Hi,
Included in all the authorized security helpers here at TSG's replies where SmitFraudfix is being used, is this:
Please download
SmitfraudFix (by
S!Ri)
Have the file
Saved To> your Desktop, change the location while the File Download box is up
by using the drop-down arrow....go to Desktop at the very top of the list> make it the location the file downloads TO.
Double-click
SmitfraudFix.exe
Select option #1 -
Search by typing
1 and press "
Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
_ __
Open the
SmitfraudFix folder and double-click
smitfraudfix.cmd
Select option #1 -
Search by typing
1 and press "
Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note :
process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm
_______________________
Second Part of Smitfraudfix:
Copy these steps to a Notepad text file and save it as steps.txt to your desktop, or print them, as you will not be able to get online while working in Safe Mode (and, please do
not use Safe Mode with Networking for this fix!)
Next, please reboot your computer in
Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Once in Safe Mode, open the
SmitfraudFix folder again and double-click
smitfraudfix.cmd
Select option #2 -
Clean by typing
2 and press "
Enter" to delete infected files.
You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "
Yes" by typing
Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if
wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing
Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at
C:\rapport.txt Warning: running option #2 on a non infected computer will remove your Desktop background.
_ _ _ _ _ _ _ _ ____
Note the part about antivirus programs detecting SMFix's files...it's very common as they are detected because of what the antivirus program detects that the files
DO
Detections like this are called
False Positives or false detections.
Note also> you need to be prepared to put back your background/wallpaper if the computer is NOT infected SMFix will remove it
anyway....
Login 
General Security 
