Welcome to Bleeping Computer
You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix
) to your Desktop. Do not run it yet.
Please download, install, and update the free version of Ewido Anti-Malware
- When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- When you run Ewido for the first time, you might get a warning "Database could not be found!". Click OK. We will fix this in a moment.
- From the main Ewido screen, click on update in the left menu, then click the Start update button.
- After the update finishes, the status bar at the bottom will display "Update successful"
- Exit Ewido. DO NOT run a scan yet.
Next, please reboot your computer in Safe Mode
by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Once in Safe Mode, open the SmitfraudFix
folder again and double-click smitfraudfix.cmd
Select option #2 - Clean
by typing 2
and press "Enter
" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y
and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll
is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y
and press "Enter".
The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
After SmitfraudFix finishes (and after a reboot if required), please open Ewido. (If a reboot is required, please boot BACK into Safe Mode.)
- Click on Scanner
- Click on Complete System Scan and the scan will begin.
- If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
- When the scan is finished, click the Save report button at the bottom of the screen.
- Save the report to your desktop
- Close Ewido
Then please restart it into Normal Windows. Please post the contents of the SmitfraudFix log located at C:\rapport.txt
into this thread, along with the Ewido report and a new HijackThis log.