May 27, 2008 - Geeky General    Comments Off on SmitFraud and other malware removal

SmitFraud and other malware removal

What’s the Best Way to Remove SmitFraud problems including PestCaptureWinAntivirus Pro 2007 and other problems?

Here is a solid procedure for removing these pests. Before attempting this removal procedure, download the following removal tools to your desktop and install them.

SmitRem by NoahdFear – Tool to remove Spyaxe, SpySheriff, PSGuard, WinHound, and other issues
http://noahdfear.geekstogo.com/

SmitFraudFix – Tool to remove most SmitFraud infections
http://siri.geekstogo.com/SmitfraudFix.php

RogueRemover – tool to remove Rogue applications installed with SmitFraud
http://www.majorgeeks.com/RogueRemover_d5360.html

HijackThis1.99.1 – Essential tool for finding spyware, virus, trojan,and other problems
http://www.merijn.org/files/hijackthis.zip

CCleaner – Free tool for removing temporary files, cookies, history, and cleaning upregistry problems
http://www.ccleaner.com/

Removal Procedure

Download the programs above to your desktop, extracting and install them. Once this is complete, reboot your computer into Safe Mode.

  • Open the SmitRem folder and double-click on RunThis.bat to start the SmitRem removal procedure. Besides removing particular files that it looks for,the tool also runs the Disk Cleanup tool to remove temporary files on the hard drive that may contain problem files. For a http://www.pchell.com/support/smitremtutorial.shtml Tutorial on using SmitRem click here.
  • After SmitRem has finished, open SmitFraudFix and choose to Search (option 1)and clean (option 2) and run a full system scan to remove anything it finds. http://siri.geekstogo.com/SmitfraudFix.php For atutorial on using SmitFraudFix click here.
  • Double-click on RogueRemover and run it to remove misc rogue application files installed with SmitFraud.
  • While still in Safe Mode, run CCleaner. Analyze and Clean files it finds, then click on the Issues button on the left side of the screen and Scan and Fix any Registry issues CCleaner discovers. Run both the Registry Scanner and the File Analyzer until nothing else is found.
  • Run Hijackthis and Remove any leftover issues. If you are not sure, if a line in Hijackthis is a problem, reboot in normal mode and use the Online HiJackthis Scanner to see if the file is a threat. Just copy and paste your Hijackthis log file into the scanner and let it analyze it for you. Although it’s not perfect, it will give you an idea if your system is clean or still needs some work. Do not delete anything with Hijackthis unless you are absolutely sure what the file is and what it does.

Another great tool to use is Process Library to see if a file is a threat.

For items in the Hijackthis log like the following, that will not delete manually, use KillBox to browse to the location of the file and delete it or delete it on reboot. Items that are impossible to remove unless using Killbox usually show up in the 20 section of Hijackthis.

O20- Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 - Winlogon Notify: winrir32 -C:\WINDOWS\SYSTEM32\winrir32.dll
O20 - Winlogon Notify: dvd4free -C:\WINDOWS\SYSTEM32\dvd4free.dll

Reboot computer in Normal mode.

Scan your computer with online virus scanner like Housecall, BitDefender, or eTrust or download and install an antivirus program and run a complete scan. A list of online scanners is below. Some, however, will only scan but not remove issues.

Online Virus Checkers

TrendMicro Housecall – will scan and remove threats
http://housecall.antivirus.com/

BitDefender Scan Online – will scan and remove threats
http://www.bitdefender.com/scan8/ie.html

EwidoOnline Scanner – will scan and remove threats
http://www.ewido.net/en/onlinescan/

Panda Activescan – appears to onlyscan for but not remove threats
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

McAfee FreeScan – appears to onlyscan for but not remove threats
http://us.mcafee.com/root/mfs/default.asp?WWW_URL=www.mcafee.com/myapps/mfs/default.asp

eTrust Antivirus Web Scanner –will scan and remove threats
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Symantec Security Check – will scan and remove threats
http://security.norton.com/sscv6/default.asp?productid=sarc&langid=ie&venid=sym

Dr.Web Online Check – user can upload andtest for threats on particular files
http://www.drweb-online.com/en/online_check.asp

Trojan Scanner
http://www.windowsecurity.com/trojanscan/ TrojanScanby WindowsSecurity.com

Free Antivirus Programs to Download

Anit-Vir
http://www.free-av.com/

Avast
http://www.avast.com/

AVG
http://free.grisoft.com/

You may also want to run a thorough scan for adware/spyware using Ad-aware, SpybotSearch and Destroy, or Windows Defender as well to makesure your system is absolutely clean of other malware.