Header Ads

SmitFraudFix Fixing Tool

These are rogue antispyware softwares. They displays false security pop-up warnings and taskbar icons on infected computer. Below is a list of known SmitFraud antispywares.

AdwarePunisher, AdwareSheriff, AlphaCleaner, Antispyware Soldier, AntiVermins, AntivirusGolden, AVGold, BraveSentry, MalwareWipe, PestTrap, PSGuard, quicknavigate.com, Security iGuard, Smitfraud, SpyAxe, SpyFalcon, SpyGuard, SpyHeal, SpySheriff, Spyware Vanisher, Spyware Soft Stop, SpywareQuake, SpywareSheriff, SpywareStrike, Startsearches.net, TitanShield Antispyware, Trust Cleaner, UpdateSearches.com, Virtual Maid, VirusBlast, VirusBursters, Win32.puper, WinHound, eMedia Codec, HQ Codec, iCodecPack, iMediaCodec, IntCodec, Media-Codec, MediaCodec, MMediaCodec, MPCODEC, PCODEC, PowerCodec, PornPass Manager, PornMag Pass,SoftCodec, strCodec, TrueCodec, VideoCompressionCodec, VideoKeyCodec, VideosCodec,
WinMediaCodec, X Password Generator, X Password Manager, ZipCodec

Download The free software

You will need an anti virus, and an anti spyware program, and ccleaner on your computer. If you do not have them please download free form the links below. Then Install and Update them immediately before you continue.

(If you already have them, then no need to download)


download smitfraudFix.exe
http://siri.urz.free.fr/Fix/SmitfraudFix.exe OR
and save it on your hard disk. It needs no installation.

Manual Removal Instructions

To Search infected files.
Double-click SmitfraudFix.exe
Select 1 and press Enter to create a report of the infected files.
The report is usually at C:\rapport.txt
(This is the first step. There is no need for you to understand anything here. If there are any known smitfraud entries, they will be removed by the tool automatically in the next steps. However you can make a copy of the file rapport.txt elsewhere or by renaming it, so that it can be a reference to compare with the new rapport.txt generated after the cleaning process is over )

Temperorarily disable system restore
(Windows ME/XP Users)

Click on start > all programs > Accessories > System Tools > System Restore
Click on System Restore settings.
Check the box to Turn off system restore on all drives.
press apply. press ok.

Boot your computer in safe mode

Turn computer OFF.
Turn in ON after two minutes.
Press F8 , keep tapping while booting.
A boot menu should be displayed on the screen. Select to boot in Safe mode

Find and delete infected files

Run your antivirus program, and antispyware while in safe mode one after the other
and delete all infected files.

Run SmitfraudFix

Double-click SmitfraudFix.exe
Select 2 and press Enter to delete infect files.
You will be prompted: Do you want to clean the registry ?
answer Y (yes) and press Enter to remove the Desktop background and clean infected
registry keys .
The tool will now check if wininet.dll is infected.
You may be prompted to replace the infected file (if found):
Replace infected file ? answer Y (yes) and press Enter to restore a clean file.
A reboot may be needed to finish the cleaning process.
A report is created usually at C:\rapport.txt

Restart Your computer to boot in Normal mode.

Re Enable system restore
(Windows ME/XP Users)

Click on start > all programs > Accessories > System Tools > System Restore
UnCheck the box in front of "Turn off system restore on all drives"
press apply. press ok. Your System Restore Monitoring will start for all partitions.

Run ccleaner
In the following two modes
1)Cleaner > Analyze > Run Cleaner
2)Issues > Scan for Issues > Fix selected Issues

Aliases (Also Known As)
Trojan-Spy.HTML.Smitfraud.a (Kaspersky Lab) is also known as: Phish-BankFraud.eml (McAfee), Trojan.Bankfraud (Doctor Web), HTML.Phishing.Bank-1 (ClamAV), HTML/Smithfraud.gen (Eset)

Trojan-Spy.HTML.Smitfraud.c (Kaspersky Lab) is also known as: Phish-BankFraud.eml.a (McAfee), Trojan Horse (Symantec), Trojan.Bankfraud (Doctor Web), HTML.Phishing.Bank-1 (ClamAV), Trj/Citifraud.A (Panda), HTML/Smithfraud.gen (Eset)

Other writeups on smitfraud malwares
Panda Software


No comments:

(C) Arshad Pathan. [Do not copy any contain without permission]. Powered by Blogger.