Please download SmitfraudFix
Open the file and it will extract the contents (a folder named SmitfraudFix) to your Desktop.
Please reboot your computer into Safe Mode
This is done by rebooting Windows and pressing F8
at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.
Once in Safe Mode, open the SmitfraudFix
Select option #2 - Clean
by typing 2
and press "Enter
" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y
and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll
is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y
and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process, in case we need it later on.
The report can also be found at the root of the system drive, usually at C:\rapport.txtWarning
: running option #2 on a non infected computer will remove your Desktop background.
If this does not solve your problem, download and run HijackThis:HijackThis Download Site
Once it is downloaded, extract the zip file to C:\HJT
and navigate to the C:\HJT folder.
Now double-click on HijackThis.exe
Put a checkmark in the box at the bottom that states Don't show this frame again when I start HijackThis
Then click on the button labeled None of the above, just start the program
You will now be presented with the main HJT screen.
Press the Scan
button and then when it is done, the Save Log
Then post the HijackThis log, along with the contents of C:\rapport.txt in a new topic
in our HijackThis Logs and Analysis
forum, so you can recieve help from a member of the team on how to remove this malware.
Edited by rookie147, 19 June 2007 - 02:35 AM.