Smitfraud.c/desktop hijacker

By amstuart
Aug 11, 2005
Topic Status:
Not open for further replies.
  1. Hi:

    Trying to assist an employee running Win98SE who has the Smitfraud.c/W32 desktop hijack virus. Desktop is frozen; booting into Normal mode does not allow any desktop icons to be opened and the Start button does not work; booting into SAFE mode does not allow any desktop icons to be accessed (mouse cursor moves but can't click on anything). If I boot into SAFE mode with Command prompt, is there anything I can do to begin the clean-up process? I have all the required programs (HijackThis, Ad-Aware, Killbox, etc.) on another PC, but this infected PC's CD-ROM drive will not be recognized in the current infected state. I am not familiar with any command prompts so I need some assistance with even this basic process.

    Thanks.

    Adam
  2. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    You'll need to boot from a self-booting CD with an antivirus-program on it, like the newer Norton/Symantec. Under NO circumstances should you try to install Norton though!

    Alternatively, take the harddisk out and put is as a slave in another computer with all those programs on it already. Then disinfect it.
  3. amstuart

    amstuart Newcomer, in training Topic Starter

    Bootdisk with antivirus program

    Hi:

    A bit more clarification, please. The CD-ROM drive and A-drive are not recognized in Normal start-up mode. I have only been able to interact with the SAFE mode + Command Prompt. A WIN98se start-up disk will fit on a floppy disk, but obviously an antivirus program is too large. How do I open or extract what is on a floppy disk with the command prompts in MS-DOS? Is there a minimum-size antivirus program (less than 1.44 MB) that I can put on a floppy and access with the command prompt?

    Thanks.

    Adam
  4. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    If you set your BIOS to start first from CD, then insert a (borrowed) CD with full versions of e.g. Norton or McAfee (these CDs are ALL bootable) on it, you can disinfect the PC without having to go into Windows first.
  5. amstuart

    amstuart Newcomer, in training Topic Starter

    Booting from CD-ROM drive

    Thanks for that tip. I had no idea that the Norton 2005 program could boot as an emergency disk. I am running the scan right now (refreshing to see the PC doing <something>) and will pick-up this thread if I have further issues with the smitfraud.c virus infection. Any comments, though, about the Fix1reg.reg and Fixr2reg.reg programs that I have seen posted as a "fix" for this virus?

    Thanks.

    Adam
  6. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    They have all different names, depending on what site you find them. Basically all do the same.
    Do a search on this (brandnew) forum, or on the Windows or on the Misc. Software forums for 'smitfraud', I have advised a few people on how to 'cure' it.
  7. amstuart

    amstuart Newcomer, in training Topic Starter

    Norton 2005 on CD-ROM found no viruses

    Hi:


    It took 3+ hours to scan the entire computer, and the Report listed no infections found (!) Might this be because smitfraud.c is too new and I would need updated definitions to find it? Any other program(s) I can put on a CD-ROM during a boot to try and get minimum functionality on the computer so I can begin cleaning up the virus? Anything I can put on a floppy to extract while in Safe Mode with Command Prompt?

    Thanks.

    Adam
  8. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    You might try reverting to an earlier version of the registry to see if that will restore some sort of functionality to your PC - start in DOS and enter:

    scanreg /restore

    .. and choose a date prior to your infection.

    Bad news:
    There are no programs small enough to fit on a floppy.

    Put the harddisk in another PC, safe any personal data (check for viruses with that PCs antivirus), then format/reinstall.
  9. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    See if you get this onto a floppy, it might work

    Attached Files:

  10. amstuart

    amstuart Newcomer, in training Topic Starter

    Decided to format and reinstall OS

    Hi:

    The A:\Drive is not recognized in Normal mode, and I do not know any command prompts, so I don't know how to extract or open a file in Safe mode with Command prompt. I restored the registry to a date in early July but I remained with zero functionality of the computer. So, I spoke with my local PC guy and I am going to format and reinstall the OS.

    Thank you for your time and patience.

    Adam
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.