Removing smitfraud

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by martyb688, Dec 30, 2007.

  1. martyb688

    martyb688 Private E-2

    Per removal instructions step 1, here is my rapport.txt
     

    Attached Files:

  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Welcome to Majorgeeks!

    Your best option is to run the full guide below, gives a better overall picture of you PC and what its malware ( and could be multiple infections ) are....

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
  3. martyb688

    martyb688 Private E-2

    Halo,
    Here is the current state of my PC...
    I have ran AdAware that resulted in no current problems.
    I then ran Spybot and the only thing that it can't fix was smitfraud ( cant remove registry entry)

    Up until today my PC has been 100% clean. I saw the smitfraud instructions, and it seems very specific to my current problem.

    Can we try to remove smitfraud without going through the preliminary steps?

    Thanks, Marty
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You can follow all of the steps in the below link:

    Removing Zlob aka SmitFraud, SpySheriff, Infections


    However be warned the many SmitFraud infections do not come alone and doing the other steps that Halo gave you will be important in determining if you are really clean.
     
  5. martyb688

    martyb688 Private E-2

    I did that as well as running HJT to remove a few things.
    Now both spybot and adaware report a clean system.
    But one thing has come up that is puzzling. In task manager all of my user processes have a duplicate process running with a space between the name and the exe. for example;
    FIREPOD.exe
    FIREPOD .exe
    the executable sizes are different, I can kill the processes with no problem.
    Have you seen this?
    If not, I am very inclined to just punt and reformat my c drive, I have all of my stuff backed up.
    Thanks,
     
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No as far as we can tell since you never attached the two logs from running it. We cannot help you if you don't follow instructions.

    This is not a indication that you are clean. It only means they did not see anything. They do miss a lot just like most scanners do.

    And this totally supports what I said just above and also in previous messages. You are not clean and SmitFraud did not come alone. You have the latest form or a Virtumonde infections. You still need to run the READ & RUN ME that you wanted to skip and then you must attach all of the requested logs. I repeat again, with no logs we can not help you.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds