Smitfraud.C removal help

By bboy_romeo
Feb 7, 2008
  1. So i'm having some trouble removing this virus, its located in C:\windows\privacy_danger and no matter what i've tried I cannot remove it.

    Im running win xp pro, have tried spybot, avast, smitfraudfix.exe and so on..

    i've attached my hijack this log.

    if someone could help me out on figuring how to get rid of this that would be great!
  2. tuant

    tuant TS Booster Posts: 201

    Have you tried running a virus scan in safe mode? Before you do so, allow the computer to view/see all hidden files/folders then run the scan in 'safe mode'
  3. bboy_romeo

    bboy_romeo TS Rookie Topic Starter

    i'll give that a try, but i've already run spybot in safe mode and it couldnt remove it
  4. bboy_romeo

    bboy_romeo TS Rookie Topic Starter

    anyone else have any suggestions on how to remove this virus?? im really stuck with this, and i've attached above my hijack this log
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Download Smitfraud Fix


    Reboot your computer in Safe Mode
    (before the Windows icon appears, tap the F8 key continually)

    Double-click SmitfraudFix.exe

    Select 2 and hit Enter to delete infected files.

    You will be prompted: Do you want to clean the registry ? answer Y (yes)
    and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.

    A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt


    To restore Trusted and Restricted site zone, select 3 and hit Enter.
    You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.

    Additional Steps:

    (Start -Run)
    sc stop Messenger
    sc config Messenger start= disabled

    Locate and Remove in Registry (Start Run Regedit)

    [HKEY_USERS\S-1-5-21-1877239962-2024743916-928725530-1189\Software\Microsoft\Search Assistant\ACMru\5603]
    " 000"="links.exe"

  6. bboy_romeo

    bboy_romeo TS Rookie Topic Starter

    already ran the smitfraudfix.exe and it did not remove the virus

    i'll try those other additional stuff you added, but if theres something else i can do as well that would be greatly appreciated!
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...