Need Help Removing Smitfraud-C.gp

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

 

You can fix your clock from Control Panel ->Regional and Language Options and then on the Regional Options tab click the Customize button then on the next form click the Time tab. Then change the Time format to what you want. It explains there what the lower case and upper case letters will do. Upper case H is giving you 24 hour clock settings.

I believe that Iolo System Mechanic Pro that you have installed also includes an antivirus program. If this is true, you have two antivirus programs installed since you also have McAfee. You must only have one installed.

I also see SystemTech XP which includes some utilities similar to Iolo. It may not be a good idea to run both of these.


Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

After clicking Fix, exit HJT.

Now delete the below folder:
C:\Temp\pt8q3khslw

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.



Your logs are clean other than the above.

If you are not having any other malware problems, it is time to do our final steps:

1. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\cf" /u
     • Notes: The space between the cf" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\cf folder from combofix.
2. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
3. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
4. If we had you run Avenger, you can delete all files related to Avenger now.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
8. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

Try again and make sure you follow the instructions exactly. Do not leave out the REGEDIT4 line and make sure it is the first line? Also make sure you double click on the fixME.reg file.

 

Your PC lost the Windows File Association for .REG files. Let's fix it.

Now Copy the bold text below to notepad. Save it as RegFix.reg to your desktop. Be sure the "Save as" type is set to "all files". Then Click Start, Run, and enter regedit and click OK. This will open the Registry Editor.

In the Registry Editor click File and Import. Navigate to the RegFix.reg patch you saved on your Desktop and double click on it. Click OK at the prompt to add to the registry. Do you get a success message for this?

Then retry the fixME.reg patch and continue on with the rest of the instructions. And you can remove the RegFix.reg file if all went well.