Smit Fraud Virus

My laptop has been infected with the Smit Fraud virus and I believe I have the virus removed but I can no longer get to my desktop.  I just get a blue window.  I can get to the task manager and manually execute some windo commands.  I can not execute Windows Explorer or Browser but I can run word.   Can someone please help!!!!!!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Aland CoonsSystems EngineerCommented:
Use F8 at powerup and boot safe mode with networking.

Get out your OS CD and Run from a command prompt (DOS windows)



I also suggest you download and run spyware software (like SpySweeper from
Rich RumbleSecurity SamuraiCommented:
If your unable to see icon's and or the start bar, then explorer.exe is likely not running. Open task manager and go to File... new task and type
explorer.exe  or if you need the full path try C:\WINDOWS\Explorer.exe
Iexplore.exe will open IE, and you can use it to browse your HD as well if explorer is being killed.

You can actually use word to browse the internet also, go to file and open, and type and word will load google as a page, and if you type in the search line and click search, you should see a google page.
How did you remove the virus?  Smitfraud is pretty difficult, and involves repairing the registry.  I just got done compiling a removal protocol from several sources - this is what I found worked best:

Before you start, get deldomains.inf from
and a registry fix from

* First of all, set the system to view hidden/system files

** Disable System Restore

*** If you see the following in HijackThis!, it's most likely Smitfraud.c  Other symptoms include weird display settings, and only having two tabs available in display properties.

1.)  In Add/Remove Programs, remove the following (If possible)

      Security IGuard
      Virtual Maid
      Search Maid

2.)  Try to end the following processes:

      (These may not all be in there at the same time, but they seem to take turns)

3.)  Grab Killbox, and set it to the Delete on Reboot option, and delete the following:


4.) Reboot into safe mode, then kill the following folders:

            C:\Program Files\Search Maid
            C:\Program Files\Virtual Maid
            C:\Windows\System32\Log Files
            C:\Program Files\Security IGuard

      Reboot into normal mode.

5.) Add the SMITFRAUD reg file into the registry by doubleclick and accepting.

      Reboot again.

6.) Fire up HOSTER (from and hit "Restore Original Hosts".  Then hit the make this "read only" button.  (You could also just remove the 100 or so pieces of junk that are in the LMHOSTS file and write protect that badboy yourself.)

7.) Install DELDOMAINS.INF to remove all the domains the bug puts in the "Trusted Zones" area

8.) Run a cleanup program to get rid of temp files and directories where things like to hide.

Do a remote virus scan (Trend micro has a good one at and when everything comes up all clear, enable the System Restore and set a restore point.

I'm not sure if it's specific to smitfraud, but the LAN connection was disabled in the instance I saw,  Re-enable the LAN Connection, and you should be good to go.

You may have deleted the files and directories already, if your only sign of infection is the screen settings.  Merge the smitfraud.reg with your registry and that should do it.  Don't neglect that hosts file though!


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
HojoformoAuthor Commented:
thanks everyone for your help!  I was able to recover from this virus with your help.  THanks again!!!!
Additional comment may help someone, maybe.

Using the above Experts's recipe I was able to get rid of smitfraud and lots of other malware, it took ages but thanks.
If you want an Anti-Virus tool that will get rid of it quickly and you don't mind paying for it, the only one I found that could remove it was Xoftspy, do a google search to find download site. It will scan your system for free, but you can't remove unless you register, costs about $40 ??? If you do register, remember that you must install it to your hard drive in order to use the Remove Button as part of Xoftspy Application.

It does seem the best on the market at the moment.

Frankie (the wordthe)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.