Instructions for SmitFraudFix (by S!Ri)

SmitFraudFix only works with Windows XP or 2000

SmitFraudFix removes Desktop Hijack malware: AdwarePunisher, AdwareSheriff, AlphaCleaner, Antispyware Soldier, AntiVermeans, AntiVermins, AntiVerminser, AntivirusGolden, AVGold, BraveSentry, MalwareWipe, MalwareWiped, MalwareWipePro, MalwareWiper, PestCapture, PestTrap, PSGuard, quicknavigate.com, Registry Cleaner, Security iGuard, Smitfraud, SpyAxe, SpyCrush, SpyDown, SpyFalcon, SpyGuard, SpyHeal, SpyLocked, SpyMarshal, SpySheriff, SpySoldier, Spyware Vanisher, Spyware Soft Stop, SpywareQuake, SpywareKnight, SpywareSheriff, SpywareStrike, Startsearches.net, TitanShield Antispyware, Trust Cleaner, UpdateSearches.com, Virtual Maid, VirusBlast, VirusBurst, Win32.puper, WinHound, Brain Codec, DirectVideo, EliteCodec, eMedia Codec, FreeVideo, Gold Codec, HQ Codec, iCodecPack, iMediaCodec, Image ActiveX Object, IntCodec, iVideoCodec, JPEG Encoder, Key Generator, Media-Codec, MediaCodec, MMediaCodec, MovieCommander, MPCODEC, My Pass Generator, PCODEC, Perfect Codec, PowerCodec, PornPass Manager, PornMag Pass, PrivateVideo, QualityCodec, Silver Codec, SiteEntry, SiteTicket, SoftCodec, strCodec, Super Codec, TrueCodec, VideoAccess, VideoBox, VidCodecs, Video Access ActiveX Object, Video ActiveX Object, VideoCompressionCodec, VideoKeyCodec, VideosCodec, WinAntiSpyPro, WinMediaCodec, X Password Generator, X Password Manager, ZipCodec...

Download:
Use this URL to download the latest version (the file contains both English and French versions):
http://siri.geekstogo.com/SmitfraudFix.exe

Mirrors: Alternate official download locations for Smitfraudfix.exe
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
http://telechargement.zebulon.fr/259-smitfraudfix.html

Use:

• Search:
  • Double-click smitfraudfix.exe
  • Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
  
  
  
• Clean:
  • Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
  • Double-click smitfraudfix.exe
  • Select 2 and hit Enter to delete infect files.
  • You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
  • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
  • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
  
  
  
• Optional:
  • To restore Trusted and Restricted site zone, select 3 and hit Enter.
  • You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.

Note:
process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

=====================================================================
This is a self-help guide. Use at your own risk.

Important Note: If you need assistance with SmitFraudFix, please start a new topic in our Malware Removal Forum.

This topic has been left open to allow specific questions and comments related ONLY to this guide. It's NOT for posting HJT logs, links to your logs, or any other general malware help. Replies not following these rules will be deleted. Thanks for your cooperation.

sometimes when i click it, nothing happens. whats up?

Hi xMasa,
Please be more specific, and explain the problem you are having with this tool.

Actually it would be best to start a new topic ion the malware forum

Edit: I see you already posted a topic in the maleware forum

[font="Arial"][/font][size="5"][/size]Hello,
I am brand ne to this Geeks to Go and have had numerous problems with spyware etc. My question here is I downloaded the SmitfraudFix but when I did I was not in safe mode and I did not put it on my desktop. Now if I try and install it again, it comes up as the original and I do not know how to get rid of it or where it is. I need it on my desktop so I can use it in safe mode. I am a mature woman who knows more than my peers which is not much. So if someone could help me I would be ever so grateful.
Thanks Suzy

Hi Suzy25,
Please refrain from PM's to staff members here, the forums are the place to ask for help.
Go HERE and read the instructions please. If you cannot make progress following the instructions there, then start a topic in the malware section and detail your problems.

Harry

I've used SmitFraudFix successfully.
But, how do I know the malware is gone?
Also, what scans should I run before I know I'm safe?

(I've done 'Must-Read-Before-Posting-Hijackthis-Log')

Hello and welcomemmkkmm



If the various scanners recommended are coming back clean you should be all set if you want to confirm then go ahead and post a HJT log in the malware forum

%#$%&! Trojan Zlob! I purchased AdwareAlert for $20 and ran it several times. I continue to receive the popups and browser hijacks. I've downloaded two Zlob removal tools (Including Sari's) and ran each of them several times, following all instructions. Restore Off, Boot in Safe Mode, run the tool, reboot. Each time I think I'm successful, but a few hours later the popups return! This is the most persistent piece of %$#&^! I have ever run into.

Any suggestions?

This post has been edited by Welopez: Jan 5 2008, 02:03 PM

I downloaded SmitfraudFix.exe again, and ran it in SAFE mode with RESTORE off. I think it cleaned the malware this time. After four days, I've been free of annoying fraud popups for a whole hour!

Thanks gang!

Well, I thought I was done with that Trojan. It hadn't popped up in two hours, so I ran DEFRAG and then Check Disk. Then I rebooted. Oops! It's back! This is the most obnoxious pest I have ever run into.

My default browser is SlimBrowser, but every time the Trojan runs, it open Internet Explorer. With SlimBrowser I have the option to block domains.... but that doesn't appear to be an option for Internet Explorer. Blocking it, however, does not remove it from my computer.

I remain at a loss to deal with this malware. Any help would be appreciated.

Thanks Welopez anyway.I had someone come over but it was totally frozen and gone. I appreciate the response. We will be reloading windows. Thanks Again, Suzy

I would suggest both of you

run through the steps outlined in this Topic
Post back a fresh log in the Malware forum please

I just wanted to say thank you for this board and how much help this appication was. I was able to get some of the "Security Toolbar 7.1" malware off myself but still had several files I simply could not find. I have a corporate computer and work remotely. So had I sent my laptop to corp to be cleaned I would have been very far behind in my work. The Smitfraudfix worked very well and quickly. Thanks again. TarHeelMike.