SmitfraudFix is not a virus or malware. It is a tool to detect and remove smitfraud infections. However, certain files that are part of the tool, such as process.exe, restart.exe, SmiUpdate.exe, ws2fix.exe, iedfix.exe and reboot.exe, may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool
", "Hacking tool
", "Potentially unwanted tool
", or even "malware (virus/trojan)
" when that is not the case.
These detections do not necessarily mean the file is malware or a bad program. It means it has the potential
for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove
them. In these cases, the detection is a "False Positive
Anytime you come across a suspicious file, search the name using Google or the following links:BC's File DatabaseBC's Startup Programs DatabaseFile Research CenterThreatExpert Malware SearchIf no search results are found, you are given the option to "Submit a New Sample".
Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click
on the file, Properties
and examine the General and Version tabs.
You can download and use Proces Explorer
, AnVir Task Manager Free
or System Explorer
to investigate all running processes and gather additional information to identify and resolve problems. These tools will show the process CPU usage, a description and its path location
. If you right-click on the file in question and select properties, you will see more details about the file.
If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan
. In the "File to upload & scan
" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
Post back with the results of the file analysis.
I have copies of Security.dll in these locations:
System.Security.dll is located in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727