TechSpot

Constant blue screen and wierd CHKDSK function

By stragf
Feb 27, 2008
  1. I am not able to attach the dump files for they exceed 100kb. Thanks. This is making me crazy:
    I purchased a Dell Inspiron 1520 with Vista Home Premium. The computer was an "open box special"
    I started to migrate the data and settings over, and shortly threreafter got the BSOD. Sometimes it says Driver_IRQl and other times Driver_power_state.
    I called dell, and all hardware checks out. I did Dell's crash analysis, and got a "vsdatant.sys" driver conflict with my Zone Alarm anti-virus. I have reinstalled it three times, and EVERYTIME I try to do a virus scan, I was getting the BSOD, so I dumped it. I have dumped zone alarm anti virus

    Here is where it get's fun. I descided to do a chkdsk /F. WHen I do that a blue software screen pops up that says :

    In the top bar of the following software box, the path reads:


    C:\Windows\system32\cmd.exe

    Trojan-Spy.HTML smitfraud. Killer
    by noahdfear
    Version 3.2

    This tool was tailored to remove smitfraud.c and variants
    If you do not trust this source, close this window.
    noahdfear does to assume any liability
    for damage or loss from running this tool
    Use at your own risk


    Press any key to continue.
    I must have somehow transferred this over? Is this the Virus? I have run Lavasoft Ad-Aware and Spybot.
    Nothing.
    How do I get this out of CHKDSC??
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Download Smitfraud Fix
    http://siri.urz.free.fr/Fix/SmitfraudFix.exe

    Clean:

    Reboot your computer in Safe Mode
    (before the Windows icon appears, tap the F8 key continually)

    Double-click SmitfraudFix.exe

    Select 2 and hit Enter to delete infected files.

    You will be prompted: Do you want to clean the registry ? answer Y (yes)
    and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.

    A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

    Optional:

    To restore Trusted and Restricted site zone, select 3 and hit Enter.
    You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
    ----------------------------------------------------

    Additional Steps:

    (Start -Run)
    sc stop Messenger
    sc config Messenger start= disabled

    Locate and Remove in Registry (Start Run Regedit)

    [HKEY_USERS\S-1-5-21-1877239962-2024743916-928725530-1189\Software\Microsoft\Search Assistant\ACMru\5603]
    " 000"="links.exe"

    Restart
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...