Will also remove: PestTrap, Security IGuard, SearchMaid, Antivirus Gold (AVGold), PSGuard, VirtualMaid, SpyTrooper, VirusRescue and others in the smitfraud family.
1. Download smitRem.exe ©noahdfear, and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.
2. Place a shortcut to Panda ActiveScan on your desktop.
3. Please download AVG Anti-Spyware Free Edition here:
Please read AVG Anti-Spyware Setup Instructions (formerly Ewido)
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
4. If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!
5. Next, please reboot your computer in SafeMode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
7. Open Ad-aware and do a full scan. Remove all it finds.
8. Run Ewido:
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- While the scan is in progress you will be prompted to clean files, click OK
- When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop.
9. Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.
10. Reboot back into Windows and click the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button.
- A new window will open...click the Check Now button.
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When the download is complete, click on My Computer to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Have you've found the smitRem.exe removal tool useful? Please consider a donation to the author: Dave's World (noahdfear).
1. For 98/ME, add to the control panel instructions (step 11) as follows: (thanks flrman1 )
Remove the check by "View my Active desktop as a web page".
Click OK then Apply and OK.
2. It could be possible, after reboot that the system is using the windows classic theme again.
To restore this and set it back to XP-theme, rightclick on your desktop > properties > tab Appearances and choose Windows XP style again under windows and buttons.
Click apply and OK.
3. Windows 98 users may get a sharing violation error and smitRem stops when trying to delete oleadm.dll (oleext.dll). This is because it's hooked by the infected wininet. Pressing F will allow the tool to complete.
This is a self-help guide. Use at your own risk.
Important Note: If you need assistance, please start a new topic in our Malware Removal Forum. This topic is also open for comments, but not all will receive a reply.