What is Smitfraud/Trojan.Zlob?
Smitfruad, also known as Trojan.Zlob, is a family of Desktop Hijackers. These infections change your Desktop background to issue fake warning messages on your computer, similar (and almost identical) to Windows Update Notification balloons. These alerts tend to be accompanied by a rogue anti-spyware program (see list below) installed on your computer without your consent. Clicking on one of these fake security alerts will either bring you to a home page where you can purchase other fraudulent software, or without your permission, will automatically install onto your computer.
This is a partial list of rogue anti-spyware programs. There are many, many more.
AdwarePunisher AdwareSheriff AlphaCleaner Antispyware Soldier AntiVermeans AntiVermins AntiVerminser AntivirusGolden AVGold
BraveSentry MalwareWipe MalwareWiped MalwaresWipeds MalwareWipePro MalwareWiper PestCapture PestTrap PSGuard
quicknavigate.com Registry Cleaner Security iGuard Smitfraud SpyAxe SpyCrush SpyDown SpyFalcon SpyGuard SpyHeal SpyHeals
SpyLocked SpyMarshal SpySheriff SpySoldier Spyware Vanisher Spyware Soft Stop SpywareLocked SpywareQuake SpywareKnight
SpywareSheriff SpywareStrike Startsearches.net TitanShield Antispyware Trust Cleaner UpdateSearches.com Virtual Maid VirusBlast
VirusBurst Win32.puper WinHound Brain Codec DirectVideo EliteCodec eMedia Codec FreeVideo Gold Codec HQ Codec iCodecPack
Tools needed:
SmitFraudFix
IDENTIFICATION
Entries in a HijackThis log
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\Media-Codec\isaddon.dll
O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - C:\Program Files\VideoKeyCodec\isaddon.dll
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Program Files\iVideoCodec\isaddon.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\X Password Generator\isaddon.dll
O2 - BHO: MSVPS System - {100B21CD-3B97-44FB-B1C0-EA6249E482E8} - C:\WINDOWS\ddesupport.dll
O4 - HKCU..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU..\Run: [MalwareAlarm] C:\Program Files\MalwareAlarm\MalwareAlarm.exe
O4 - HKLM..\Run: [avp] C:\WINDOWS\avp.exe
- Please reboot your computer to Safe Mode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press “Enter”.
Choose your usual account.
2. When you are in Safe Mode, proceed by opening the SmitfraudFix folder on your Desktop.
-
Make sure any other open windows are closed.
-
Now double-click smitfraudfix.cmd in the SmitfraudFix folder
-
When the tool opens, you will see the intro/credit screen. Simply press any key on your keyboard to continue.
-
You will now see a menu, as seen in the image below. Select option #2 “Clean (Safe mode recommended)” by typing 2 and pressing “Enter” on your keyboard.
http://img687.imageshack.us/img687/6396/option2newjg4.png
-
SmitfraudFix will begin the cleaning process by going through the cleaning process.
-
Once the clean-up has been completed, SmitfraudFix will open and start Disk Cleanup as seen below. Disk Cleanup can take several minutes to complete.
The Disk Cleanup tool helps free up space on the hard disk by searching the disk for files that can be safely deleted. You can choose to delete some or all of the files. Use Disk Cleanup to perform any of the following tasks to free up space on the hard disk:
Remove temporary Internet files.
Remove downloaded program files. For example, ActiveX controls and Java applets that are downloaded from the Internet.
Empty the Recycle Bin.
Remove Windows temporary files.
Remove optional Windows components that you are not using.
Remove installed programs that you no longer use.
-
Once Disk Cleanup has finished, you will be prompted with an option asking: “Registry cleaning - Do you want to clean the registry?”; answer “Yes” by typing Y proceeded by pressing “Enter” on your keyboard. This will remove your Desktop background and clean the registry keys associated with the Smitfraud infection.
-
The tool will now restart your computer back to Normal Mode to finish the cleaning process. If it does not restart automatically, please restart manually. (Start > Turn Off Computer > Restart).
-
Once you are back in Normal Mode, a Notepad file will appear onscreen, with results from the cleaning process.
-
download CCleaner run a full “scan”
13.enjoy your pc without this virus,FREEDOM