Expert: Brian Benosky - 7/12/2009

Question
QUESTION: Hello,

i have a serious problem with this trojan. the subject is the name of the trojan but this is getting bad. We have no clue about this virus! it's showing on the desktop that it says it's a spyware but the computer says it's infected by the Trojan SPM/LX. We could possibly the experimentation of a super virus, we don't know. but we need help seriously. OK, now to the complete description of the virus. When the computer gets started the desktop background will change to a warning message of a notification that we are infected with spyware. then the computer comes up with it's "ad" that "they" will sell you the securtity needed to take it off. but really we understand they are tricking you into givin them money to take it off. but then we try to run any program and it blocks that access and closes it. we have the internet turned off so they cannot control the computer but now it's the virus controlling. when we try to run "safe mode" that even gets stopped. we just got a few steps above a little bit by finding files that aren't suppose to be there. well after about 30 mins of file searching the computer stops and we turn off the computer. the main thing is we have a software called Smitfraudfix. the virus stops anything we try to do! that's the main fact. Please help! We have important fincancial files on here.

ANSWER: Hi Jaha

You most likely are infected by a rogue anti-spyware program.  SmitfraudFix by S!Ri is a malware removal tool, but should only be used under guidance by a forum expert after submitting a HijackThis log.  If you do not have internet access, you will need to perform the following steps by transferring the executables from another computer to a USB thumb drive or CD, then take them to the infected computer.  Remember, it is important to transfer the files to the desktop, and not run the programs from the USB or CD directly.  Also, it would be best to run the programs in Safe Mode.

Please download Malwarebytes' Anti-Malware to your desktop from here:
http://www.besttechie.net/tools/mbam-setup.exe
Double-click mbam-setup.exe and follow the prompts to install the program.
 * At the end, be sure a checkmark is placed next to
       o Update Malwarebytes' Anti-Malware
       o and Launch Malwarebytes' Anti-Malware
 * then click Finish.
 * If an update is found, it will download and install the latest version.
 * Once the program has loaded, select Perform full scan, then click Scan.
 * When the scan is complete, click OK, then Show Results to view the results.
 * Be sure that everything is checked, and click Remove Selected.
 * When completed, a log will open in Notepad.  Please save it to your desktop.

Next, please download TrendMicro HijackThis! from the following link:
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
* Save HJTInstall.exe to your desktop.
* Doubleclick on the HJTInstall.exe icon on your desktop.
* By default it will install to C:\Program Files\Trend Micro\HijackThis.
* Click on Install.
* It will create a HijackThis icon on the desktop.
* Once installed, it will launch Hijackthis.
* Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
* Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log in a follow-up to me, along with
the Malwarebytes' Anti-Malware log.


Brian

---------- FOLLOW-UP ----------

QUESTION: The only thing is that we can't get any program to run at all even it it is downloaded from the internet. Nothing in the computer exectutes.

Answer
Hi Jaha

You can try booting from a live CD.  Download the F-Secure Rescue CD from this link:
http://www.f-secure.com/linux-weblog/files/f-secure-rescue-cd-release-3.01-14505
Unzip, burn to CD, then boot to that CD in order to run a malware scan.  If, after the scan, your computer is still not able to download the programs I mentioned previously, you will need to do a repair installation of Windows.  Instructions for this can be found here for XP:
http://support.microsoft.com/kb/315341
For Vista:
http://www.vistax64.com/tutorials/88236-repair-install-vista.html

Brian