TechSpot

Smitfraud and others I think, please help

By brianz37
May 27, 2008
  1. Had the smitfraud wallpaper, was infected with this once before, ran smitfraudfix and was ok. This time it does not work. Keep getting popups from task bar, and can not down load anything as IE is being redirected. Loaded superantispyware from flash drive. Had spybot serch and destroy on computer, ran this also. I am unable to do alot because I can't download anything, when I use the flash drive to transfer from my other computer I can't get the programs to run on my laptop. Also keep getting Data Exectution Prevention shutting down windows explorer and notepad. Below is the hijack this log copied from my laptop, I hope this is right, as notepad keeps shutting down. Any help would be great.

    Thanks in advance!
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Because you have had this before.

    I would suggest that you un-install Norton fully from Add/Remove programs (as it is not helping you, and if anything, slowing your computer down)

    When you're able to, download and install AVG FREE, and do a full scan

    As you have posted that this is is a Smitfraud problem. I'm going to post the correct steps in that: (although you have already run it)

    Download Smitfraud Fix
    http://siri.urz.free.fr/Fix/SmitfraudFix.exe

    Clean:

    Reboot your computer in Safe Mode
    (before the Windows icon appears, tap the F8 key continually)

    Double-click SmitfraudFix.exe

    Select 2 and hit Enter to delete infected files.

    You will be prompted: Do you want to clean the registry ? answer Y (yes)
    and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if you are infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.

    A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

    Optional:

    To restore Trusted and Restricted site zone, select 3 and hit Enter.
    You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
    ----------------------------------------------------

    Additional Steps:

    (Start -Run)
    sc stop Messenger
    sc config Messenger start= disabled

    Restart

    Then continue to Viruses/Spyware/Malware, preliminary removal instructions
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...