How
Did My
Computer Become Infected with a SmitFraud variant?
In many of the infected computers I've dealt with, programs like "Video Access ActiveX Object" show up in the Control Panel and are the initial infection that start the whole issue. Most of these programs when scanned with an up-to-date virus scanner are shown to be infected with viruses like Troj.Zlob.AN, which was part of the original SpyAxe trojan attack a couple years ago. These attacks have spawned over 100 different varieties of malware issues. Many times the home page is redirected to a fake "online security center" or a user will receive a popup that looks almost identical to the normal Windows Security Center but isn't. You can see a couple of these fake alerts by clicking on the images below. The popups and warnings are smokescreens and fake alerts to scare visitors into buying a spyware removal tool that may not even remove the trojan that caused the warnings in the first place. As I stated above, many of these infections were installed by a fake codec like "Video Access ActiveX Object" that installed into the Program Files directory in Windows. These files
like pmmnt.exe and pmsnrr.exe install and attach themselves to the
Windows Explorer shell so they are always resident and recreate
themselves if you try to delete them in a normal windows mode. They
hide in a registry key similar to
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] "rare"="C:\\Program Files\\Video Access ActiveX Object\\pmsnrr.exe" HijackThis will show various problem files, a typical Hijackthis log infected with this issue will look similar to this: The problematic lines are in bold. You'll notice this infected system was running Trend Micro PC-Cillian Security Suite 2007 at the time of the infection, so these downloads and infections may even fool antivirus and antispyware tools. Logfile of
HijackThis v1.99.1 What's the Best Way to Remove SmitFraud problems including PestCapture, WinAntivirus Pro 2007 and other problems? Intentionally infecting a test computer with WinAntivirus Pro 2007 and PestCapture, I have come up with a solid procedure for removing these pests. Before attempting this removal procedure, download the following removal tools to your desktop and install them.
Removal Procedure 1) Download the programs above to your desktop, extracting and install them. Once this is complete, reboot your computer in Safe Mode 2) Open the SmitRem folder and double-click on RunThis.bat to start the SmitRem removal procedure. Besides removing particular files that it looks for, the tool also runs the Disk Cleanup tool to remove temporary files on the hard drive that may contain problem files. For a Tutorial on using SmitRem click here 3) After SmitRem has finished, open SmitFraudFix and choose to search (option 1) and clean (option 2) and run a full system scan to remove anything it finds. For a tutorial on using SmitFraudFix click here 4) Double-click on MalwareBytes, install it, update it, and run it to remove misc rogue application files installed with SmitFraud 5) While still in Safe Mode, run CCleaner. Analyze and Clean files it finds, then click on the Issues button on the left side of the screen and Scan and Fix any Registry issues CCleaner discovers. Run both the Registry Scanner and the File Analyzer until nothing else is found. 6) Run Hijackthis and Remove any leftover issues. If you are not sure, if a line in Hijackthis is a problem, reboot in normal mode and use the Online HiJackthis Scanner to see if the file is a threat. Just copy and paste your Hijackthis log file into the scanner and let it analyze it for you. Although its not perfect, it will give you an idea if your system is clean or still needs some work. Do not delete anything with Hijackthis unless you are absolutely sure what the file is and what it does. Another great tool to use is Process Library to see if a file is a threat. For items in the Hijackthis log like the following, that will not delete manually, use KillBox to browse to the location of the file and delete it or delete it on reboot. Items that are impossible to remove unless using Killbox usually show up in the 20 section of Hijackthis. O20
- Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll 7) Reboot computer in Normal mode 8) Scan your computer with online virus scanner like Housecall, BitDefender, or eTrust or download and install an antivirus program and run a complete scan. A list of online scanners is below, some however will only scan but not remove issues. Online
Virus Checkers Trojan
Scanner Free
Antivirus Programs to Download You may also want to run a thorough scan for adware/spyware using Ad-aware SE, Spybot Search and Destroy, or Windows Defender as well to make sure your system is absolutely clean of other malware. Congratulations! Your computer should be free of the WinAntivirus Pro 2007, PestCapture, or other similar bogus spyware removal tool and problems.
Printer Friendly Version of This Page Bookmark and Share this Article on PCHELL with these Social Networks: Removal Instructions for Other Programs Spyware Removal and Other Resources Essential Tools for Removing Spyware, Adware, and Malware Rootkit Removal Tools and Help How to Delete Undeleteable Files Review of Free Registry Cleaner How to Manually Run the Microsoft Malicious Software Removal Tool How to Remove Windows Diagnostic or Windows Restore malware Bargain Buddy Removal Instructions and Help Click2FindNow and I-Lookup Removal Electronic Greeting Card Virus - MSDATAACCESS.EXE Removal Instructions and Help Powered by Zedo Popup Ad Removal Instructions and Help Search and Destroy Removal Instructions and Help Spyaxe, Spy Trooper, Spy Sheriff, Brave Sentry and Similar Removal Instructions and Help TheSpyBot Removal Instructions and Help Spam Blocker Utility Removal Instructions and Help DriveCleaner Removal Instructions and Help Alfacleaner Removal Instructions and Help Spylocked Removal Instructions and Help AntivirusGolden Removal Instructions and Help VirusProtectPro Removal Instructions and Help UltimateDefender and UltimateCleaner 2007 Removal Instructions and Help VirusRescue Removal Instructions and Help PestCapture Removal Instructions and Help SystemDoctor 2006 Removal Instructions and Help How to Fix Task Manager disabled by your Administrator How to Fix Problem Changing Desktop Wallpaper How to Remove SmitFraud Variants like WinAntivirus Pro 2007 and PestCapture SurfSideKick Removal Instructions and Help How to Remove Zango Search Assistant and Toolbar About:Blank Homepage Hijacker Removal Instructions and Help Kazaa Removal Instructions and Help How to Disable Windows XP Security Alert Balloons and Notifications res://random.dll Homepage Hijacker Removal Instructions and Help IBIS Web Search (websearch.com) Removal Instructions and Help Open Search Web (Lop.com) Removal Instructions and Help UPDMGR.EXE Removal Instructions and Help FCADVICE.EXE Removal Instructions and Help U3 Smart Drives - What are they and how to remove U3 Dubolom.com Homepage Hijacker Removal Instructions and Help DSO Exploit Removal Instructions and Help FastSearch.cc Homepage Hijacker Removal Instructions and Help My Web Search Removal Instructions and Help Cursor Mania Removal Instructions and Help Fun Buddy Icons Removal Instructions and Help Smiley Central Removal Instructions and Help My Mail Stamps Removal Instructions and Help My Mail Stationery Removal Instructions and Help My Mail Signatures Removal Instructions and Help Fun Web Products Popular Screensavers Removal Instructions and Help Webfetti Removal Instructions and Help What is PDF Spam and Does it Contain Viruses Hugesearch.net Homepage Hijacker Removal Instructions and Help Search-Space.com and Start-Space.com Homepage Hijacker Removal Instructions and Help How to Remove Global-Finder.com Homepage Hijacker Huntbar and Search Toolbar Info and Removal Look2Me Removal Instructions and Help Lookfor.cc (res://mshp.dll/index.html) Homepage Hijacker Removal Instructions and Help MaximumSearch.net Homepage Hijacker Removal Instructions and Help Ncase Removal Instructions and Help People OnPage Toolbar Info and Removal SearchMyRequest.com Homepage Hijacker Removal Instructions and Help Smartsearch.ws Homepage Hijacker Removal Instructions and Help SysUpd.exe (TSCash) Removal Instructions and Help Ezula TopText (yellow underlined links) Removal Instructions and Help How to Remove SpeedBlaster and MemoryMeter TopRebates and WebRebates Removal Instructions and Help Twaintec.dll Removal Instructions and Help Viewpoint Removal Instructions and Help WildTangent Removal Instructions and Help |
Tools for Removing Spyware, Adware, and Malware PC HELL Welchia (Dllhost.exe and SVCHost.exe) Worm Removal Uninstall Antivir Instructions How to Manually Run the Microsoft Malicious Software Removal Tool Bloodhound.Exploit.6 Virus Removal Backdoor SDBot.H Trojan Removal
iPadastic - News, Tutorials, Help, Tips, and Hints for the iPad Download Hoyle Games |
Recommended Software for PC Hell Visitors | |||||
Malwarebytes Anti-Malware |
iolo System Mechanic® |
Emsisoft Anti Malware |
|||
Search PCHELL.COM |
|