Smitfraud
From Wiki-Security, the free encyclopedia of computer security
|
|||||||||||||||||||||
Smitfraud is a trojan application which once installed can goad you into buying its promoted commercial anti-spyware version, including AdwareDelete, PSGuard, AntivirusGold or SpySheriff. Smitfraud will show fake notification messages that your computer is in danger and will ask you to pay for the full promoted version in order to eliminate the risk and remove the threat. Stimfraud may also replace some Windows critical components with its own infected files. Smitfraud is a serious threat and it is strongly recommended to be removed.
To check your computer for Smitfraud, download
SpyHunter Spyware Detection Tool.
SpyHunter spyware detection tool is only a scanner meant to assist you in detecting Smitfraud and other threats. If you detect the presence of Smitfraud on your PC, you have the opportunity to purchase the SpyHunter removal tool to remove any traces of Smitfraud.
Contents |
Detection of Smitfraud (Recommended)
Smitfraud is difficult to detect and remove. Smitfraud is not likely to be removed through a convenient "uninstall" feature. Smitfraud, as well as other spyware, can re-install itself even after it appears to have been removed.
You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove Smitfraud and other spyware, adware, trojans and viruses on your computer.
Run a Smitfraud scan/check to successfully detect all Smitfraud files with the SpyHunter Spyware Detection Tool. If you wish to remove Smitfraud, you can either purchase the SpyHunter spyware removal tool to remove Smitfraud or follow the Smitfraud manual removal method provided in the "Remedies and Prevention" section.
Method of Infection
There are many ways your computer could get infected with Smitfraud. Smitfraud can come bundled with shareware or other downloadable software.
Another method of distributing Smitfraud involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing Smitfraud on your system. Smitfraud installs on your computer through a trojan and may infect your system without your knowledge or consent.
If you think you may already be infected with Smitfraud, use this SpyHunter Spyware dectection tool to detect Smitfraud and other common Spyware infections. After detection of Smitfraud, the next advised step is to remove Smitfraud with the purchase of the SpyHunter Spyware removal tool.
Symptoms
Smitfraud may attempt to change your computer's desktop, hijack your browser, monitor your Internet browsing activities, change system files, and can do this without your knowledge or permission. Therefore, it is strongly recommended to remove all traces of Smitfraud from your computer.
Remedies and Prevention
Smitfraud, as well as other Spyware, are constantly evolving and becoming more advanced to avoid detection. Smitfraud along with its variants can install in different locations and even when you try to uninstall it you find they reappear when you reboot your computer.
Install a good anti-spyware software
When there's a large number of traces of Spyware, for example Smitfraud, that have infected a computer, the only remedy may be to automatically run a Spyware scan from a good anti-spyware software designed to detect Smitfraud and other types of spyware.
Remove Smitfraud manually
Another method to remove Smitfraud is to manually delete Smitfraud files in your system. Detect and remove the following Smitfraud files:
Processes
- bsw.exe
- helper.exe
- hookdump.exe
- intmon.exe
- intmonp.exe
- msmsgs.exe
- msole32.exe
- ole32vbs.exe
- popuper.exe
- shnlog.exe
- uninstiu.exe
- winhook.exe
- winstall.exe
- wp.exe
- zloader3.exe
- drsmartload45a45m.exe
- drsmartload46a46m.exe
- drsmartload849a849m.exe
- drsmartload192a[1].exe
- drsmartload45a7i.exe
- drsmartload46a7i.exe
- drsmartload849a7i.exe
- drsmartload.exe
- drsmartload45a7h.exe
- drsmartload46a7h.exe
- drsmartload849a7h.exe
- drsmartload46a[1].exe
- loader[1].exe
- drsmartload45a[1].exe
- drsmartload849a[1].exe
- drsmartload849a8b5.exe
- drsmartload45v.exe
- drsmartload46v.exe
- drsmartload849v.exe
- drsmartload100a[1].exe
- drsmartload45a.exe
- drsmartload46a.exe
- drsmartload849a.exe
- drsmartload95a.exe
- drsmartload1.exe
- MTE3NDI6ODoxNg.exe
- ntsystem.exe
- cproc.exe
- drsmartload44a[1].exe
- MTE3NDI6ODoxNgnew.exe
- MTE3NDI6ODoxNg[1].exe
- drmv2clt.exe
- drsmartload815a.exe
- retadpu77.exe
- arpl.exe
- retadpu21.exe
- wjiio.exe
- retadpu[1].exe
- retadpu[2].exe
- retadpu.exe
- retadpu1000106.exe
- n2ewma1xxsv2234.exe
- faceback.exe
DLLs
- wldr.dll
- param32.dll
- hhk.dll
- oleadm.dll
- oleadm32.dll
- dnr4019qe.dll
- oybgrql.dll
- atmtd.dll
- winetn32.dll
- ixt2.dll
- tazth.dll
- olnohdw.dll
- ssqnool.dll
- vtursro.dll
- oembios32.dll
- bndsrgxt.dll
- bndsrdkq.dll
- domnftwost.dll
- domnftwmnf.dll
- domnftwwrn.dll
- domnftwlvq.dll
- dxpvqlmtqn.dll
- dxpvqlmqng.dll
- asgp32.dll
- gndarmblsnv.dll
Other Files
- hp[X].tmp
- perfcii.ini
- sites.ini
- wp.bmp
- atmtd.dll._
- drsmartload2.dat
- gwiz
- cprocsvc
- runner1
- domnftwost.dll-removed_skip
- domnftwmnf.dll-removed_skip
- domnftwwrn.dll-removed_skip
- SystemSv121
Registry Keys
- HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunWindowsFY
- HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunWindowsFZ
- HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunmsnmessenger
- FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF
- HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainDefault_Page_URL=[siteaddress]
- HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainDefault_Search_URL=[siteaddress]
- HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainSearchBar=[siteaddress]
- HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainSearchPage=[siteaddress]
- HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainLocalPage=[siteaddress]
- HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerSearchCustomizeSearch=[siteaddress]
- HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerSearchSearchAssistant=[siteaddress]
- HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerSearchURL(Default)=[siteaddress]
- HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallinternetupdate
- D5BC2651-6A61-4542-BF7D-84D42228772Centry.
- f79fd28e-36ee-4989-aa61-9dd8e30a82fa
- SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\decorin
- SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\aea3d2df-2b2c-4d7b-81a0-d975c6dc088e
- SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\64ba30a2-811a-4597-b0af-d551128be340
- 5839511e-ec1b-4f91-ace3-fb88e52f5239
- WMuse
- ed39ecef-902e-4ed1-8434-71e8db89e5ca
- aea3d2df-2b2c-4d7b-81a0-d975c6dc088e
- 64ba30a2-811a-4597-b0af-d551128be340
- Microsoft\drsmartload2
- 19452E5B-963F-4886-766D-0526284B6F61
- Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\incestuously
- 03413bf7-e34c-445b-bfc0-a2b127255871
- Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\f31aee4a-1530-4fef-8537-79c6973bff9a
- f31aee4a-1530-4fef-8537-79c6973bff9a
- dfa61db1-388e-4c87-8d56-540fa229bcb4
- SOFTWARE\Policies\06849E9F-C8D7-4D59-B87D-784B7D6BE0B3
- Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\5f938c17-fbc7-4a3c-8526-85e5b1a1f762
- 5f938c17-fbc7-4a3c-8526-85e5b1a1f762
- 27321538-5739-4aa1-b84c-7d18e4383f1f
- Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\instcat
- SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\b292ec9f-a074-4115-8342-1f459702d8d2
- b292ec9f-a074-4115-8342-1f459702d8d2
- FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F
- MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssqnool
- MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\vtursro
- 0B9B7B2E-30E3-4C5D-AD2C-C38724979B4B
- AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236
- 3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A
- C2DE4340-CB68-450F-90CD-9BE1A26739D7
- 6a307130-b248-4b23-b2b7-4498da8c977a
- 87EF7048-8905-4E82-862E-65004D4DFA80
- C4248759-304D-477D-A1B3-F706CF99756D
- 1AC7107A-938F-4347-864C-C51E49EC586E
- 5085333B-FD15-4754-A571-852F7077C5F2
- 3808C05F-CFB0-4C9B-858D-851CC3EBB3BC
- 9D2C4CFB-0C11-4658-9EF5-B05BED9CC447
- EACC5636-980A-4D26-9250-1CF418E6D1D1
- 8AC6FA22-65B6-41B0-B0BB-243F35B86E74
- D878CD49-CE41-4434-831D-EFC15D06D25C
- BA6BD7B1-990F-4D05-8D6C-9CBAFCB3C7ED
- 4480F41F-F91F-4781-B1EA-30D261DA06AC
- 973ecdd8-1e81-4c28-b5a1-69966c0a2ce4
- 82B07A2B-F0AF-45FC-BE44-18D83B01EAD9
Known Variants
VirusBurst is a re-branded variant of other well-known rogue anti-spyware programs, including SpywareQuake, SpyFalcon, SpywareStrike, SpySheriff, SpyHeal and many other pseudonyms.
External links
|
Spyware
infects over 80% of all PCs.
Your PC could be infected with Spyware! |
- Non-profit Malware Process Library - Non-profit website that list most known Spyware Process names.
- How Spyware And The Weapons Against It Are Evolving
- Windows System Update - Latest bug fixes for Microsoft Windows
- Manual Removal Instructions for Smitfraud - Learn how to remove Smitfraud.
- McAfee Threat Center - Library of detailed information on viruses.
- Remove Smitfraud - Easy Smitfraud removal steps. Parasite database on how to remove spyware and rogue anti-spyware programs.
|
