Angelfire777
Retired Security Volunteer
Hi, please hold on while I'm asking an expert about this situation.
can't remove smitfraud.c!!!
- Thread starter Inevit
- Start date
Angelfire777
Retired Security Volunteer
I was told that the service was legit, it belonged to trend micro..
One or more of the identified infections is a backdoor trojan.
This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
=============================================
*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\System32\ntos.exe,
Close your browsers and all open windows except for HijackThis, then click "Fix checked".
*Using windows Explorer delete this folder if it is still there:
C:\WINDOWS\system32\drv32dta
empty your recycle bin.
*Download Killbox
Open Killbox.exe
Check the following boxes:
Then in Killbox, click File>>Paste from Clipboard
At this point the "All Files" button should be enabled so you can click it.
Click the "All Files" button.
Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes.
A second message will ask to Reboot now? You will need to click Yes to allow the reboot.
Note: Killbox will let you know if a file does not exist.
If you have any issues with this method, you can copy and paste the lines one at a time into the Killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click Yes to allow the Reboot.
_____________________________________
Please search your computer if there are backups of iexplore.exe there..
Click Start > Search > Click "All Files and Folders".
Under "Advanced Options", make sure the following are checked:
iexplore.exe
If there is an iexplore.exe in here: C:\Windows\system32\dllcache
I want you to please copy and paste that file in to this folder: C:\Program files\internet explorer
If there is none inside C:\Windows\system32\dllcache , please post back of other locations where iexplorer.exe was found in your system..
After that, please open your internet explorer and check if it is running.
*Please download and save this file to your desktop sfc_os.dll
*move the sfc_os.dll from your desktop to the C:\WINDOWS\system32
folder.
Reboot.
____________________________________
Run Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
On your next reply, please post a fresh HijackThis log, Kaspersky scan log and please tell me if internet Explorer is already working, also, tell me if you still receive the startup error you said earlier.
One or more of the identified infections is a backdoor trojan.
This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
=============================================
*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\System32\ntos.exe,
Close your browsers and all open windows except for HijackThis, then click "Fix checked".
*Using windows Explorer delete this folder if it is still there:
C:\WINDOWS\system32\drv32dta
empty your recycle bin.
*Download Killbox
Open Killbox.exe
Check the following boxes:
- Delete on Reboot
Then in Killbox, click File>>Paste from Clipboard
At this point the "All Files" button should be enabled so you can click it.
Click the "All Files" button.
Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes.
A second message will ask to Reboot now? You will need to click Yes to allow the reboot.
Note: Killbox will let you know if a file does not exist.
If you have any issues with this method, you can copy and paste the lines one at a time into the Killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click Yes to allow the Reboot.
_____________________________________
Please search your computer if there are backups of iexplore.exe there..
Click Start > Search > Click "All Files and Folders".
Under "Advanced Options", make sure the following are checked:
- Search System Folders.
- Search Hidden Files And Folders.
- Search Subfolders.
iexplore.exe
If there is an iexplore.exe in here: C:\Windows\system32\dllcache
I want you to please copy and paste that file in to this folder: C:\Program files\internet explorer
If there is none inside C:\Windows\system32\dllcache , please post back of other locations where iexplorer.exe was found in your system..
After that, please open your internet explorer and check if it is running.
*Please download and save this file to your desktop sfc_os.dll
*move the sfc_os.dll from your desktop to the C:\WINDOWS\system32
folder.
Reboot.
____________________________________
Run Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then start to download the latest Definition Files.
- Once the Scanner is installed and the definitions downloaded, click Next.
- Now click on Scan Settings.
- In the Scan Settings, make that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases - Click OK.
- Now under select a target to scan select My Computer.
- The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your Desktop.
On your next reply, please post a fresh HijackThis log, Kaspersky scan log and please tell me if internet Explorer is already working, also, tell me if you still receive the startup error you said earlier.
Angelfire777
Retired Security Volunteer
Please skip the sfc_os.dll download..Instead, do a search for that file in the C:\Windows\System32\dllcache folder then if you find a file like that in the dllcache folder, copy and paste it to C:\Windows\System32
