Blog Somebody

If you get this trojan virus, you will notice a small yellow triangle that says System Alert! Your computer is infected. windows has detected a spyware infection. Of course these are not authentic messages coming from windows. They are caused by Spyware or Malware trojan virus called Smitfraud. I think the one I got is called Troj.vlob.an

This virus is so evil that it will disable your task manager, change you wallpaper and send you lots of popup to advertise fake anti-spyware programs. Do not click on these ads or you will keep getting more spyware, trojans and virus. It will eventually slow down your pc so much that you will have to call me.  

Yesterday I went to repair another computer for a customer and she had this bad virus. She had the same type of Zlog trojan that I also wrote about last week. That time I decided to reinstall windows, but this time since I had read some articles about it, so I went prepared with a few tools to clean it. First I had the smitfraudfix.exe and I also had a fixtaskmanger.exe as well as a few other basic antispyware and antivirus programs. I thought that the smitfraudfix.exe would be the perfect tool. I went ahead and ran it in safe mode and let it do its things. But even after it was finished and rebooted, this virus kept reappearing. I also noticed that the task manager was still disabled. So now I ran the other tools. I ran the task manager fix tool and it did get me back the access to the taskmanager. I continued to clean using some original methods of regedit and msconfig. This PC had Windows XP home edition. I found a few entries for rundll followed by the name of some strange dlls. So I deleted these from the startup paths and also from the registry Hkey local machine, software, microsoft, windows, run key etc.

I also booted back into safe mode and deleted the strange dll’s which I know are the virus files. But I noticed that even in safe mode, I was still getting the highjacked wall paper and the little yellow triangle that this Zlob trojan causes. it looks like this is a new variant that not even smitfraudfix.exe can get rid off. I also ran Adaware, Spybot and trojanhunter. None of these programs could kill this virus. I was ready to reinstall windows. But I decided to try one more tool. I downloaded a SuperAntiSpyware free version and I tried that too. This program which I once I thought was spyware actually helped clean up many more adware, trojans and spyware programs. It only left the fake wallpaper and I removed that, but I still have a feeling that this virus is still hiding somewhere else.But where can it be hiding? I think it has somehow infected the files that windows uses to display the active wallpaper. I will have to go back this evening and this time I will have to try a self booting antivirus program and see if it find the effected files. If anybody who reads this post knows a better way I will be glad to here from you. I may even offer you a small reward!

I know that I will see this virus again. Next time I want to be even better prepared for it. Please post any helpful comments below. Thanks in advance.

BTW I just found a few more tools and will bring them to the PC tonight:

SmitRemove and Rouge remover. I also will run ccleaner and install the latest antivirus version as I can find.

This entry was posted on Thursday, May 1st, 2008 at 9:47 am and is filed under Computer IT, Windows XP, computer virus removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.