NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Smitfraud. Description and removal instructions

 
Title: Smitfraud
 Also known as: smit fraud, smitfraud.c
Type: Trojans
Severity scale:Smitfraud severity is 95  (95 / 100)
 
SmitFraud is infamous corrupt anti spyware. Smit Fraud is one of the most known malware of this kind. Remove SmitFraud asap as it turns a computer into almost useless piece:
SmitFraud generates large amounts of commercial pop-ups and fabricated security alerts. It may prevent attempts to access internet.
SmitFraud changes desktop background picture to a security message and urges user to buy full version SmitFraud to clean a computer.
Pop-ups displayed by Smit Fraud presents this software as a security tool, but thats a scam. SmitFraud is actually a malware and it can install additional spyware threats on the infected computer. Remove Smitfraud as soon as possible.
Smitfraud removal is a bit complicated so its better to use automated solutions.

FORUM:
Discuss Smitfraud in
spyware removal forum

Related files: wp.bmp, sites.ini, perfcii.ini, hp[X].tmp, wldr.dll, param32.dll, oleadm32.dll, oleadm.dll, hhk.dll, zloader3.exe, wp.exe, winstall.exe, winhook.exe, uninstiu.exe, shnlog.exe, popuper.exe, ole32vbs.exe, msole32.exe, MSMSGS.EXE, intmonp.exe, intmon.exe, hookdump.exe, helper.exe, bsw.exe

Smitfraud properties:
• Changes browser settings
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Smitfraud snapshot:
Smitfraud removal

Automatic Smitfraud removal:

remover for Smitfraud

Smitfraud manual removal:

Kill processes:
bsw.exe, helper.exe, hookdump.exe, intmon.exe, intmonp.exe, msmsgs.exe, msole32.exe, ole32vbs.exe, popuper.exe, shnlog.exe, uninstiu.exe, winhook.exe, winstall.exe, wp.exe, zloader3.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsFY
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsFZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msn messenger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL=[site address]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL=[site address]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar=[site address]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page=[site address]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page=[site address]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch=[site address]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant=[site address]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\(Default)=[site address]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internet update

Search the Windows registry for {D5BC2651-6A61-4542-BF7D-84D42228772C} entry.
HELP:
how to remove registry entries

Unregister DLLs:
wldr.dll
HELP:
how to unregister malicious DLLs

Delete files:
bsw.exe, helper.exe, hookdump.exe, intmon.exe, intmonp.exe, msmsgs.exe, msole32.exe, ole32vbs.exe, popuper.exe, shnlog.exe, uninstiu.exe, winhook.exe, winstall.exe, wp.exe, zloader3.exe, hhk.dll, oleadm.dll, oleadm32.dll, param32.dll, wldr.dll, hp[X].tmp, perfcii.ini, sites.ini, wp.bmp
HELP:
how to remove harmful files

Delete directories:
C:\Windows\System\Log Files
C:\Windows\System32\Log Files
C:\Winnt\System32\Log Files
Misc:
Use automated Smitfraud removal tool for best results.
Smitfraud removal information

Other programs to remove Smitfraud:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 22/06/05
Information updated: 05/12/08

Additional resources related to Smitfraud:

Attention: If you know or you have a website or page about Smitfraud removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Smitfraud parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:

1. by . 2008-12-05 19:12:26
Nice grammar buddy

2. by Guest. 2007-06-09 01:06:51
even spy sweeper doesnt work !!!!!!!!!!!

3. by Guest. 2007-05-27 19:05:49
how can i delete the spylocked icon in my computer it still there

4. by Guest. 2007-05-01 18:05:29
i had Spylocked, used smitfraud, it went :/. Smitfraud actually helped me and had no side effects that i know of, i could kiss it but i noticed people slagging it off.

5. by Guest. 2006-12-05 12:12:24
A friend of mine had SpyAxe a year ago and I downloaded a program to get rid of it. Now I have a problem with a "virus eliminator" called VirusBusters. I believe I got it from Myspace.com so just a warning from a frustrated computer user.

6. by Guest. 2006-05-16 18:05:26
Anyone know what or how to remove the following message I receive in a small red box at the bottom right corner of internet explorer browser.

"Your computer is infected
Critical system error
system detected virus activity
They may cause critical
system failure. Please use antimalware
software to clean and protect your
system from parasite programs.
Click here to get all available software."

I don't know how to get rid of it. It also puts a icon in my taskbar area and toggles between red circle with a line through it and a green wheelchair.

Thanks for any help/input

7. by Guest. 2005-12-21 04:12:11
I had Spyaxe on my machine and thought I had Smitfraud-C. as well. Spybot deleted Smitfraud, but it kept reappearing on every scan. Trick is to boot in safe mode, delete nvctrl.exe (must be in safe as Spyaxe sets this up to run on startup and contantly reactivate if killed) then go to the registry identified by Spybot (Explorerrun) and remove all the entries related to .exe files referred to in the Spyaxe page on 2-Spyware.com. Spybot appears to see the reference to nvctrl.exe in the Explorerrun registry as Smitfraud-C. when it is likely that this has been copied by Spyaxe. Hope this is useful to someone.
Related news:
Similar parasites:
Related articles:
Related discussions:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.