and welcome to Bleeping Computer!STEP 1
and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.
Now, please reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select safe mode from the list. However, if this does not work, please follow the tutorial here
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.STEP 2
Download SmitfraudFix (by S!Ri)
to your Desktop.http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix
will be created on your Desktop.Reboot into SAFE MODE again.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd
file to start the tool.
Select option #2 - Clean
by typing 2
and press Enter
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?
" answer Yes
by typing Y
and hit Enter
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes
to the question "Replace infected file ?
" by typing Y
and hit Enter
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
Let me know how you get on with this removal, and if necessary, a member of the HijackThis team can guide you through it..
I also wish you the best of luck in removing this nasty malware.