I am trying to help a friend remove some rogue spyware software that is trying to get him to purchase antispyware 2008.
After reading a post on this forum i understand that smitfraudfix.exe maybe the tool required to remove this problem but everytime i download smitfraudfix.exe and scan it with avast, avast reports the following infection Win32:Trojan-gen {Other}.
Is this a false positive being generated by avast or is the file really infected.
I’ve downloaded it from a few different mirrors located at the following web page http://siri.geekstogo.com/SmitfraudFix.php but the trojan appears to be present from all locations.
I don’t doubt it is likely to be an FP but you should confirm.
Pause the web shield that will at least allow it to be downloaded, don’t execute/run it.
Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
Well firstly smitfraudfix.exe is a ‘tool’ used to remove rogue malware, unless you are talking about a different file name.
Secondly as this topic states, avast is detecting smitfraudfix.exe, incorrectly it would appear.
So you co-workers computer didn’t get infected by smitfraudfix.exe, if you are talking about smitfraud.exe and that is the correct file name then it is a different topic and you should create a new topic.