Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • This topic is locked This topic is locked
7 replies to this topic

#1 IdolTaz


  • Members
  • 1 posts
  • Local time:04:10 AM

Posted 09 April 2008 - 10:00 AM

My computer got infected with the smithfraud-c thought that I had gotten rid of it then I keep getting pop up that says computer is infected with worm.win32.netbooster click ok to remove infection. How can I get rid of this annoying spyware?

BC AdBot (Login to Remove)


#2 rookie147


  • Members
  • 5,321 posts
  • Local time:09:10 AM

Posted 09 April 2008 - 05:06 PM

Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Download SmitfraudFix (by S!Ri)
Open the file and it will extract the contents (a folder named SmitfraudFix) to your Desktop.

Download AVG Anti-Spyware to your Desktop.
Start the set-up program by double clicking the installer.
Follow the on screen instructions to install the program, making sure that "Launch AVG Anti-Spyware" is checked.
Click the Update tab then select Start update; a progress bar will show the updates being installed.
Now press the Scanner icon, and click the Settings tab.
Click Recommended actions, then set it to Quarantine.
Close the programme now, we will scan with it later on.

Reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Launch AVG Anti-Spyware by double clicking the icon on your Desktop.
Press the Scanner icon.
Then click on the Complete System Scan button.
If any infections are found, you will be asked for an action; select Apply all actions.
Now press the Reports icon at the top.
Choose Save report as and save the text file to your Desktop.
Please post this log in your next reply.

Open the SmitfraudFix folder again.
Double-click smitfraudfix.cmd.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.

Please include rapport.txt, in your next reply, along with the AVG report.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image

#3 Haplo1


  • Members
  • 1 posts
  • Local time:03:10 AM

Posted 23 April 2008 - 10:57 PM

Download SmitfraudFix (by S!Ri)

DO NOT DOWNLOAD this Smitfraudfix.exe. This is infected with the trojan, Trj/rebooter.J

You sure live up to your name, "rookie". Unless your advice to install that infected program was intentional.

My advice to all of you is stop trying to be so cheap with all of this "free spyware removal" software that actually contains spyware and other malicious programs, and buy a REAL anti-spyware/virus program! Norton AV and McAfee are complete junk and will do little to nothing to protect you. Even Trend Micro, who used to be the best is slipping. The only program I trust is Panda located at http://www.pandasoftware.com. It is resource intensive, but there really is nothing out there that can even match it.

By the way... "Free Software" that you find on the internet is never free. They get paid one way or another. The way these people get paid is to sell your information. This is accomplished by selling the information gained from your registration on their site and/or by packaging spyware with their so-called "anti-spyware" that will send your browsing and shopping habits (and who knows what else ... possibly your sensitive identity info) back to them which also has a substantial monetary value.

Hopefully some of you will have read this before it gets deleted. Be very wary of what you read on the internet, and don't do anything, or install anything someone tells you to without consulting a professional first. Nameless, faceless, anonymous people on the internet aren't to be considered professionals.

Edited by Haplo1, 23 April 2008 - 10:59 PM.

#4 groovicus


  • Security Colleague
  • 9,963 posts
  • Gender:Male
  • Location:Centerville, SD
  • Local time:02:10 AM

Posted 25 April 2008 - 02:21 PM

Haplo1, I am pretty sure that you didn't mean to intentionally be insulting, but perhaps a little explanation about how things work around here are in order. It is apparent that you do not realize that there are some websites where people can get help for free, and that there are people willing to spend their free time trying to help others live a malware free existence. Consider Rookie, whom you just insulted, has 4.386 posts. Now lets consider that each one of those posts took 5 minutes to respond to. Dividing that back into hours, that ends up being nearly an hour a day, every day, for the last year that Rookie has given of their own free time.

I know in reality, that Rookie has spent way more time than that. How do I know? Because Rookie has a special tag under their name; "HJT Team". Not that I would expect you to know, but that tag indicates that Rookie has gone through some very special training, and would not even be allowed to help out here at all if it were not for the fact that they completed their training. We have a very dedicated and caring group of coaches that will not allow anyone to graduate from our classroom unless they stand up to very intense scrutiny. We (and other sites like this one) have high standards, and have spent many years making Bleeping Computer one of the premiere free help sites on the Internet. If you don't believe me, you can look around the net yourself. We are featured on several sites, and have appeared in both online mags and printed media as go-to sites.

Another thing you probably don't know is that at any given point, we are actively helping 300-500 people with malware related issues, and probably another 200 people with various other hardware and software related issues. You may also notice that nobody is going out of their way to solicit donations, or pushing any particular piece of software. You may also notice that we do not allow novice users to try and give help, at least until they have proven themselves. You might also take the time to look and see that we have over 177,000 members. Do you suppose we got those sort of numbers by selling our members emails, or by not delivering the sort of service that we claim to provide?

I should also mention that along with all of our volunteers that spend their free time helping out, there are other individuals that use their talents to create tools to help us help our members keep their machines in tip-top shape. Those applications are all open source to the malware fighting community, and undergo scrutiny before being accepted as a valid tool. Smitfraudfix is one of those tools. I wouldn't expect you to know that though.

I can understand that maybe you went to an inferior site and got poor help, or tried to fix a problem on your own and downloaded a tool from a non-sanctioned website. If that is the case, then you should really consider that not all sites are the same. There really are people that care and are willing to donate their time. Thousands of them in fact. And I think you owe all of them an apology.

#5 lizziewriter


  • Members
  • 1 posts
  • Local time:04:10 AM

Posted 28 April 2008 - 07:57 AM

Hi.... I am working on my son's PC and he also has once again gotten this smitfraud thing. I've found help here before and plan to use your instructions again, but I am wondering if there is anything you could suggest that we might keep running to reduce the incidence of these occurrences. He's 12, and I suspect that his ambition will outstrip his common sense often as we hit the teen years. We do run TrendMicro, and when we remember we run Ad-Aware. I am thinking of upgrading to the paid version of Ad-Aware.

P.S. We had taken AVG back off his PC after the last fix, because it seemed to hang up his email or cause other problems. It did say when we downloaded it that it wasn't a good idea to run it with other antivirus programs. Should we use AVG instead of TrendMicro? Is there a way to set them up so they will run nicely together? I'll be re-downloading it again now to complete the fix again.

Keep up the good work. best, Lizzie

Edited by lizziewriter, 28 April 2008 - 08:02 AM.

#6 ChicagoUser


  • Members
  • 2 posts
  • Local time:03:10 AM

Posted 05 May 2008 - 12:06 PM

Hi....I'm having the same problem with this worm.win32.netbooster. Everything the same as the OP said about his problem. I followed the steps described above, and when I logged on in safe mode, I could only scan using command line, so I couldn't follow most of the steps. But with using common sense - I hope I'm right - when you log back in normal windows mode, you can check the vault to see the results of the scanning. My problem is I interrupted the scanning once because it took a long time - over than 4 hours. I restarted scanning today at 7:00 a.m. and now it's noon and it's still running. How long does the scanning take? I don't know if I'm doing something wrong or it usually takes that long? and once I'm done, how do I make sure that it's completely clean?

I would really appreciate any help/feedback!!

- I'm using Windows XP SP2

#7 ruby1


    a forum member

  • Members
  • 2,375 posts
  • Local time:09:10 AM

Posted 05 May 2008 - 02:58 PM


This is infected with the trojan, Trj/rebooter.J

if you have somehow taken a download from an unsafe site and have gotten infected with the trojan you mention if you start your own thread you can be given assistance and guidance on how to clean up :thumbsup:

#8 garmanma


    Computer Masochist

  • Members
  • 27,809 posts
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:10 AM

Posted 05 May 2008 - 04:09 PM

We have 3 different posters seeking help on what they believe is the same problem. This is called "Highjacking a thread". Some consider this impolite. but the main problem is that, while similar, there might be different problems involved. It also causes confusion for those who respond. Seeing how the original poster hasn't responded in a month, I'm closing this topic and suggest that you start your own threads saying what problems you are having and what you have done so far

Edited by garmanma, 05 May 2008 - 04:23 PM.

Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users