Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Help Please.

  • Please log in to reply
1 reply to this topic

#1 Recy101


  • Members
  • 1 posts
  • Local time:04:53 AM

Posted 15 December 2007 - 03:05 PM


Today, as i do most days, i booted up my PC and went on some games with my mates. But everytime i hit a loading screen, my PC froze, and i needed to turn it off. So, for the fiurst few times i thought its was just serverside, so iwent to a new server, and bang, its hapens agian. So getting a little tired of restarting my PC over and over, i did a scan with Spyware Doctor, and it came up with Trojan.FakeAlert. I had no idea what this was, so i googled it and found some helpsites. All of them had a differant programme that they said would detect and remove it, but none of them came up with it, apart from one which came up with NeoTurk RAT. Reading the description of what these things do scares me a little. Ive done a scan with over 6 programmes and only two have come up with anything significant, but neither of them remove it.

- CounterSpy V2 - NeoTurk RAT - ignored.
- Spyware Doctor - Trojan.FakeAlert - Doesn't remove.
SpyHunter3 didn't find the trojan or the NeoTurk thing.
Norton didn't find either of them.
Ad-aware didn't find anything.
AVG and AVG spyware didn't find anything.

I got the HiJackThis log if its needed.

Edited by Recy101, 15 December 2007 - 03:20 PM.

BC AdBot (Login to Remove)


#2 rookie147


  • Members
  • 5,321 posts
  • Local time:05:53 AM

Posted 15 December 2007 - 03:52 PM

Hello there and welcome to Bleeping Computer.
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Download SmitfraudFix (by S!Ri)
Open the file and it will extract the contents (a folder named SmitfraudFix) to your Desktop.

Reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Once in Safe Mode, open the SmitfraudFix folder again.
  • Double-click smitfraudfix.cmd.
  • Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
  • You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
  • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
  • The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
  • A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
  • The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Please include rapport.txt in your next reply with the SUPERAntiSpyware Log.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users