Risk Level: Medium
File Size: Varies
Affected System: Windows
Common Symptoms: Presence of the following files:
SmitFraudFix is a tool created to remove various desktop hijackers, adware and malware installed by Zlob family of trojans.
Author: SiRi [Thank you very much!!!!!!]
Operating System:Windows 2000/XP
1. Download SmitFraudFix by SiRi and save to your Desktop
2. Reboot your computer in SafeMode.
- Restart your computer
- Just before the computer begins to startup and before loading Windows press F8
- A selection menu should appear
- Select the line that says “Safe Mode”
- At logon prompt, log in as the usual user.
- During Windows Start process it will prompt you if you would like to continue running in SafeMode, press Yes
- You should now see your Desktop but in a low resolution mode only.
- Make sure no other application or windows is open.
3. Double-click on the Smitfraudfix.exe file which you downloaded earlier on your desktop. Press any key when the credit screen displays to proceed to removal procedure.
4. A selection menu will be displayed as shown in image below.
5. Press 2 on your keyboard, then Enter, to execute the selection - Clean (SafeMode Recommended)
6. It will begin to scan and clean your system thoroughly.
7. After that process, it will then run a Disk Cleanup tool to remove any unwanted files on your computer. It may take some time to complete this process.
8. After Disc Cleanup, it will show another prompt:
Do you want to clean the registry? (y/n). Press the Y button and then press the Enter to begin cleaning your registry.
9. This tool will also check if your wininet.dll is infected and will prompt:
Replace infected file? Press Y and then Enter to replace you wininet.dll with the clean version.
10. A reboot may be needed to complete the process. It will reboot your computer automatically, if not please restart your computer manually.
11. It will generate the report that can be found at the root of the system drive, usually at C:\rapport.txt. Keep this log file for your future reference.
Note: This tool removes Desktop Hijack malware: AdwarePunisher, AdwareSheriff, AlphaCleaner, Antispyware Soldier, AntiVermeans, AntiVermins, AntiVerminser, AntivirusGolden, AVGold, BraveSentry, MalwareWipe, MalwareWiped, MalwaresWipeds, MalwareWipePro, MalwareWiper, PestCapture, PestTrap, PSGuard, quicknavigate.com, Registry Cleaner, Security iGuard, Smitfraud, SpyAxe, SpyCrush, SpyDown, SpyFalcon, SpyGuard, SpyHeal, SpyHeals, SpyLocked, SpyMarshal, SpySheriff, SpySoldier, Spyware Vanisher, Spyware Soft Stop, SpywareLocked, SpywareQuake, SpywareKnight, SpywareSheriff, SpywareStrike, Startsearches.net, TitanShield Antispyware, Trust Cleaner, UpdateSearches.com, Virtual Maid, VirusBlast, VirusBurst, Win32.puper, WinHound, Brain Codec, DirectVideo, EliteCodec, eMedia Codec, FreeVideo, Gold Codec, HQ Codec, iCodecPack, iMediaCodec, Image ActiveX Object, IntCodec, iVideoCodec, JPEG Encoder, Key Generator, Media-Codec, MediaCodec, MMediaCodec, MovieCommander, MPCODEC, My Pass Generator, PCODEC, Perfect Codec, PowerCodec, PornPass Manager, PornMag Pass, PrivateVideo, QualityCodec, Silver Codec, SiteEntry, SiteTicket, SoftCodec, strCodec, Super Codec, TrueCodec, VideoAccess, VideoBox, VidCodecs, Video Access ActiveX Object, Video ActiveX Object, VideoCompressionCodec, VideoKeyCodec, VideosCodec, WinAntiSpyPro, WinMediaCodec, X Password Generator, X Password Manager, ZipCodec…
For those of you with a BLANK DESKTOP after cleanup, this is what to do:
- Control Panel
- Desktop tab
- Customize Desktop button
- Web tab
- Delete anything that doesn’t say “My Current Homepage”, and uncheck that box if it’s ticked
Your desktop should return (basically it leaves Active Desktop turned on but pointing to a blank file)
THANK YOU VERY MUCH, SiRi!!!!