Smitfraud.C removal help

[bboy_romeo]

So i'm having some trouble removing this virus, its located in C:\windows\privacy_danger and no matter what i've tried I cannot remove it.

Im running win xp pro, have tried spybot, avast, smitfraudfix.exe and so on..

i've attached my hijack this log.

if someone could help me out on figuring how to get rid of this that would be great!

 

[tuant]

Have you tried running a virus scan in safe mode? Before you do so, allow the computer to view/see all hidden files/folders then run the scan in 'safe mode'

 

[bboy_romeo]

i'll give that a try, but i've already run spybot in safe mode and it couldnt remove it

 

[bboy_romeo]

anyone else have any suggestions on how to remove this virus?? im really stuck with this, and i've attached above my hijack this log

 

[kimsland]

Download Smitfraud Fix
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Clean:

Reboot your computer in Safe Mode
(before the Windows icon appears, tap the F8 key continually)

Double-click SmitfraudFix.exe

Select 2 and hit Enter to delete infected files.

You will be prompted: Do you want to clean the registry ? answer Y (yes)
and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.

A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

Optional:

To restore Trusted and Restricted site zone, select 3 and hit Enter.
You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
----------------------------------------------------

Additional Steps:

(Start -Run)
sc stop Messenger
sc config Messenger start= disabled

Locate and Remove in Registry (Start Run Regedit)

[HKEY_USERS\S-1-5-21-1877239962-2024743916-928725530-1189\Software\Microsoft\Search Assistant\ACMru\5603]
" 000"="links.exe"

Restart

 

[bboy_romeo]

already ran the smitfraudfix.exe and it did not remove the virus

i'll try those other additional stuff you added, but if theres something else i can do as well that would be greatly appreciated!

 

[kimsland]

Only this:

Viruses/Spyware/Malware, preliminary removal instructions
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

And then a lot of attachment checking