smithfraud virus + pc locking up in safe mode = me punching babies

Here now that im at work…and I fix computers all day let me know if your still having probblems…I can walk you through fixing this.

lol I do this like once every few months

a brand new fresh install > *

I just fixed this the other day at work. I dont remember where I got it, but it was pretty simple with a utility i found for just that problem…

SmitFraudFix.Zip

Search for that in google.

Run it in SAFE MODE

Then, run SmitRem.exe (also, find it on google)

Run HiJackThis, removing

-O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - D:\WINDOWS\system32\hp100.tmp

-O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)

-O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

It may come back, and it’ll take a little more manual cleaning using WinPFind and KillBox depending on the variant of it, but dont worry… you’re close to being clean.

After cleaning, I like to download and run Ewido. It is a great cleaning program, and may find something else that isn’t showing up in hijackthis. You can also run it in safemode. Just tell it to do the same action for each item you clean, so you dont have to keep saying “yes”

Get windows Defender after you’re all done. Its free from Microsoft.com. Great program for lots of stuff

i can not run in safe mode

Can you run virus scans from normal mode? If your computer is locking up, it could be both software related, or hardware.

If its having problems entering safe mode, you may have something besides that smitfraud to worry about :slight_smile: Get your XP CD, and in normal mode go to Start -> Run -> type SFC /scannow and press Enter to start it. It will ask for the XP CD.

Do you have a legit copy of windows? Corp? XP Home, XP Pro? What service pack?

If you want to drop the computer off at my house, I can also take a look at it for ya. I’ll pull the drive and manually remove the smitfraud stuff in a second box, as well as get it running normally for ya. I’ll also check to see if you have any hardware issues, and I’ll blow all of the dust out with a 2HP air compressor to keep her running the temperature she should be.

PM me if you want.

i doubt its hardware related, i didnt have ANY problems untill the moment i had the million pop ups and said “oh fuck”

i can run virus scans in normal mode, but i know for a fact that they are all missing at least one infected file … atmclk.exe IIRC … its the file that gives me the icon in the task bar with the warnings about how i have a virus or spyware and i should download a specific program to take care of it

i have a legit copy of XP pro, registered on a replacemnt activation code i got from the microsoft hotline, a full system wipe would mean id have to call them back for a new code

im on service pack one currently

i keep the case blown out on a regular basis, and theres currently only a very light coating of dust on the processor heat sink … about 2 weeks worth of dust

i also dont currently have an XP disk, or ANY money to have someone fix this

Stop by my house, I’ll give you a copy of an XP Pro CD, so you can at least boot up into Recovery Console and delete the atmclk.exe (it is part of smitfraud) It may have a second part of it that will reinstall it, but you can use recovery console to make a dummy of the file and use the ATTRIB command to make it a system file and read only, so that it cant be replaced by the real one again. It may be enough to help you get further (or, the program might make atmclk1.exe) just like I know it makes hp101.exe when you do that with the BHO portion of it. (I found that out when I tried the same thing) LOL

I also recommend that you definitely get up to SP2. I’m not sure if you’ll have issues doing the SP2 upgrade with smitfraud in there, but I dont think you will as long as smitfraud doesnt freeze your computer up. There are so many holes in SP1 for spyware to attach, and get in with no issues… I am still puzzled why I still see computers with SP1. All of the SP2 bugs were fixed a long long time ago.