Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud-c.generic


  • Please log in to reply
6 replies to this topic

#1 Groffeaston

Groffeaston

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:12:04 AM

Posted 12 January 2008 - 12:03 AM

Hello Everyone!!

As my luck keeps going downhill this year. I was updating Spybot and my computer notified me that one of the updates was corrupted, and that I should immediately scan my computer.

And after scanning my computer with Spybot, this is what I found:
Smitfraud-C.generic: [SBI $567DA25A] Executable (file)
C:\Windows\main_uninstaller.exe

What should I do? Should I try and use Spybot to remove this? Should I try and use McAfee if it detects it? or Windows Defender if it detects it? or Some other program that can permanently remove it?

I have not tried to remove it yet with Spybot because I am waiting to see if my other programs detect it, And also find out from you people here, what you recommend I should do!

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 22,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 PM

Posted 12 January 2008 - 04:46 AM

Try the instructions here.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,341 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:04 AM

Posted 12 January 2008 - 09:52 AM

Smitfraud.C is Spybot S&D's name for a type of Vundo/Conhook infection. However, main_uninstaller.exe is a file related to a smitfraud infection.

If your using Win XP or 2000, Please print out and follow the generic instructions for using "SmitfraudFix".
If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated!
-- If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive (usually C:\), and run it from there.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#4 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:12:04 AM

Posted 12 January 2008 - 11:26 PM

Well here is an update.

My McAfee and Windows Defender Never ever picked it up on the scans. But when I ran the Spybot it picked it up. So I tried the fix-it feature. Then rescanned the computer with all three. Spybot picked up:
Microsoft.Windows.Security.InternetExplorer:[SBI $A3433CBF] Settings (Registry change)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe

But the other two programs did not pick it up. My MSN Hotmail homepage screen frooze up. But the other two windows did not. So I tried the fix-it feature again. I rechecked my computer again today. Guess waht showed up. Not the Smitfraud-C.generic like I thought would happen, but the other problem. So I again tried the fix-it feature on Spybot. It reappeared again. Then I tried the Fix-it feature agin. This time it is not there. Will it be there when I turn my computer back on?

So It looks like it might be gone. Hopefully! Is there any way to be 100% positive that it is?

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,341 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:04 AM

Posted 13 January 2008 - 08:23 AM

The Security.sbi (Windows.Security.InternetExlorer) file set entry was added to Spybot's 2006-8-11 updates due to the fact that some downloaded toolbars were found to alter that setting which can affect a users "My Computer Zone" settings. When the .sbi file is updated, Spybot will notify you about the registry change. See the discussions here and here.

When inquiring about Spybot scans, you should always post a complete log of the actual detections received.

Did you search C:\Windows for the presence of main_uninstaller.exe?
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#6 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:12:04 AM

Posted 14 January 2008 - 02:33 AM

hello,

I did print out a report of the scan before I did the Fix-it command on the Smitfraud-C.generic and then did the same on the other problem with the Microsoft.Windows.Security.InternetExplorer problem. I just now checked to make sure that the windows main unistall.exe was gone and it is.

I cut and pasted it onto here.

Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Settings (Registry change, nothing done)
HKEY_USERS\S-l-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\InternetExplorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOC KDOWN\iexplore.exe
CouponBar: [SBI $EFE6495E] Class ID (Registry key, nothing done) HKEY_CLASSES_ROOT\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
CouponBar: [SBI $CB95FB49] Class ID (Registry key, nothing done) HKEY_CLASSES_ROOT\CLSID\{A85A5E6A-DE2C-4RE-99DC-F469DF5AOEEC}
CouponBar: [SBI $51FE8B2E] Root class (Registry key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.l
CouponBar: [SBI $51FE8B2E] Class ID (Registry key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
CouponBar: [SBI $7A5ACBCB] Interface (Registry key, nothing done) HKEY_CUSSES_ROOT\Interface\{6E780FOB-BCD6-40CB-B2DB-7AF47AB4D4A4}
CouponBar: [SBI $7B15781E] Interface (Registry key, nothing done) HKEY_CLASSES_ROOT\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}
CouponBar: [SBI $E3788A7B] Type library (Registry key, nothing done) HKEY_CLASSES_ROOT\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}
Smitfraud-C.generic: [SBI $567DA25A] Executable (File, nothing done) C:\Windows\main_uninstaller.exe
Spybot - Search & Destroy version: 1.5 (build: 20070830)
2007-08-31 blindman.exe (1.0.0.6) 2007-08-31 SDMain.exe (1.0.0.4) 2007-08-31 SDUpdate.exe (1.0.6.4) 2007-08-31 SDWinSec.exe (1.0.0.8) 2007-08-31 SpybotSD.exe (1.5.1.15) 2007-08-31 TeaTimer.exe (1.5.0.9) 2007-10-29 uninsOOO.exe (51.46.0.0) 2007-08-31 Update.exe (1.4.0.5) 2007-08-31 advcheck.dll (1.5.3.0) 2007-04-02 aports.dll (2.1.0.0) 2007-04-02 DelZipl79.dll (1.79.5.3) 2007-08-31 SDHelper.dll (1.5.0.8) 2007-08-31 Tools.dll (2.1.2.0) 2008-01-09 Includes\Cookies.sbi (*) 2007-12-26 Includes\Dialer.sbi (*) 2008-01-09 Includes\DialerC.sbi (*) 2008-01-09 Includes\HeavyDuty.sbi (*) 2007-12-26 Includes\Hijackers.sbi (*) 2008-01-09 Includes\HijackersC.sbi (*) 2007-10-04 Includes\Keyloggers.sbi (*) 2008-01-09 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2008-01-09 Includes\Malware.sbi (*) 2008-01-09 Includes\MalwareC.sbi (*) 2007-10-24 Includes\PUPS.sbi (*) 2008-01-09 Includes\PUPSC.sbi (*) 2008-01-09 Includes\Revision.sbi (*) 2008-01-09 Includes\Security.sbi (*) 2008-01-09 Includes\SecurityC.sbi (*) 2007-11-07 Includes\Spybots.sbi (*) 2008-01-09 Includes\SpybotsC.sbi (*) 2007-11-06 Inciudes\Tracks.uti 2007-12-12 Includes\Trojans.sbi (*) 2008-01-09 Includes\TrojansC.sbi (*) 2008-12-24Piugins\TCPIPAddress.dll

I hope this is the information you were looking for?

I do not remove the couponbar because I used to use the toolbar once in a while. Though now I cannot get the toolbar to appear anymore. could that be causing some of these problems I am having?

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,341 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:04 AM

Posted 14 January 2008 - 07:55 AM

I do not remove the couponbar because I used to use the toolbar once in a while. Though now I cannot get the toolbar to appear anymore. could that be causing some of these problems I am having?

Its responsible for some of the registry alerts detected by Spybot. If its not working properly, then you may have to reinstall it. I do not like toolbars and generally recommend they be removed but that's your choice.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users