Smitfraud

Discussion in 'Malware Help (A Specialist Will Reply)' started by Zamurak, Jun 27, 2007.

  1. Zamurak

    Zamurak Private E-2

    Hi there,

    I am new to the forum and I did a Spybot check and it turns out I have a Smitfraud :cry problem and have tried almost everything that i could think of to remove it but it keeps coming up any ideas on how to fix this would be greatly appreciated. I have downloaded not ran/installed SmitfraudFix but I am not sure if that will fix it I just thought that I would post here first to see if any of you nice people here on this forum would be able to help me out.
     
    Zamurak, Jun 27, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    SmitFraudFix will fix true SmitFraud infections if you select option 2 to fix the problems. However what Spybot often finds are not the samething as what most SmitFraud (aka zlob) fixes typically remove. Spybot is known to report a minor registry issue as Smitfraud and for some unknown reason it cannot remove it.

    Attach a log from Spybot that shows exactly what it is finding.
    See: HOW TO: Attach Items To Your Post
     
    chaslang, Jun 28, 2007
    #2
  3. Zamurak

    Zamurak Private E-2

    Here is my S&D report
     

    Attached Files:

    Zamurak, Jun 28, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's what I expected it would be. Not what we would classify a true Smitfraud issue.

    Try the below.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Then reboot.

    Does HJT still detect the problem? If so, run the fixME.reg patch again from safe boot mode.

    Let me know the results.
     
    chaslang, Jun 28, 2007
    #4
  5. Zamurak

    Zamurak Private E-2

    when I doubled clicked the fixME.reg file on my desktop something pops up and it says

    Registry Editor

    Cannot import C:\Documents and Settings\MDG\Desktop\fixME.reg: The Specified is not a registry script. You can only import binary registry files from within the registry editor.

    Is there a way I can locate the registry editor and import it from there? Or do I have to try something else?
     
    Zamurak, Jun 28, 2007
    #5
  6. Zamurak

    Zamurak Private E-2

    So I rebooted my computer and here is the Hijack log, hope my computer is smitfraud clean.
     

    Attached Files:

    Zamurak, Jun 28, 2007
    #6
  7. Zamurak

    Zamurak Private E-2

    Please someone check this log for me

    Hi there,


    I'm new here on this forum and have been having problems with smitfraud toolbar but have been instructed by chaslang on how to remove it but I just need someone to take a look at my hijackthis log to see if there are any traces of it.
     

    Attached Files:

    Zamurak, Jun 29, 2007
    #7
  8. Zamurak

    Zamurak Private E-2

    Im an idiot i did not copy the whole thing and it did merge with the registry, I started a new thread with the new hijackthis log after the fixME.reg file was merged, now I just need someone to take a look at it.

     
    Zamurak, Jun 29, 2007
    #8
  9. Zamurak

    Zamurak Private E-2

    Re: Please someone check this log for me

    Here is a fresh new log that I just did this morning please someone check it for me.
     

    Attached Files:

    Zamurak, Jun 29, 2007
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    According to your HJT log (which you did not rename as you should have done) ..you have numerous problems!
    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
      • CounterSpy
      • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • runkeys.txt - the log from GetRunKey.bat
      • newfiles.txt - the log from ShowNew.bat
      • HijackThis ---> the last to scan and attach. Rename it!
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
     
    TimW, Jun 29, 2007
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds