Results 1 to 6 of 6

Thread: SPM/LX Trojan

  1. #1
    4 Star Lounger
    Join Date
    Feb 2004
    Location
    Saint Charles, Missouri, USA
    Posts
    565
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I am in a slight quandary - I have a friend that got hit with the SPM/LX Trojan and is trying to run the SmitFraudFix tool by Siri.

    PROBLEM: ALL PROFILES on the machine (3 Total; Administrator; His profile; Wife's profile) can not log to desktop.

    Once you enter the login username and password, the computer appears to login to desktop, BUT as soon as the desktop appears - the computer then logs BACK out to the login screen.

    Above ALSO happens when attempting to login from Safe Mode.

    Since I am out of town and do NOT have access to the machine - I am trying to help via phone (ugh).

    I have been searching the internet but have not found a quick solution - other than re-formatting hard drive and starting from scratch.

    Possible solution is to run the XP Pro disk using Repair option - BUT disk has SP2 and SP3 has been loaded on the machine. I also do not see anything online that allows me to believe this will work.

    If I can RELIABLY determine which file is infecting the computer, I thought of booting under KNOPIX, accessing the hard drive and deleting the affected files,n reboot using Repair with OS Disks.

    ANY OTHER IDEAS ?

    Thanks in advance for any and all help.
    Scott

  2. #2
    Super Moderator Deadeye81's Avatar
    Join Date
    Dec 2009
    Location
    North Carolina, USA
    Posts
    2,654
    Thanks
    7
    Thanked 113 Times in 97 Posts
    Hello IMNetUser, another option is to use the Ultimate Boot Disk for Windows. ISO download of the package, instructions on building the ubcd4win, and guidance for slipstreaming XP SP2 or SP3, can be found here . A lot of tools for cleaning infections are included, and all you need is access to another PC to build your disk.

    Hope this helps.
    Deadeye81

    "We make a living by what we get, we make a life by what we give." Sir Winston Churchill

  3. #3
    4 Star Lounger
    Join Date
    Feb 2004
    Location
    Saint Charles, Missouri, USA
    Posts
    565
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Gerald Shepard View Post
    Hello IMNetUser, another option is to use the Ultimate Boot Disk for Windows. ISO download of the package, instructions on building the ubcd4win, and guidance for slipstreaming XP SP2 or SP3, can be found here . A lot of tools for cleaning infections are included, and all you need is access to another PC to build your disk.

    Hope this helps.
    Thanks for the suggestion Gerald,

    I will look into this when I get back into town. This is to complicated to try getting a Novice to perform over the phone.

    I will let you know the results.
    Scott

  4. #4
    4 Star Lounger
    Join Date
    Feb 2004
    Location
    Saint Charles, Missouri, USA
    Posts
    565
    Thanks
    0
    Thanked 0 Times in 0 Posts
    CLOSE OUT - COMPUTER FIXED:
    First and foremost - Thanks again Gerald for your suggestion.
    I had an OLD copy of Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD (LINK HERE), but did not work on target computer's newer system. Since I had to start a boot disk from from scratch - I tried your suggestion for Ultimate Boot CD For Windows - UBCD4WIN (LINK HERE).

    COMPUTER FIX:
    Target had TWO major problems - The SPM/LX Trojan AND SHeur2 Trojan requiring multiple fixes - the two major fixes are below.

    • Used UBCD4WIN to boot up computer.
    • Fixed corrupted WINLogin Registry parameter.
      1. Executed RegEdit Command (Start/Run/Regedit)
      2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
      3. In the right pane under Userinit, Change the key to read: C:\Windows\System32\Userinit.exe, <-Include comma
      4. Click File/Exit
    • Fixed Desktop Display Properties Tab Disabled
      1. Executed RegEdit Command (Start/Run/Regedit)
      2. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System
      3. In right pane under Wallpaper=, Changed the key to read Wallpaper=""
      4. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System
      5. In right pane under Wallpaper=, Changed the key to read Wallpaper=""
      6. Click File/Exit
    • Shutdown Machine (Using Shutdown and Eject option of UBCD4WIN)
    • ReBoot computer normally.
    • Accessed the Internet to update AntiVirus Software definitions.
    • Ran COMPLETE (including archived files) Virus Scan.
    • Re-Booted computer normally.
    • Verified Computer was working normally and shutdown normally.
    • Created Complete Disk image of Windows Boot Drive.
      1. Hooked Extrnal Hard Drive to USB Port (size must be equal to or greater than drive to be backed up).
      2. Used UBCD4WIN to boot up computer.
      3. Executed Drive Image XML Application.
      4. Used Drive To Drive option backing up Windows Boot Drive to External Backup Drive.
      5. Shutdown Machine (Using Shutdown and Eject option of UBCD4WIN)
    • Unplugged Extrnal Hard Drive and stored in safe place.
    • DONE !


    Scary thing - Virus was found (AND SUCCESSFULLY REMOVED) in the "System Volume Information" hidden system subdirectory.
    Hope this helps someone else.
    Scott

  5. #5
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts
    Quote Originally Posted by IMNetUser View Post
    Scary thing - Virus was found (AND SUCCESSFULLY REMOVED) in the "System Volume Information" hidden system subdirectory.
    Glad you got it worked out. One note - the "System Volume Information" folder is where System Restore points are stored. So, if the system created a restore point while infected because of the nature of these trojans they would be included in the restore point. Just shows that if you try to use System Restore you really need to get back to a point you know is before a problem started.

    Thanks for posting back.

    Joe
    Joe

  6. #6
    3 Star Lounger HeyJude's Avatar
    Join Date
    Dec 2009
    Location
    Ohio, USA
    Posts
    332
    Thanks
    2
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by Gerald Shepard View Post
    Hello IMNetUser, another option is to use the Ultimate Boot Disk for Windows. ISO download of the package, instructions on building the ubcd4win, and guidance for slipstreaming XP SP2 or SP3, can be found here . A lot of tools for cleaning infections are included, and all you need is access to another PC to build your disk.

    Hope this helps.
    The fact that your suggestion not only helped, but resolved the issue is very commendable. I bookmarked this page in the event any of the other forums I frequent has a similar issue. Thank you Gerald. I am impressed
    Hey Jude
    Take a sad song and make it better

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •