Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SmitFraudFix


  • Please log in to reply
5 replies to this topic

#1 tnl

tnl

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 10 December 2010 - 02:42 AM

I am using Windows XP on this PC. I have two questions concerning SmitFraudFix. When I update, I get a message the "old policies.exe could not be removed". Is this a problem? What do I need to do? The second problem is a message I get when first starting the program. The message lasts for about 1 sec, so I can not give the complete message, which includes "VBSscript Runtime error Invalid Procedure". Any help with this would be appreciated. Repeated downloads do not correct the problem (even with antivirus and firewall shut down during the download and installation).

Edit: Moved topic from All Other Applications to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:17 PM

Posted 10 December 2010 - 05:15 PM

SmitFraudFix is a older specialized tool that was designed to remove certain rogue anti-spyware applications responsible for infecting your system. It was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware which scan individual drives or different folders on a computer for viruses. The developer no longer supports the tool and has not updated it since mid-2009 so its not effective against newer types of rogue anti-spyware programs. Further, SmitFraudFix was intended to be used under the guidance and supervision of a trained malware removal expert who can interpret the logs.

What specific issues or malware problems are you having that requires using SmitFraudFix?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 tnl

tnl
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 11 December 2010 - 01:43 AM

My main problem is my cpu gets maxed out on ocassion. I immediately thought of spyware, etc. My internet connection is DSL from Centurylink. Since I also have a laptop, I use a secure router. I run Avast for antivirus and ZoneAlarm for firewall. I also use SpyBots Search and Destroy, LavaSoft's Ad-aware, Malware Anti-malware, and Super Anti-spyware (of which, none are running on my computer. I download and install, or activate when I use them. I additionally have Registry Mechanic installed. Finally, I defrag regularly. The only thing that seems to correct the cpu problem. I have had to reinstall windows. The computer works fine for a while, but then the cpu problem reappears.

Any suggestions? I'm a retired chemist with normal+ computer experience.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:17 PM

Posted 11 December 2010 - 08:38 AM

The first thing you need to do is to identify the process causing the high CPU utilization and where it is running from. While you can use Windows Task Manager, it does not provide much information to trace the source of a questionable process.

If you're not finding any malware, there are tools which you can use to investigate running processes in real-time. By using them you can gather information to identify each process, where it is located and determine which one is consuming resources:-- These tools will provide information about each process, CPU usage, file description and its path location.
-- System Explorer provides a security check of running processing using their online security database when you first launch the program. If you want process the initial scan, press the "Start Security Check" button. Keep in mind, that the check is not a guarantee of what is or is not detected as malware. Further investigation is always recommended. At the Security Check page you can also check the file through the VirusTotal database by pressing the Check MD5 button.


Anytime you come across a suspicious file or one that you do not recognize, search the name using Google <- click here for an example.

Or search the following databases:If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to one of the following online services that analyzes suspicious files:In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.


I additionally have Registry Mechanic installed

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

:step1: Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

:step2: Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

:step3: Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

:step4: Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

:step5: The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 tnl

tnl
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 12 December 2010 - 02:46 AM

Thanks for the time and info. I will try your suggestions and post when done. To address one of your concerns. I never run any "maintenance" programs without creating a backup, and that includes RegistryMechanic. Off the top of my head, svchost.exe seems to show up multiple times (I just checked and there are 6 svchost.exe's currently running).But, let me look at the total picture.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:17 PM

Posted 12 December 2010 - 08:46 AM

Not a problem.


Svchost.exe is a generic host process name for a group of services that are run from dynamic-link libraries (.dll's) and can run other services underneath itself. This is a valid system process that belongs to the Windows Operating System which handles processes executed from .dll's. It runs from the registry key, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost where details of the services running under each instance of svchost.exe can be found. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. It is not unusual to find multiple instances of Svchost.exe running at the same time in Windows Task Manager in order to optimize the running of the various services.
  • svchost.exe SYSTEM
  • svchost.exe LOCAL SERVICE
  • svchost.exe NETWORK SERVICE
Each Svchost.exe session can contain a grouping of services, therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging. The process ID's (PID's) are not static and can change with each logon but generally they stay nearly the same because they are running services all the time. The PID's must be checked in real time to determine what services each instance of svchost.exe is controlling at that particular time.

Determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file like svchost.exe. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. The legitimate Svchost.exe file is located in the C:\WINDOWS\system32\ folder.

Another technique is for the process to alter the registry and add itself as a service or startup program as shown here and here so that it can run automatically each time the computer is booted. If svchost.exe is running as a startup (shows in msconfig), it can be bad as shown here and here. Always make sure the spelling is correct. If it's scvhost.exe, then your dealing with a Trojan.

Tools to investigate running processes and gather additional information to identify them and resolve problems:-- These tools will provide information about each process, CPU usage, file description and its path location.

-- System Explorer provides a security check of running processing using their online security database when you first launch the program. If you want process the initial scan, press the "Start Security Check" button. Keep in mind, that the check is not a guarantee of what is or is not detected as malware. Further investigation is always recommended. At the Security Check page you can also check the file through the VirusTotal database by pressing the Check MD5 button.


-- Process Explorer shows two panes by default: the upper pane is always a process list and the bottom pane either shows the list of DLLs loaded into the process selected in the upper pane, or the list of operating system resource handles (files, Registry keys, synchronization objects) the process has open. In the menu at the top select View > Lower Pane View to change between DLLs and Handles.

Edited by quietman7, 12 December 2010 - 08:49 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users