Hello george_gr8, NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Also delete C:\rapport.txt
Please download SmitfraudFix Disable Windows Defender
and Spyware Doctor
before running SmitFraudFix.To disable Spybot's Teatimer:
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any promptsTo disable Spyware Doctor from running on your system startup:
1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background.
2. Click the "Settings" button on the left side.
3. Click the "Startup Settings" link.
4. Uncheck "Run at Windows Startup".
5. Click the "Apply" button.Note
: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm
You should print out these instructions, or copy them to a Notepad
file for reading while in Safe Mode
, because you will not be able to connect to the Internet to read from this site.
Please reboot your computer in Safe Mode
by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean
by typing 2
and press "Enter
" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y
and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll
is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y
and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process.
Please copy/paste the content of the SmitfraudFix report
into your next reply along with a new HijackThis log
. DO NOT
attach your logs, as that makes it hard to read.
The SmitfraudFix report
can also be found at the root of the system drive, usually at C:\rapport.txt Warning : running option #2 on a non infected computer will remove your Desktop background
Edited by SifuMike, 18 April 2008 - 09:20 PM.