SmitFraud Virus

By aspoor ·
I have a very weird virus.

1: it seems to be smitfraud.
2: I thinks it's a highly evolved version, capable of mounting on Int 19H.
3: I think it is writing to a hidden partition.

There is a partition called Intel UNDI, PXE-2.0 (build082) it is only viewable in BIOS boot order, and as a removable drive in windows XP Pro. This may be a USB thumb drive partition but I cannot figure out how to remove it.

My question is, If I delete a Windows partition and reinstall XP Pro to a newly formatted NTFS partition should the smitfraud virus still be on the OS?

I have done this 6 times now and the virus keeps coming back.

It does not effect my linux os, and yes I have used the smitfraud removal util by Si!R, still comes back.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Not enough info!!

by ComputerCookie In reply to SmitFraud Virus

Not clear enough, PXE is a boot agent used to boot from a server over a LAN/WAN?

Does that make any sense at all, how is the BIOS boot sequence configured?

You are better of backing up and reinstalling from scratch to ensure that you have removed the virus if you can't get rid of it.

What type of device are you talking about anyway, is this a laptop?

Have you tried to use any other tools other than the "smitfraud removal util by Si!R"?

I don't know it and have never have not seen this virus for quite a while.

Collapse -

Intel UNDI, PXE-2.0

by Jacky Howe In reply to SmitFraud Virus

allows you to Boot to a Network location bypassing the Operating System. Have you started the PC in Safe Mode and turned off System Restore before running Si!R. Download Spybot - Search & Destroy 1.5.2 and install it. Update it and run it in Safe Mode.

Keep us informed as to your progress if you require further assistance.

<font size=1><i>If you think that any of these posts have solved or contributed to solving the problem, please Mark them as <b>Helpful</b> so that others may benefit from the outcome.</i></font size>

Collapse -

I hate that damn trojan horse with a passion!

by ---TK--- In reply to SmitFraud Virus

I have battled that virus for hours and hours, and I have spent many hours researching it... Nothing seems to fix it... if it keeps coming back after a reinstall then its hiding in a file you backed up or possibly in your linux partition.. personally I would delete everything... including your linux partition... any of your data, I would consider compromised... any .doc's or power point presentations that you downloaded is probably the source....

Related Discussions

Related Forums