My PC was infected by a Trojan virus and Avast already removed around 40 virus / worms catched through the internet (thank you Avast ! ;D ). But I still have one virus (or maybe more) when I boot the system. Avast detected a virus in the booting script but is unable to remove it with any of the options to try (delete, repair…).
Even once I select “if necessary delete file at the next system start” in Avast options it does not work neither.
So, the two main issues I experienced currently on my system are the keyboard : for example if I press the letter “O” the figure “6” displays on my screen… and the Internet connexion is mad ! I mean, once I connect the cable to my laptop, some sessions open on their own and I have got a lot of windows opened in the same time until I can not do anything more, except rebooting the system
So please if someone already experienced the same problem or if you have any suggestion, I will really appreciate.
Does the keyboard does not work at boot time scanning? or in a Windows session?
I mean, if you schedule and run a boot time scanning, can you get rid of this virus?
The keyboard does not work once Windows is connected. For example I can log on my Windows session (the keyboard works to entry my password) and once Windows is opened the keyboard does not work anymore.
When I run a boot time scanning Avast find the virus but it can not delete it or put it in quarantine. It is like if Avast could not destroy that particular virus. And my concern is this problem with Internet too. The pages opens automatically before I had launch an Internet session (click on the icone).
On a badly infected computer, it’s always a good idea to run several clean-up programs: I recommend running McAfee’s Stinger and Trend Micro Sysclean. They are both stand-alone applications so can be run without installing. Sysclean cleans the registry of a lot of malware entries, some of which can be used to start rootkits which avast! can’t remove even during a boot time scan.
Sounds to me that you have more then infection, windows poping up everywhere sounds like adware and the disabling of your keyboard sound slike a virus/worm has modified your startup subroutines to disable your keyboard driver (just a guess though).
Maybe you was infected by a trojan that went on to download more malware to your pc?
Is there anymore info you can give us on your system/infection?
Such as OS (windows Xp maybe?)
Infection name
Infection location
Infection filename
To start thank you everybody for your support, I really appreciate.
I tried yesterday evening again to identify the virus name or location and this is the 2 error message I have got :
Permanently on my desktop I have got a blue block with the following message :
"a fatal error in IE has occured at 0028:C0011E36 in VXD VMM <01>
0001036 error was caused by Trojan-spy.html.smitfraud.c"
When I did the boot scanning with Avast I obtained the following message :
"File C:/ Program Files/System32.dll/gui.exe is infected by Win32:Trojan-gen {UPX !} "
So I tried to repare, put in quarantine or delete from the boot scanning and form the contaminated file itself and Avast was unable to act on it, giving me the message “OXC0000022 Access denied”
Just one more thing if it can help, my OS is WIndows 2000 NT (crap isn’t it ?)
and I loaded a Windows pack update for Windows 2000 on Windows Website last September. It seems the problems beginned since that moment.
- Permanently on my desktop I have got a blue block with the following message :
"a fatal error in IE has occurred at 0028:C0011E36 in VXD VMM <01>
+ 0001036 error was caused by Trojan-spy.html.smitfraud.c"
This is not a real Windows error message but a fake- it’s a desktop screen produced by the Trojan. Noahdfear’s tool above will remove it.
- When I did the boot scanning with Avast I obtained the following message :
"File C:/ Program Files/System32.dll/gui.exe is infected by Win32:Trojan-gen {UPX !} "
So I tried to repare, put in quarantine or delete from the boot scanning and form the contaminated file itself and Avast was unable to act on it, giving me the message "OXC0000022 Access denied"
Another common message with this Trojan seems to be “cannot be removed because it is embedded in the archive.”
UPX is a compression utility. I guess avast! is detecting suspicious content of the package but for some reason cannot delete the archive itself.
Another poster with the same problem found Ewido managed to remove it:
If the Trojan is not actually running from there, you may be able simply to delete the archive, i.e., C:/ Program Files/System32.dll: it’s certainly not something you want to keep. If something is running from there, let Ewido deal with the running process and delete the file.
Successfully removing Smitfraud from a computer
is a complicated process; therefore, I suggest you
ask for help on an antiSPYWARE forum, such as the
Ad-Aware Experts have at www.landzdown.com .
They will use Noahdfear's tool & a properly configured
Ewido ( see www.greyknight17.com/spy/Tutorials/
ewidoQuickGuide.pdf ) as part of the process . For
an example as to the "process", see the info at :
www.freedomlist.com/forum/viewtopic.php?t=21229 .
Thanks to Ewido and the nice guy who gives me the information, it seems my Trojan is dead :o as Avast did not find it anymore during my last Booting scan session. Moreover the blue screen message on my desktop disapeared as well.
However my keyboard (wrong symbol or letters when I press a key) and my Internet sessions (some windows open automatically) are still so crazy…
But if I start my computer in Safe mode “Directoy Services Restore Mode Only” Internet is normal except the keyboard. I I run the PC on a normal way it is crazy (keyboard + Internet).
My question is : do you think if I repare Windows with a launch from the CD it could solve the problem for the keyboard and Internet Explorer or do you think that some virus are still alive in my computer ?
But anyway thank you very one for your precious help to eradicate this Trojan Smitfraud.
Windows reinstallation could solve the problem IF it’s related to a keybord driver.
Maybe you can just open Control Panel > Hardware > Dispositives manager > Keyboard > right click and choose properties.
Try to update the driver…
If the problem is not a keyboard driver, it would be good to test just changing the keyboard itself by other one, to test.
If, after all, you get nothing then, maybe, a virus is in your computer.
Finally I managed to solve the problem about the Internet Pop Up, I simply deleted all the cookies and Temporary Internet Files yesterday ( and I finished the job with a scan with Ewido on these particular files (5 contaminated files). And now it is clear and I can navigate I usual. Ewido is really good ! (Avast too ;D)
SO now I just have to solve the problem about thate keyboard, I will have look again in the control panel tonight but nothing looked to be wrong yesterday. Maybe between the Sony CD (my laptop is a Vaio) and Windows CD I will managed to reapre this problem if I do not find anything in the control panel.
