Title: Smitfraud

Type: Trojans

Remove Smitfraud. Removal instructions

Also known as: smit fraud, smitfraud.c

Severity scale:

(95 / 100)

SmitFraud is infamous corrupt anti spyware. Smit Fraud is one of the most known malware of this kind. Remove SmitFraud asap as it turns a computer into almost useless piece:
SmitFraud generates large amounts of commercial pop-ups and fabricated security alerts. It may prevent attempts to access internet.
SmitFraud changes desktop background picture to a security message and urges user to buy full version SmitFraud to clean a computer.
Pop-ups displayed by Smit Fraud presents this software as a security tool, but thats a scam. SmitFraud is actually a malware and it can install additional spyware threats on the infected computer. Remove Smitfraud as soon as possible.
Smitfraud removal is a bit complicated so its better to use automated solutions.

Related files: wp.bmp, sites.ini, perfcii.ini, hp[X].tmp, wldr.dll, param32.dll, oleadm32.dll, oleadm.dll, hhk.dll, zloader3.exe, wp.exe, winstall.exe, winhook.exe, uninstiu.exe, shnlog.exe, popuper.exe, ole32vbs.exe, msole32.exe, MSMSGS.EXE, intmonp.exe, intmon.exe, hookdump.exe, helper.exe, bsw.exe

Smitfraud properties:
• Changes browser settings
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Smitfraud snapshot:

Automatic Smitfraud removal:

remover for Smitfraud

SpyHunter is recommended remover to uninstall Smitfraud. You should confirm using free trial that it detects current version of parasite.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manul removal instructions below.

If you failed to remove Smitfraud using SpyHunter please report this to us.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use.

STOPzilla

download | review

We are testing STOPzilla's efficiency at removing Smitfraud (2008-12-05 21:49:41)

Malwarebytes Anti Malware

download | review

We are testing Malwarebytes Anti Malware's efficiency at removing Smitfraud (2008-12-05 21:49:41)

Spyware Doctor

download | review | tutorial

We are testing Spyware Doctor's efficiency at removing Smitfraud (2008-12-05 21:49:41)

XoftSpySE Anti Spyware

download | review

Smitfraud manual removal:

FORUM:
Discuss Smitfraud in
spyware removal forum

Kill processes:
bsw.exe, helper.exe, hookdump.exe, intmon.exe, intmonp.exe, msmsgs.exe, msole32.exe, ole32vbs.exe, popuper.exe, shnlog.exe, uninstiu.exe, winhook.exe, winstall.exe, wp.exe, zloader3.exe

HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsFY
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsFZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msn messenger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL=[site address]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL=[site address]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar=[site address]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page=[site address]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page=[site address]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch=[site address]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant=[site address]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\(Default)=[site address]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internet update

Search the Windows registry for {D5BC2651-6A61-4542-BF7D-84D42228772C} entry.

HELP:
how to remove registry entries

Unregister DLLs:
wldr.dll

HELP:
how to unregister malicious DLLs

Delete files:
bsw.exe, helper.exe, hookdump.exe, intmon.exe, intmonp.exe, msmsgs.exe, msole32.exe, ole32vbs.exe, popuper.exe, shnlog.exe, uninstiu.exe, winhook.exe, winstall.exe, wp.exe, zloader3.exe, hhk.dll, oleadm.dll, oleadm32.dll, param32.dll, wldr.dll, hp[X].tmp, perfcii.ini, sites.ini, wp.bmp

HELP:
how to remove harmful files

Delete directories:
C:\Windows\System\Log Files
C:\Windows\System32\Log Files
C:\Winnt\System32\Log Files
Misc:
Use automated Smitfraud removal tool for best results.
Smitfraud removal information

Information added: 2005-06-22 06:53:32
Information updated: 2008-12-05 19:12:26

Additional resources related to Smitfraud:

Attention: If you know or you have a website or page about Smitfraud removal, feel free to add a link to this list: add url

more resources

Guest

I had Spyaxe on my machine and thought I had Smitfraud-C. as well. Spybot deleted Smitfraud, but it kept reappearing on every scan. Trick is to boot in safe mode, delete nvctrl.exe (must be in safe as Spyaxe sets this up to run on startup and contantly reactivate if killed) then go to the registry identified by Spybot (Explorerrun) and remove all the entries related to .exe files referred to in the Spyaxe page on 2-Spyware.com. Spybot appears to see the reference to nvctrl.exe in the Explorerrun registry as Smitfraud-C. when it is likely that this has been copied by Spyaxe. Hope this is useful to someone.

Reply »

2005 12 21

Guest

Anyone know what or how to remove the following message I receive in a small red box at the bottom right corner of internet explorer browser.

"Your computer is infected
Critical system error
system detected virus activity
They may cause critical
system failure. Please use antimalware
software to clean and protect your
system from parasite programs.
Click here to get all available software."

I don't know how to get rid of it. It also puts a icon in my taskbar area and toggles between red circle with a line through it and a green wheelchair.

Thanks for any help/input

Reply »

2006 05 16

Guest

A friend of mine had SpyAxe a year ago and I downloaded a program to get rid of it. Now I have a problem with a "virus eliminator" called VirusBusters. I believe I got it from Myspace.com so just a warning from a frustrated computer user.

Reply »

2006 12 05

Guest

i had Spylocked, used smitfraud, it went :/. Smitfraud actually helped me and had no side effects that i know of, i could kiss it but i noticed people slagging it off.

Reply »

2007 05 01

Guest

how can i delete the spylocked icon in my computer it still there

Reply »

2007 05 27

Guest

even spy sweeper doesnt work !!!!!!!!!!!

Reply »

2007 06 09

<Guest>

Nice grammar buddy

Reply »

2008 12 05

Post Comment:

Attention: Use this form only if you have additional information about Smitfraud parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.