp
intel32.exe
intell32.exe
intmon.exe
intmonp.exe
msmsgs.exe
msole32.exe
ole32vbs.exe
oleadm.dll
oleadm32.dll
oleext.dll
param32.dll
perfcii.ini
pop_up.dll
searchdll.dll
shnlog.exe
svcnt.exe
winnook.exe
wldr.dll
wp.bmp
wppp.html
_delete_on_reboot__intmon.exe
_delete_on_reboot__intel32.exe
_delete_on_reboot__OLEADM.dll
%systemdrive%(Local Disk C: or system partition)
--------------------------------------------------
wp.exe
bsw.exe
wp.bmp
bsw.bmp
winstall.exe
%systemroot% (Windows folder)
----------------------------
desktop.html
popuper.exe
screen.html
sites.ini
uninstIU.exe
zloader3.exe
Then all the Favorites entries, Desktop Icons, Desktop
Shortcuts, StartMenu- Quick Launch , System32-System
icons
Locations looked in for a wininet.dll replacement
--------------------------------------------------
listed in order of priority
%systemroot%\system32\dllcache
%systemroot%\$hf_mig$\KB890923\SP2QFE
%systemroot%\$hf_mig$\KB867282\SP2QFE
%systemroot%\$hf_mig$\KB883939\SP2QFE
%systemroot%\ServicePackFiles\i386
Regards Andy
