Flrman1
Thread Starter
- Joined
- Jul 26, 2002
- Messages
- 46,349
This fix is posted here primarily as a reference for those who are experienced with helping on the forums with these infections. If you are a victim of this infection, It is not recommended that you attempt to fix this on your own. Before you attempt anything, post your Hijack This log in the Security forum and wait for help from one of our experienced helpers.
The following fix provided by noadhfear will work to remove all of these:
AntiVirusGold
Smitfraud
SpySheriff
Note: The smitRem fix will work on 9x systems also, but ewido will only work on XP/2K systems. In noahdfear's original fix he had Adaware included in the fix, but I've found that the smitRem fix and ewido alone work fine. For 9x systems you should use Adaware instead of Ewido.
For XP/2k systems:
The following fix provided by noadhfear will work to remove all of these:
AntiVirusGold
Smitfraud
SpySheriff
Note: The smitRem fix will work on 9x systems also, but ewido will only work on XP/2K systems. In noahdfear's original fix he had Adaware included in the fix, but I've found that the smitRem fix and ewido alone work fine. For 9x systems you should use Adaware instead of Ewido.
For XP/2k systems:
For 98/ME systems:* Click here to download smitRem.exe.
- Save the file to your desktop.
- It is a self extracting file.
- Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
- Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
* Download the trial version of Ewido Security Suite here.
- Install ewido.
- During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- Launch ewido
- It will prompt you to update click the OK button and it will go to the main screen
- On the left side of the main screen click update
- Click on Start and let it update.
- DO NOT run a scan yet. You will do that later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know how.
* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.
* Restart your computer into safe mode now. Perform the following steps in safe mode:
* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
* Run Ewido:
- Click on scanner
- Click Complete System Scan and the scan will begin.
- During the scan it will prompt you to clean files, click OK
- When the scan is finished, look at the bottom of the screen and click the Save report button.
- Save the report to your desktop
* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.
* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar.If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.
* Restart back into Windows normally now.
* Run ActiveScan online virus scan here
When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!
Post a new HiJackThis log along with the results from ActiveScan and the ewido scan
I am attaching my canned fixes for you with all the code tags. Mine is slightly different than the original posted by noadhfear, but not much. Feel free to save it and use it.* Click here to download smitRem.exe.
- Save the file to your desktop.
- It is a self extracting file.
- Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
- Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
* Go here and download Ad-Aware SE.
- Install the program and launch it.
- First in the main window look in the bottom right corner and click on Check for updates now
- Click Connect and download the latest reference files.
- Do not run Adaware yet. Just download the updates and have it ready to run later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know how.
* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.
* Restart your computer into safe mode now. Perform the following steps in safe mode:
* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
* Now launch Adaware:
- From main window click Start then under Select a scan Mode tick Perform full system scan.
- Next deselect Search for negligible risk entries.
- Now to scan just click the Next button.
- When the scan is finished mark everything for removal and get rid of it.
- Right-click the window and choose select all from the drop down menu and click Next
* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.
* Next go to Control Panel > Display. Click on the "Web" tab. Under "View my Active desktop as a web page" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button.
Remove the check by "View my Active desktop as a web page".
Click OK then Apply and OK.
* Restart back into Windows normally now.
* Run ActiveScan online virus scan here
When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!
Post a new HiJackThis log along with the results from ActiveScan
Attachments
-
3 KB Views: 381
-
2.8 KB Views: 430