Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New sysguard Rogue called Smart Fortress 2012


  • Please log in to reply
29 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:30 AM

Posted 27 February 2012 - 07:01 PM

There is a new rogue from the Rogue.Sysguard family called Smart Fortress 2012. This is the most aggressive variant I have ever seen from this family and I have seen them all. I am currently working on some samples and trying to get a solution put together for you.If you are infected with this malware, you obviously know it is very difficult to remove. This particular variant kills every executable I have thrown at it so far, starts before your Desktop shows, and starts in safe mode. Don't worry, though, a solution will be created and you will be able to fix your computer soon enough. If you do have access to your desktop, you can attempt to run your security software by right clicking on the icon and select to Run the program as an Administrator. This will allow the program to run. Stay tuned!

Update @ 8:33PM EST: Wrote a formal removal guide that can be used here:

Remove Smart Fortress 2012 (Uninstall Guide)


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:30 AM

Posted 27 February 2012 - 07:19 PM

Almost there all!

For now, restart into safe mode and login as Administrator.

Start Internet explorer and download the following files:

Download http://download.bleepingcomputer.com/reg/FixExe.reg and save it to the C:\ folder.
Download http://download.bleepingcomputer.com/grinler/iExplore.exe and save it to the C:\ folder

Log off, and still in safe mode, log in as your infected user.

Navigate to the C:\ folder where you saved the reg file, FixExe.reg, and double-click on it. Allow the data to be merged.

Run rkill renamed as iExplorer.exe, that should be in your C:\ folder, and let it kill the Smart Fortress process. May need to do this a few times.

When the Smart Fortress is killed, dont start any programs, and double-click on the FixExe.reg file one more time and allow it to merge.

Reboot into normal mode.

Download your favorite security program and clean up the mess.

MBAM should soon, if not already, be able to clean it!

If at any time smart protection start when you try one of the above steps...just double-click and merge the FixExe.reg file!


Let me know if this works for you or not.

Edited by Grinler, 27 February 2012 - 07:41 PM.
made it easier


#3 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • Members
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:05:30 AM

Posted 27 February 2012 - 07:58 PM

Thanks for keeping on top of all these nasties, Grinler! :clapping:
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web

#4 cwq1

cwq1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 27 February 2012 - 08:21 PM

I followed the link over to here from the thread @ the Malwarebytes.org forums.

Just wanted to let you know that I followed your directions and was successful in removing this! Thank you so much for figuring it out so quickly, I appreciate it - now I can finally leave work. That was a terrible piece of malware, geez.

#5 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:30 AM

Posted 27 February 2012 - 08:33 PM

Formal removal guide can be found here:

Remove Smart Fortress 2012 (Uninstall Guide)

Feel free to post if you need help.

#6 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:30 AM

Posted 27 February 2012 - 08:33 PM

I followed the link over to here from the thread @ the Malwarebytes.org forums.

Just wanted to let you know that I followed your directions and was successful in removing this! Thank you so much for figuring it out so quickly, I appreciate it - now I can finally leave work. That was a terrible piece of malware, geez.


Glad we could help and thanks for letting us know the solution worked!

#7 normysama

normysama

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 27 February 2012 - 08:53 PM

I followed the link over to here from the thread @ the Malwarebytes.org forums.

Just wanted to let you know that I followed your directions and was successful in removing this! Thank you so much for figuring it out so quickly, I appreciate it - now I can finally leave work. That was a terrible piece of malware, geez.


Same situation for me except I linked in from Bing, Thanks a million!

#8 normysama

normysama

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 27 February 2012 - 09:00 PM

Your Brilliant! The fix worked for me also! But I had to no internet access in safe mode (Win XP) and had to transfer the files in via flash drive. Glad I am at my office to be able to do so.

You are very appreciated! I wish I had found this forum about a year ago when a workstation got the "Internet Security 2011" malware. I had no choice but to fromat the drive. I could not log in to windows, even in safe mode. System restore was ineffective. It sucked!

Now I have a great place to turn.

-Tax Slave

#9 cornologist

cornologist

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 28 February 2012 - 12:00 AM

Thank you so much for this, a real lifesaver. Glad there's somebody who can get solutions out there quickly.

#10 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:30 AM

Posted 28 February 2012 - 08:36 AM

Glad we were able to help!

#11 Allen

Allen

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:30 AM

Posted 28 February 2012 - 08:45 AM

Grinler your the malware's worst nightmare good job :D

Edited by firemaster1337, 28 February 2012 - 08:49 AM.

Hey everyone I'm Allen I am a young web developer/designer/programmer I also help people with computer issues including hardware problems, malware/viruses infections and software conflicts. I am a kind and easy to get along with person so if you need help feel free to ask.

#12 plconey

plconey

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 28 February 2012 - 12:32 PM

Found it Fixed it Thanks. Also had reg keys that began with FD4655 that had to be removed. It also turned off my System Restore, removed my restore points and turned off Auto Updates.

#13 Gene Wilbourn

Gene Wilbourn

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 28 February 2012 - 08:21 PM

Trying to download and save the iExplorer.exe but everytime I click the link it wants to run with no option to save it. I'm trying to save it to a flash drive to assist a friend tomorrow.
Any thoughts/suggestions....
Thanks..

Edited by Gene Wilbourn, 28 February 2012 - 08:25 PM.


#14 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,590 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:30 AM

Posted 28 February 2012 - 08:58 PM

What browser are you using? It should prompt you for the location you wish to save it to .

#15 Gene Wilbourn

Gene Wilbourn

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 28 February 2012 - 10:13 PM

Chrome, I'll tgry it in IE and let you know... Thanks...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users