<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d7621413\x26blogName\x3dmy+ramblings+%7C+expressions\x26publishMode\x3dPUBLISH_MODE_HOSTED\x26navbarType\x3dBLUE\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttp://www.ivanchoe.com/search\x26blogLocale\x3den_GB\x26v\x3d2\x26homepageUrl\x3dhttp://www.ivanchoe.com/\x26vt\x3d-4466142428700541627', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>

My twitter Updates









Stupid computer trojan!!

Tuesday, May 03, 2005

Crap! My computer was hit by a trojan last night. I've run ad-aware, HijackThis!, McAfee Anti-Virus, and other Spy sweeper, and the stupid trojan is still in my system! Although those spy-cleaning software has removed some malware - I still have the problem: My wallpaper has been removed and replaced with a blue screen with the following message.

A fatal error occured at 0028:COO11E36 in VXD VMM (01)+ OOO10E36. Error was caused by trojan -spy. html.smitfraud.c

System cannot function in normal mode. Please check your settings.


Furthermore, my desktop settings are disabled and I am unable to get rid of the blue screen. Not only that, I can't get my taskbar to function and my system resources read that it's at 100% usage!

Crap! To look for a solution, I've look high and low on the net and there seem to be no definite solution. Here's what I've got;

Aliases
Trojan-Spy.HTML.Smitfraud.c (Kaspersky Lab)
is also known as:
Phish-BankFraud.eml.a (McAfee), Trojan Horse (Symantec), Trojan.Bankfraud (Doctor Web), HTML.Phishing.Bank-1 (ClamAV), Trj/Citifraud.A (Panda), HTML/Smithfraud.gen (Eset)

I've placed Trojan-Spy HTML Smitfraud.c in Symantec’s search engine and it came up with another name. Joke.smitfraudoid.

It seems the Joke Program alters or interrupt the normal behavior of your computer, creating a general distraction or nuisance. Joke programs generally do not themselves engage in the practice of gathering or distributing information from the user's computer

I eventually found out that program is also called SpSehjfix109 and has be around since about 2001! Sheessh.. There are many aliases for this Trojan. Must be some kinda super spy trojan! It seems that the basic recommendation is to run all the anti-malware programs and and antivirus programs that you have.

FRUSTRATION!!!

Anyways, I've spent hours trying to get rid of the trojan with various tools mentioned above but with no avail. Finally, I just formatted my hd and reinstalled Windows XP. I've managed to backup most of my stuff before the format but I've got lotsa apps I need to install. Sighh..

Currently, I've managed to get Streamyx up again and still in the process of recovering all my stuff.. double sighh...!

Stupid trojan! I've noticed that the trojan exploits a security hole in windows and thus if you have not 'hotfix' your windows, better do so or else, you'll end up like me.

Lesson learnt!
posted by Ivan, 2:10 am

4 Comments:

use Kaspersky Antivirus, it's very good in detecting trojanware that others antivirus couldn't, after i got it installed, it detected at least 15 of those stupid trojan, now my comp is trojan free... good luck
[shadow] thanks.. :) but that's abit too late now.. hahaha. i've already formatted my hard disk.. :(
commented by Blogger Ivan, 5/03/2005 11:28:00 pm

 

I ran into this today.. how did you say you got it? just curious.

thanks
commented by Anonymous Anonymous, 7/07/2005 09:38:00 am

 

Add a comment