Running the most recent Avast (free) on my kid’s computer (XP). She went to a site that had the whitesmoke virus and it downloaded the virus onto her computer. It was impossible to get rid of using both Avast and Malwarebytes. Eventually, the DLLs must have gotten corrupted and I had to reinstall Windows. My question is has anyone had this problem with this virus? I’m concerned Avast did not block it.

I cleaned this same problem off a computer a couple of weeks ago using MBAM. I first ran a Quick Scan and then a Fill Scan to get rid of most of it. Then, I ran a boot scan with Avast to get rid of the rest of it.

OOPS … I just checked my notes and I had the above in the reverse order.

I did the Avast boot scan first, then the MBAM quick scan, and finally the MBAM full scan.

Usually, an MBAM quick scan gets all the problem but in this case it did not. So, then the full scan was needed.

It was impossible to get rid of using both Avast and Malwarebytes.

Yes, I ran the most recent updates to Malwarebytes. It was a frustrating experience, but with the Windows reinstall, at least the 'puter is running much faster, so my kid is happy about that. And it’s true, no scan log since I did a disk reformat and reintsall of Windows. Do you know anything about this virus? Was it just annoying, or a dataminer of some sort.

Do you know anything about this virus?

and by looking at the removal assist`s in Bleeping computer and Malwarebytes forum it is not the easiest malware to remove…

It is difficult to remove and has the side effect of trashing some key registry entries. If you have the choice reformat is the easiest option, it is mainly a channel for redirects and act as a downloader for other malware. That does not preclude keyloggers/password stealers

In my above post, Whitesmoke had downloaded a trojan onto the infected laptop.

I will agree with Essexboy that it would have been easier to reformat.

Whitesmoke is a great software and I recommend anyone to use it. I haven’t had any problems with a virus!

In WhiteSmoke blog there is a statement…I do not know if this is true or false ???

“WhiteSmoke Virus”, “WhiteSmoke Translator Virus” - NOT a Virus
hxxp://wxw.whitesmoke.com/virus ( 2 hits on URLVoid and 1 on VT url scan )

We at WhiteSmoke Inc. take this issue very seriously and have investigated every angle to find out why this has happened. We've found that, unfortunately, a partner of ours chose to use our name to spread out this "virus". Said partner has, of course, been dealt with and we've partnered up with top anti-virus companies such as AVG and Norton to make sure that our customers enjoy the security and privacy they deserve.

I also gave the free programs a VT scan

WhiteSmoke_Enrichment_free.exe - 3/43
http://www.virustotal.com/file-scan/report.html?id=188bb45d3c2166cb34acd0a1653775f0aac9dfef2bfa3aba9329e94aa23ccc6f-1296578264

WhiteSmokeTranslatorStub.exe - 2/43
http://www.virustotal.com/file-scan/report.html?id=8f5da8b898e3c056cbadf7349a7307e51083ae8b221d7b1627786a0d4e0d3d5a-1296578444

The problem is how can you tell the difference between the rogue and the good one ?

Good question essexboy. My daughter went to the Whitesmoke site because she wanted a spell checker. She tells me she didn’t download anything. I do not know this for sure, but apparently just visiting the site triggered the virus. A very frustrating lesson since by reformatting her computer she lost several story files she had been writing. Next lesson: backing up her files.

If she needs a good spell checker that is free and safe, have her try tinyspell free version. I’ve used this for years since it helps catch my typos.

http://tinyspell.numerit.com/

as you see from my post above, avast! detect both programs as malware

Avira say one is clean and one is malware

WhiteSmokeTransla...ub.exe CLEAN WhiteSmoke_Enrich...ee.exe MALWARE

Norman say both are clean

WhiteSmokeTranslatorStub.exe : Clean! WhiteSmoke_Enrichment_free.exe : Already detected as KNOWNCLEAN

The mysterious world of malware analysis ??? ;D