Smitfraud

SmitFraud is one of the nastier Trojans out there today. SmitFraud once on your computer will hijack your system causing popus to appear. SmitFraud, once executed, will register itself in your system and run a payload. Your desktop will be hijacked (thanks SmitFraud!!) and replacing it you will see a fake warning message instructing you to download a spyware remover (usually iGuard). SmitFraud blocks access to some web sites and will sometimes even prevent internet access period.
Download Smitfraud scanner
Download Smitfraud infection scanner *
  • Quick & tested solution for Smitfraud threat removal.
  • Save to your desktop & launch now!
* Spyhunter scanner, published in this site is intended to be used only as a detection tool. For using a removal function, you will need to purchase the full version of SpyHunter.
Danger level 7
Type: Rogue Anti-Spyware

How to manually remove Smitfraud

Files associated with Smitfraud infection:

bsw.exe
helper.exe
hookdump.exe
intmon.exe
intmonp.exe
msmsgs.exe
msole32.exe
ole32vbs.exe
popuper.exe
wldr.dll
param32.dll
hhk.dll
oleadm.dll
oleadm32.dll
shnlog.exe
uninstiu.exe
winhook.exe
winstall.exe
wp.exe
zloader3.exe
hp[X].tmp
perfcii.ini
sites.ini
wp.bmp
drsmartload45a45m.exe
drsmartload46a46m.exe
drsmartload849a849m.exe
drsmartload192a[1].exe
dnr4019qe.dll
drsmartload45a7i.exe
drsmartload46a7i.exe
drsmartload849a7i.exe
drsmartload.exe
drsmartload45a7h.exe
drsmartload46a7h.exe
drsmartload849a7h.exe
drsmartload46a[1].exe
loader[1].exe
drsmartload45a[1].exe
drsmartload849a[1].exe
drsmartload849a8b5.exe
oybgrql.dll
drsmartload45v.exe
drsmartload46v.exe
drsmartload849v.exe
drsmartload100a[1].exe
atmtd.dll._
atmtd.dll
drsmartload45a.exe
drsmartload46a.exe
drsmartload849a.exe
drsmartload95a.exe
drsmartload1.exe
MTE3NDI6ODoxNg.exe
drsmartload2.dat
gwiz
ntsystem.exe
cprocsvc
cproc.exe
winetn32.dll
ixt2.dll
tazth.dll
drsmartload44a[1].exe
MTE3NDI6ODoxNgnew.exe
MTE3NDI6ODoxNg[1].exe
drmv2clt.exe
drsmartload815a.exe
olnohdw.dll

Smitfraud DLL's to remove:

wldr.dll
param32.dll
hhk.dll
oleadm.dll
oleadm32.dll
dnr4019qe.dll
oybgrql.dll
atmtd.dll
winetn32.dll
ixt2.dll
tazth.dll
olnohdw.dll

Smitfraud processes to kill:

bsw.exe
helper.exe
hookdump.exe
intmon.exe
intmonp.exe
msmsgs.exe
msole32.exe
ole32vbs.exe
popuper.exe
shnlog.exe
uninstiu.exe
winhook.exe
winstall.exe
wp.exe
zloader3.exe
drsmartload45a45m.exe
drsmartload46a46m.exe
drsmartload849a849m.exe
drsmartload192a[1].exe
drsmartload45a7i.exe
drsmartload46a7i.exe
drsmartload849a7i.exe
drsmartload.exe
drsmartload45a7h.exe
drsmartload46a7h.exe
drsmartload849a7h.exe
drsmartload46a[1].exe
loader[1].exe
drsmartload45a[1].exe
drsmartload849a[1].exe
drsmartload849a8b5.exe
drsmartload45v.exe
drsmartload46v.exe
drsmartload849v.exe
drsmartload100a[1].exe
drsmartload45a.exe
drsmartload46a.exe
drsmartload849a.exe
drsmartload95a.exe
drsmartload1.exe
MTE3NDI6ODoxNg.exe
ntsystem.exe
cproc.exe
drsmartload44a[1].exe
MTE3NDI6ODoxNgnew.exe
MTE3NDI6ODoxNg[1].exe
drmv2clt.exe
drsmartload815a.exe

Remove Smitfraud registry entries:

b292ec9f-a074-4115-8342-1f459702d8d2
27321538-5739-4aa1-b84c-7d18e4383f1f
5f938c17-fbc7-4a3c-8526-85e5b1a1f762
dfa61db1-388e-4c87-8d56-540fa229bcb4
f31aee4a-1530-4fef-8537-79c6973bff9a
03413bf7-e34c-445b-bfc0-a2b127255871
19452E5B-963F-4886-766D-0526284B6F61
aea3d2df-2b2c-4d7b-81a0-d975c6dc088e
64ba30a2-811a-4597-b0af-d551128be340
WMuse
ed39ecef-902e-4ed1-8434-71e8db89e5ca
5839511e-ec1b-4f91-ace3-fb88e52f5239
D5BC2651-6A61-4542-BF7D-84D42228772Centry.
f79fd28e-36ee-4989-aa61-9dd8e30a82fa
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallinternetupdate
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerSearchURL(Default)=[siteaddress]
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerSearchSearchAssistant=[siteaddress]
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerSearchCustomizeSearch=[siteaddress]
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainLocalPage=[siteaddress]
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainSearchPage=[siteaddress]
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainSearchBar=[siteaddress]
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainDefault_Search_URL=[siteaddress]
HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainDefault_Page_URL=[siteaddress]
FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunmsnmessenger
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunWindowsFZ
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunWindowsFY
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\b292ec9f-a074-4115-8342-1f459702d8d2
Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\instcat
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\5f938c17-fbc7-4a3c-8526-85e5b1a1f762
SOFTWARE\Policies\06849E9F-C8D7-4D59-B87D-784B7D6BE0B3
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\f31aee4a-1530-4fef-8537-79c6973bff9a
Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\incestuously
Microsoft\drsmartload2
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\64ba30a2-811a-4597-b0af-d551128be340
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\aea3d2df-2b2c-4d7b-81a0-d975c6dc088e
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\decorin
AddThis Social Bookmark Button AddThis Feed Button

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
 This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)

 
Home / Parasites / Rogue Anti-Spyware / Smitfraud
© 2002-2008 pcthreat.com  | Terms of use | Privacy policy | About us | Link to US