bad desktop error! trojan!!!



reploidhunter
07-10-2005, 02:22 AM
My background has gone blue with a system error on it. It says:

Security Warning
A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01)
0010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c

System cannot function in normal mode
Please check yourr security settings.

Scan your PC with any available antivirus/ spyware remover program to fix
the problem.

HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 9:55:18 PM, on 10/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
[url]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url]
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
- [url]http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab[/url]
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
[url]http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002535.cab[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
[url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
O17 -
HKLM\System\CCS\Services\Tcpip\..\{ABBBE288-6AEA-4CE1-A80F-7A77530B37F0}:
NameServer = 203.12.160.35 203.12.160.36
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks
Black Bevens

MAP
07-10-2005, 02:22 AM
Why are you starting a new thread?
Did you try anything from yesterdays thread? or do you just enjoy knowing
that the people who answered you yesterday have wasted their time?




reploidhunter wrote:
> My background has gone blue with a system error on it. It says:
>
> Security Warning
> A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01)
> 0010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c
>
> System cannot function in normal mode
> Please check yourr security settings.
>
> Scan your PC with any available antivirus/ spyware remover program to
> fix
> the problem.
>
> HJT log:
> Logfile of HijackThis v1.99.1
> Scan saved at 9:55:18 PM, on 10/06/2005
> Platform: Windows XP SP1 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Norton AntiVirus\navapsvc.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\Program Files\iTunes\iTunesHelper.exe
> C:\Program Files\QuickTime\qttask.exe
> C:\Program Files\Messenger\msmsgs.exe
> C:\Program Files\MSN Messenger\MsnMsgr.Exe
> C:\Program Files\iPod\bin\iPodService.exe
> C:\Program Files\Internet Explorer\IEXPLORE.EXE
> C:\unzipped\hijackthis\HijackThis.exe
>
> O2 - BHO: AcroIEHlprObj Class -
> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
> Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: Google Toolbar Helper -
> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
> files\google\googletoolbar1.dll
> O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
> C:\Program Files\Norton AntiVirus\NavShExt.dll
> O3 - Toolbar: Norton AntiVirus -
> {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
> AntiVirus\NavShExt.dll
> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
> C:\WINDOWS\System32\msdxm.ocx
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
> c:\program files\google\googletoolbar1.dll
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> Shared\ccApp.exe"
> O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
> Shared\ccRegVfy.exe"
> O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
> C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
> O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common
> Files\Symantec Shared\Security Center\UsrPrmpt.exe
> O4 - HKLM\..\Run: [iTunesHelper] C:\Program
> Files\iTunes\iTunesHelper.exe
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
> Labs\ZoneAlarm\zlclient.exe
> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0
> -k
> O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
> Messenger\MsnMsgr.Exe" /background
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office\OSA9.EXE
> O8 - Extra context menu item: &Google Search - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmsearch.html
> O8 - Extra context menu item: &Translate English Word -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
> O8 - Extra context menu item: Backward Links - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
> O8 - Extra context menu item: Similar Pages - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmsimilar.html
> O8 - Extra context menu item: Translate Page into English -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
> - C:\Program Files\Messenger\MSMSGS.EXE
> O9 - Extra 'Tools' menuitem: Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program
> Files\Internet Explorer\Plugins\NPDocBox.dll
> O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
> [url]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url]
> O16 - DPF: {24311111-1111-1121-1111-111191113457} -
> file://c:\eied_s7.cab
> O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
> Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab[/url]
> O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
> O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
> O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
> [url]http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002535.cab[/url]
> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
> Utility Class) -
> [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
> O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
> (MessengerStatsClient Class) -
> [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{ABBBE288-6AEA-4CE1-A80F-7A77530B37F0}:
> NameServer = 203.12.160.35 203.12.160.36
> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec
> Shared\ccEvtMgr.exe
> O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
> Symantec Corporation - C:\Program Files\Common Files\Symantec
> Shared\ccPwdSvc.exe
> O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
> C:\Program Files\iPod\bin\iPodService.exe
> O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
> Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
> O23 - Service: ScriptBlocking Service (SBService) - Symantec
> Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec
> Shared\SNDSrvc.exe
> O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\Security
> Center\SymWSC.exe
>
> Thanks
> Black Bevens

--
Mike Pawlak

MAP
07-10-2005, 02:22 AM
reploidhunter wrote:
> My background has gone blue with a system error on it. It says:
>
> Security Warning
> A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01)
> 0010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c
>
> System cannot function in normal mode
> Please check yourr security settings.
>
> Scan your PC with any available antivirus/ spyware remover program to
> fix
> the problem.
>
> HJT log:
> Logfile of HijackThis v1.99.1
> Scan saved at 9:55:18 PM, on 10/06/2005
> Platform: Windows XP SP1 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Norton AntiVirus\navapsvc.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\Program Files\iTunes\iTunesHelper.exe
> C:\Program Files\QuickTime\qttask.exe
> C:\Program Files\Messenger\msmsgs.exe
> C:\Program Files\MSN Messenger\MsnMsgr.Exe
> C:\Program Files\iPod\bin\iPodService.exe
> C:\Program Files\Internet Explorer\IEXPLORE.EXE
> C:\unzipped\hijackthis\HijackThis.exe
>
> O2 - BHO: AcroIEHlprObj Class -
> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
> Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: Google Toolbar Helper -
> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
> files\google\googletoolbar1.dll
> O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
> C:\Program Files\Norton AntiVirus\NavShExt.dll
> O3 - Toolbar: Norton AntiVirus -
> {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
> AntiVirus\NavShExt.dll
> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
> C:\WINDOWS\System32\msdxm.ocx
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
> c:\program files\google\googletoolbar1.dll
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> Shared\ccApp.exe"
> O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
> Shared\ccRegVfy.exe"
> O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
> C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
> O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common
> Files\Symantec Shared\Security Center\UsrPrmpt.exe
> O4 - HKLM\..\Run: [iTunesHelper] C:\Program
> Files\iTunes\iTunesHelper.exe
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
> Labs\ZoneAlarm\zlclient.exe
> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0
> -k
> O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
> Messenger\MsnMsgr.Exe" /background
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office\OSA9.EXE
> O8 - Extra context menu item: &Google Search - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmsearch.html
> O8 - Extra context menu item: &Translate English Word -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
> O8 - Extra context menu item: Backward Links - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
> O8 - Extra context menu item: Similar Pages - res://C:\Program
> Files\Google\GoogleToolbar1.dll/cmsimilar.html
> O8 - Extra context menu item: Translate Page into English -
> res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
> - C:\Program Files\Messenger\MSMSGS.EXE
> O9 - Extra 'Tools' menuitem: Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program
> Files\Internet Explorer\Plugins\NPDocBox.dll
> O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
> [url]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url]
> O16 - DPF: {24311111-1111-1121-1111-111191113457} -
> file://c:\eied_s7.cab
> O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
> Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab[/url]
> O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
> O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
> O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
> [url]http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002535.cab[/url]
> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
> Utility Class) -
> [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
> O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
> (MessengerStatsClient Class) -
> [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{ABBBE288-6AEA-4CE1-A80F-7A77530B37F0}:
> NameServer = 203.12.160.35 203.12.160.36
> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec
> Shared\ccEvtMgr.exe
> O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
> Symantec Corporation - C:\Program Files\Common Files\Symantec
> Shared\ccPwdSvc.exe
> O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
> C:\Program Files\iPod\bin\iPodService.exe
> O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
> Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
> O23 - Service: ScriptBlocking Service (SBService) - Symantec
> Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec
> Shared\SNDSrvc.exe
> O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\Security
> Center\SymWSC.exe
>
> Thanks
> Black Bevens

http://www.daniweb.com/techtalkforums/thread24491.html

http://www.wilderssecurity.com/showthread.php?t=75890

http://www.google.as/search?sourceid=navclient&ie=UTF-8&rls=GGLD,GGLD:2004-36,GGLD:en&q=Trojan%2DSpy%2EHTML%2ESmitfraud%2Ec

--
Mike Pawlak

MAP
07-10-2005, 02:22 AM
It appears that the error msg. you are getting is fake,I know nothing about
Adwareaway so I can't reccommend it.Look here:
http://www.adwareaway.com/desktophijacker.htm


MAP wrote:
> reploidhunter wrote:
>> My background has gone blue with a system error on it. It says:
>>
>> Security Warning
>> A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01)
>> 0010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c
>>
>> System cannot function in normal mode
>> Please check yourr security settings.
>>
>> Scan your PC with any available antivirus/ spyware remover program to
>> fix
>> the problem.
>>
>> HJT log:
>> Logfile of HijackThis v1.99.1
>> Scan saved at 9:55:18 PM, on 10/06/2005
>> Platform: Windows XP SP1 (WinNT 5.01.2600)
>> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>>
>> Running processes:
>> C:\WINDOWS\System32\smss.exe
>> C:\WINDOWS\system32\winlogon.exe
>> C:\WINDOWS\system32\services.exe
>> C:\WINDOWS\system32\lsass.exe
>> C:\WINDOWS\system32\svchost.exe
>> C:\WINDOWS\System32\svchost.exe
>> C:\WINDOWS\system32\spoolsv.exe
>> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
>> C:\WINDOWS\Explorer.EXE
>> C:\Program Files\Norton AntiVirus\navapsvc.exe
>> C:\WINDOWS\System32\svchost.exe
>> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
>> C:\Program Files\iTunes\iTunesHelper.exe
>> C:\Program Files\QuickTime\qttask.exe
>> C:\Program Files\Messenger\msmsgs.exe
>> C:\Program Files\MSN Messenger\MsnMsgr.Exe
>> C:\Program Files\iPod\bin\iPodService.exe
>> C:\Program Files\Internet Explorer\IEXPLORE.EXE
>> C:\unzipped\hijackthis\HijackThis.exe
>>
>> O2 - BHO: AcroIEHlprObj Class -
>> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
>> Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
>> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
>> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
>> O2 - BHO: Google Toolbar Helper -
>> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
>> files\google\googletoolbar1.dll
>> O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
>> C:\Program Files\Norton AntiVirus\NavShExt.dll
>> O3 - Toolbar: Norton AntiVirus -
>> {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
>> AntiVirus\NavShExt.dll
>> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
>> C:\WINDOWS\System32\msdxm.ocx
>> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
>> c:\program files\google\googletoolbar1.dll
>> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
>> Shared\ccApp.exe"
>> O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
>> Shared\ccRegVfy.exe"
>> O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
>> C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
>> O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common
>> Files\Symantec Shared\Security Center\UsrPrmpt.exe
>> O4 - HKLM\..\Run: [iTunesHelper] C:\Program
>> Files\iTunes\iTunesHelper.exe
>> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
>> Files\QuickTime\qttask.exe" -atboottime
>> O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
>> Labs\ZoneAlarm\zlclient.exe
>> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0
>> -k
>> O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
>> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
>> /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
>> Messenger\MsnMsgr.Exe" /background
>> O4 - Global Startup: Microsoft Office.lnk = C:\Program
>> Files\Microsoft Office\Office\OSA9.EXE
>> O8 - Extra context menu item: &Google Search - res://C:\Program
>> Files\Google\GoogleToolbar1.dll/cmsearch.html
>> O8 - Extra context menu item: &Translate English Word -
>> res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
>> O8 - Extra context menu item: Backward Links - res://C:\Program
>> Files\Google\GoogleToolbar1.dll/cmbacklinks.html
>> O8 - Extra context menu item: Cached Snapshot of Page -
>> res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
>> O8 - Extra context menu item: Similar Pages - res://C:\Program
>> Files\Google\GoogleToolbar1.dll/cmsimilar.html
>> O8 - Extra context menu item: Translate Page into English -
>> res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
>> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
>> - C:\Program Files\Messenger\MSMSGS.EXE
>> O9 - Extra 'Tools' menuitem: Messenger -
>> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
>> Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program
>> Files\Internet Explorer\Plugins\NPDocBox.dll
>> O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
>> [url]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url]
>> O16 - DPF: {24311111-1111-1121-1111-111191113457} -
>> file://c:\eied_s7.cab
>> O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
>> Class) -
>> [url]http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab[/url] O16 -
>> DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 -
>> DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 -
>> DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
>> [url]http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002535.cab[/url]
>> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
>> Utility Class) -
>> [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
>> O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
>> (MessengerStatsClient Class) -
>> [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
>> O17 -
>> HKLM\System\CCS\Services\Tcpip\..\{ABBBE288-6AEA-4CE1-A80F-7A77530B37F0}:
>> NameServer = 203.12.160.35 203.12.160.36
>> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
>> Corporation - C:\Program Files\Common Files\Symantec
>> Shared\ccEvtMgr.exe
>> O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
>> Symantec Corporation - C:\Program Files\Common Files\Symantec
>> Shared\ccPwdSvc.exe
>> O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
>> C:\Program Files\iPod\bin\iPodService.exe
>> O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
>> Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
>> O23 - Service: ScriptBlocking Service (SBService) - Symantec
>> Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
>> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
>> Corporation - C:\Program Files\Common Files\Symantec
>> Shared\SNDSrvc.exe
>> O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
>> C:\Program Files\Common Files\Symantec Shared\Security
>> Center\SymWSC.exe
>>
>> Thanks
>> Black Bevens
>
> http://www.daniweb.com/techtalkforums/thread24491.html
>
> http://www.wilderssecurity.com/showthread.php?t=75890
>
>
http://www.google.as/search?sourceid=navclient&ie=UTF-8&rls=GGLD,GGLD:2004-36,GGLD:en&q=Trojan%2DSpy%2EHTML%2ESmitfraud%2Ec

--
Mike Pawlak

wayne
07-10-2005, 02:22 AM
not quite sure what your problem is reboot your computer in safe mode and
run a full antivirus scan with the options et to either delete or prompt for
action and choose delete for the infected files.

It is a virus not spyware so hijack this may or may not work.

AV software will

you can get free AV software for home use from Grisoft

http://free.grisoft.com/doc/2/lng/us/tpl/v5

you hold down the F8 key when booting to get into safe mode

It is VERY important to always use safe mode when scanning or cleaning your
computer if you believe you have nay kind of infection.

Wayne


"MAP" <mikepawlak2REM@OVEhotmail.com> wrote in message
news:OchyrubbFHA.2796@TK2MSFTNGP10.phx.gbl...
> reploidhunter wrote:
>> My background has gone blue with a system error on it. It says:
>>
>> Security Warning
>> A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01)
>> 0010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c
>>
>> System cannot function in normal mode
>> Please check yourr security settings.
>>
>> Scan your PC with any available antivirus/ spyware remover program to
>> fix
>> the problem.
>>
>> HJT log:
>> Logfile of HijackThis v1.99.1
>> Scan saved at 9:55:18 PM, on 10/06/2005
>> Platform: Windows XP SP1 (WinNT 5.01.2600)
>> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>>
>> Running processes:
>> C:\WINDOWS\System32\smss.exe
>> C:\WINDOWS\system32\winlogon.exe
>> C:\WINDOWS\system32\services.exe
>> C:\WINDOWS\system32\lsass.exe
>> C:\WINDOWS\system32\svchost.exe
>> C:\WINDOWS\System32\svchost.exe
>> C:\WINDOWS\system32\spoolsv.exe
>> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
>> C:\WINDOWS\Explorer.EXE
>> C:\Program Files\Norton AntiVirus\navapsvc.exe
>> C:\WINDOWS\System32\svchost.exe
>> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
>> C:\Program Files\iTunes\iTunesHelper.exe
>> C:\Program Files\QuickTime\qttask.exe
>> C:\Program Files\Messenger\msmsgs.exe
>> C:\Program Files\MSN Messenger\MsnMsgr.Exe
>> C:\Program Files\iPod\bin\iPodService.exe
>> C:\Program Files\Internet Explorer\IEXPLORE.EXE
>> C:\unzipped\hijackthis\HijackThis.exe
>>
>> O2 - BHO: AcroIEHlprObj Class -
>> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
>> Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
>> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
>> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
>> O2 - BHO: Google Toolbar Helper -
>> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
>> files\google\googletoolbar1.dll
>> O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
>> C:\Program Files\Norton AntiVirus\NavShExt.dll
>> O3 - Toolbar: Norton AntiVirus -
>> {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
>> AntiVirus\NavShExt.dll
>> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
>> C:\WINDOWS\System32\msdxm.ocx
>> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
>> c:\program files\google\googletoolbar1.dll
>> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
>> Shared\ccApp.exe"
>> O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
>> Shared\ccRegVfy.exe"
>> O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
>> C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
>> O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common
>> Files\Symantec Shared\Security Center\UsrPrmpt.exe
>> O4 - HKLM\..\Run: [iTunesHelper] C:\Program
>> Files\iTunes\iTunesHelper.exe
>> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
>> Files\QuickTime\qttask.exe" -atboottime
>> O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
>> Labs\ZoneAlarm\zlclient.exe
>> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0
>> -k
>> O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
>> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
>> /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
>> Messenger\MsnMsgr.Exe" /background
>> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
>> Office\Office\OSA9.EXE
>> O8 - Extra context menu item: &Google Search - res://C:\Program
>> Files\Google\GoogleToolbar1.dll/cmsearch.html
>> O8 - Extra context menu item: &Translate English Word -
>> res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
>> O8 - Extra context menu item: Backward Links - res://C:\Program
>> Files\Google\GoogleToolbar1.dll/cmbacklinks.html
>> O8 - Extra context menu item: Cached Snapshot of Page -
>> res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
>> O8 - Extra context menu item: Similar Pages - res://C:\Program
>> Files\Google\GoogleToolbar1.dll/cmsimilar.html
>> O8 - Extra context menu item: Translate Page into English -
>> res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
>> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
>> - C:\Program Files\Messenger\MSMSGS.EXE
>> O9 - Extra 'Tools' menuitem: Messenger -
>> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
>> Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program
>> Files\Internet Explorer\Plugins\NPDocBox.dll
>> O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
>> [url]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url]
>> O16 - DPF: {24311111-1111-1121-1111-111191113457} -
>> file://c:\eied_s7.cab
>> O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
>> Class) - [url]http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab[/url]
>> O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
>> O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
>> O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
>> [url]http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002535.cab[/url]
>> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
>> Utility Class) -
>> [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
>> O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
>> (MessengerStatsClient Class) -
>> [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
>> O17 -
>> HKLM\System\CCS\Services\Tcpip\..\{ABBBE288-6AEA-4CE1-A80F-7A77530B37F0}:
>> NameServer = 203.12.160.35 203.12.160.36
>> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
>> Corporation - C:\Program Files\Common Files\Symantec
>> Shared\ccEvtMgr.exe
>> O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
>> Symantec Corporation - C:\Program Files\Common Files\Symantec
>> Shared\ccPwdSvc.exe
>> O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
>> C:\Program Files\iPod\bin\iPodService.exe
>> O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
>> Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
>> O23 - Service: ScriptBlocking Service (SBService) - Symantec
>> Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
>> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
>> Corporation - C:\Program Files\Common Files\Symantec
>> Shared\SNDSrvc.exe
>> O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
>> C:\Program Files\Common Files\Symantec Shared\Security
>> Center\SymWSC.exe
>>
>> Thanks
>> Black Bevens
>
> http://www.daniweb.com/techtalkforums/thread24491.html
>
> http://www.wilderssecurity.com/showthread.php?t=75890
>
> http://www.google.as/search?sourceid=navclient&ie=UTF-8&rls=GGLD,GGLD:2004-36,GGLD:en&q=Trojan%2DSpy%2EHTML%2ESmitfraud%2Ec
>
> --
> Mike Pawlak
>
>


bad desktop error! trojan!!!