Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot Say I Have Smitfraud-c.


  • Please log in to reply
6 replies to this topic

#1 hmm

hmm

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 11 July 2007 - 10:26 PM

I ran Spybot and it detected Smitfraud-C., which I understand is a trojan. I used Spybot to remove it, rebooted, and ran Spybot again and it did not show up. However, I have read online that Spybot does not get rid of this and it is a bad thing to have on your computer (although I don't seen any other evidence of it) (except my computer may be running slow). I am wondering if there is a way to tell if I am infected. Also, I am considering reformatting my computer soon anyway--do I need to make sure I don't have Smitfraud-C. or other problem first? Any help is appreciated. Thanks.

BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:07:13 PM

Posted 11 July 2007 - 10:31 PM

The best way is to run another program such as SuperAntiSpywareand see if anything turns up. Once you have installed the program please make sure to run the complete scan, and then follow the on screen prompts to repair any problems that it finds. Dont forget to update!.

Edited by oldf@rt, 11 July 2007 - 10:33 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 hmm

hmm
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 12 July 2007 - 01:17 AM

Thanks for the help. I ran SuperAntiSpyware as you instructed, and it just turned up one tracking cookie which I had it remove/quarantine. I also ran Ad-aware, which turned up 3 privacy (but not critical items) which I removed. In addition, I did a system scan with my McAfee virus protection, and it turned up nothing (I note the McAfee on-access scanner says there have been numerous registry and file actions blocked in the last hour, but I don't know what that means). Anyway, is it safe to assume my computer is not infected and Spybot removed any trace of Smitfraud-C., or is there anyting else you would recommend doing to find out? Thanks once again for the help.

#4 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:13 PM

Posted 12 July 2007 - 06:14 AM

See Papakid's post below.

Edited by buddy215, 12 July 2007 - 08:43 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:07:13 PM

Posted 12 July 2007 - 11:30 AM

See buddy215's link it may still be in there McAfee says something is trying to change the registry if you are not doing anything, not good.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#6 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:13 PM

Posted 12 July 2007 - 07:59 PM

Just for everyone's information, Smitfraud.C is Spybot S&D's name for a type of Vundo/Conhook infection. I wish they would call it something else because it is confusing. Smitfraud is a generic description of any application/trojan that hijacks the desktop to give fake warnings that you are infected or have errors and need to download their program to fix it, only telling you later you have to pay for the fix. Vundo is associated with the rogue app Winfixer, among others, but it is a completely different infection from what is more commonly known as Smitfraud and SmitfraudFix is not designed to fix it.

As oldf@rt mentioned, if McAfee is blocking something, and knowing how Vundo works, you still have some of it active on your system--it may be crippled but at this point I believe it is best to submit a HijackThis log. Plus, as usual, Vundo is changing around some how it works so general malware scanners have a hard time keeping up.

Please click on the following link and follow all the relevant instructions for precleaning and getting a log posted:

Preparation Guide For Use Before Posting A Hijackthis Log

If you have any problems or questions at all about the Prep Guide or getting a log posted don't hesitate to post back in this topic about it. But please DO NOT post your log in this topic, start a new one in the logs forum. There is a link in the prep guide that will open a new topic in the correct forum for you, if you miss it, here it is again: start a new topic in the HijackThis Logs and Analysis Forum

When you get your log posted in the correct forum, please be patient--there are a lot of logs to look at and a lot of people in the process of being helped, but someone will get with you as soon as possible. You can post your link to your log back here and it would be a good idea to post a link to this topic, along with a description of the problem, in your new log thread.

Edit to add:
SmitfraudFix is designed to fix variants of the Zlob trojan and a few others types, but not Vundo.

Edited by Papakid, 12 July 2007 - 08:04 PM.
Added more info

The thing about people

is they change

when they walk away.--Mipso


#7 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:13 PM

Posted 12 July 2007 - 08:44 PM

Thanks for the info Papakid.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users