It is an active desktop item and at the same time it came up my screen went
to a blue background and 20 new advertising icons appeared on my desktop.
Now I do not have an option of restoring my active desktop although I'm not
sure I ever did in XP.
I went to regedit and in HKCU it had ( nodisplayappearancepage,
nodisplaybackgroundpage, and wallpaperstyle). There was one other one which
I deleted immediately (I should have written it down) but I remembered seeing
it on every site I had been to about this trojan something about wp.bmp.
On HKLM it showed (dontdisplaylastusername, legalnoticecaption,
legalnoticetext, shutdownwithoutlogon, undockwithlogon). I think I need a
little guidance on this before I start deleting everything
:
I think its an Active Desktop item.
--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.
From: "Teri" <
[email protected]>
| I have this message right in the center of my screen that says "A fatal error
| in IE has occured at 0028:C0011E36 in VXD VMM<01> + 00010F36. Error is
| caused by Trojan-Spy.HTML.Smitfraud.c
| * System cannot function in normal mode....."
| I think I have eliminated the Trojan with the help of Panda and Microsoft
| AntiSpyware BUT the message remains, my favorites folder is empty and in my
| control panel/DISPLAY I have only 2 tabs which is screen saver and settings.
| I ran Hijack This and everything there looked normal so what do I do next?
There are anti virus News Groups specifically for this type of discussion.
microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus
I am curious as to what generated that error message. MS AS ? Panda ?
Trojan-Spy.HTML.Smitfraud.c
http://www.viruslist.com/en/viruses/encyclopedia?virusid=73615
Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files
Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear
1) Download the TrendMicro Sysclean Front End
Download the utility SYSCLEAN_FE at the following URL --
http://www.ik-cs.com/got-a-virus.htm
SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
Direct URL --
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe
2) Download and install Ad-aware SE
(free personal version v1.05)
http://www.lavasoftusa.com/
Update Ad-aware with the latest definitions and then exit the software.
3) Execute; SYSCLEAN_FE.EXE
Choose; Unzip
Choose; Close
Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
when you get to the menu dhoose [1] so you can boot into Safe Mode.
4) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
5) Reboot your PC into Safe Mode and shutdown as many applications as possible.
6) Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
Choose [2] on the menu and let SYCLEAN.COM scan your computer.
when done, execute Ad-aware SE and perform a full scan of your PC and delete
all objects found.
7) Restart your PC and perform a "final" Full Scan of your platform
Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
Choose [2] on the menu and let SYCLEAN.COM scan your computer.
when done, execute Ad-aware SE and perform a final scan of your PC and delete
all objects found.
8) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
9) Reboot your PC.
10) Create a new Restore point
* * * Please report back your results * * *
