Instructions to remove Trojan.w32.looksky using SmitFraudFix (by S!Ri)
SmitFraudFix only works with Windows XP or 2000
Download SmitfraudFix:
Use this URL to download the latest version (the file contains both English and French versions):
- Search:
- Double-click SmitfraudFix.exe
- Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
- Clean:
- Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
- Double-click SmitfraudFix.exe
- Select 2 and hit Enter to delete infect files.
- You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
- The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
- A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
- Optional:
- To restore Trusted and Restricted site zone, select 3 and hit Enter.
- You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
