Any Help??
I did a bunch of readings and followed this guide. Basically removed a bunch of crap I didnt know I have, but I still get the symptoms of this virus from time to time(the fake Windows "Spyware detected, Interest attack attempt dected" warning message that tells me to go to this site for anti-spyware" What to do?
Here's what I followed:
_____________________________________
Windows XP/2K (includes Ewido)
You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.
Please download smitRem.zip and save it to your desktop.
Right click on the file and extract it to its own folder on the desktop.
Please download, install, and update the free version of Ewido Security Suite:
1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main Ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes, the status bar at the bottom will display "Update successful"
5. Exit Ewido. DO NOT run a scan yet.
If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items:
===================================================
HijackThis entries here if needed. Delete any other malware files not associated with the smitfraud variants and SpySheriff.
===================================================
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.
Next, run Ad-aware and perform a full scan. Remove everything found.
Now open Ewido Security Suite
* Click on Scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with ewido it is finding cases of false positives. You will need to step through the process of cleaning files one-by-one. If ewido detects a file you KNOW to be legitimate, select none as the action.
* DO NOT select "Perform action on all infections"
* When the scan is finished, click the Save report button at the bottom of the screen.
* Save the report to your desktop
* Close Ewido
Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.
Restart your computer in normal mode.
Run Panda's online virus scan and perform a full system scan. Make sure the Autoclean box is checked!
Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the Ewido scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.
Let us know if any problems persist.
Windows 9X/ME (without Ewido)
CODE
You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.
Please download smitRem.zip and save it to your desktop.
Right click on the file and extract it to its own folder on the desktop.
If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items:
===================================================
HijackThis entries here if needed. Delete any other malware files not associated with the smitfraud variants and SpySheriff.
===================================================
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.
Next, run Ad-aware and perform a full scan. Remove everything found.
Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.
Also uncheck "View my Active desktop as a web page".
Click OK then Apply and OK.
Restart your computer in normal mode.
Run Panda's online virus scan and perform a full system scan. Make sure the Autoclean box is checked!
Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the smitRem tool, which will be located at C:\smitfiles.txt.
Let us know if any problems persist.
Thanks to noahdfear for all his work on this.
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard
Reboot into normal mode.
A registry file to undo most of the changes is available here:
http://metallica.geekstogo.com/smitfraud.reg
Doubleclick that file and confirm you want to merge it with the registry.
1.) Download the Hoster from HERE Press "Restore Original Hosts" and press "OK". Exit Program.
2.) Download: http://www.mvps.org/winhelp2002/DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.
3.) Download, install, and run CleanUp!
4.) Run a virus scan. If you do not have an AV installed, use ActiveScan - Save the results from the scan!
__________________________
Hopefully I can use my computer safely again. Thanks MFK!
I did a bunch of readings and followed this guide. Basically removed a bunch of crap I didnt know I have, but I still get the symptoms of this virus from time to time(the fake Windows "Spyware detected, Interest attack attempt dected" warning message that tells me to go to this site for anti-spyware" What to do?
Here's what I followed:
_____________________________________
Windows XP/2K (includes Ewido)
You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.
Please download smitRem.zip and save it to your desktop.
Right click on the file and extract it to its own folder on the desktop.
Please download, install, and update the free version of Ewido Security Suite:
1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main Ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes, the status bar at the bottom will display "Update successful"
5. Exit Ewido. DO NOT run a scan yet.
If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items:
===================================================
HijackThis entries here if needed. Delete any other malware files not associated with the smitfraud variants and SpySheriff.
===================================================
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.
Next, run Ad-aware and perform a full scan. Remove everything found.
Now open Ewido Security Suite
* Click on Scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with ewido it is finding cases of false positives. You will need to step through the process of cleaning files one-by-one. If ewido detects a file you KNOW to be legitimate, select none as the action.
* DO NOT select "Perform action on all infections"
* When the scan is finished, click the Save report button at the bottom of the screen.
* Save the report to your desktop
* Close Ewido
Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.
Restart your computer in normal mode.
Run Panda's online virus scan and perform a full system scan. Make sure the Autoclean box is checked!
Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the Ewido scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.
Let us know if any problems persist.
Windows 9X/ME (without Ewido)
CODE
You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.
Please download smitRem.zip and save it to your desktop.
Right click on the file and extract it to its own folder on the desktop.
If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items:
===================================================
HijackThis entries here if needed. Delete any other malware files not associated with the smitfraud variants and SpySheriff.
===================================================
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.
Next, run Ad-aware and perform a full scan. Remove everything found.
Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.
Also uncheck "View my Active desktop as a web page".
Click OK then Apply and OK.
Restart your computer in normal mode.
Run Panda's online virus scan and perform a full system scan. Make sure the Autoclean box is checked!
Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the smitRem tool, which will be located at C:\smitfiles.txt.
Let us know if any problems persist.
Thanks to noahdfear for all his work on this.
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard
Reboot into normal mode.
A registry file to undo most of the changes is available here:
http://metallica.geekstogo.com/smitfraud.reg
Doubleclick that file and confirm you want to merge it with the registry.
1.) Download the Hoster from HERE Press "Restore Original Hosts" and press "OK". Exit Program.
2.) Download: http://www.mvps.org/winhelp2002/DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.
3.) Download, install, and run CleanUp!
4.) Run a virus scan. If you do not have an AV installed, use ActiveScan - Save the results from the scan!
__________________________
Hopefully I can use my computer safely again. Thanks MFK!
