Smit Fraud Virus

Hojoformo used Ask the Experts™
My laptop has been infected with the Smit Fraud virus and I believe I have the virus removed but I can no longer get to my desktop.  I just get a blue window.  I can get to the task manager and manually execute some windo commands.  I can not execute Windows Explorer or Browser but I can run word.   Can someone please help!!!!!!
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Aland CoonsSystems Engineer

Use F8 at powerup and boot safe mode with networking.

Get out your OS CD and Run from a command prompt (DOS windows)



I also suggest you download and run spyware software (like SpySweeper from
Rich RumbleSecurity Samurai
Top Expert 2006

If your unable to see icon's and or the start bar, then explorer.exe is likely not running. Open task manager and go to File... new task and type
explorer.exe  or if you need the full path try C:\WINDOWS\Explorer.exe
Iexplore.exe will open IE, and you can use it to browse your HD as well if explorer is being killed.

You can actually use word to browse the internet also, go to file and open, and type and word will load google as a page, and if you type in the search line and click search, you should see a google page.
How did you remove the virus?  Smitfraud is pretty difficult, and involves repairing the registry.  I just got done compiling a removal protocol from several sources - this is what I found worked best:

Before you start, get deldomains.inf from
and a registry fix from

* First of all, set the system to view hidden/system files

** Disable System Restore

*** If you see the following in HijackThis!, it's most likely Smitfraud.c  Other symptoms include weird display settings, and only having two tabs available in display properties.

1.)  In Add/Remove Programs, remove the following (If possible)

      Security IGuard
      Virtual Maid
      Search Maid

2.)  Try to end the following processes:

      (These may not all be in there at the same time, but they seem to take turns)

3.)  Grab Killbox, and set it to the Delete on Reboot option, and delete the following:


4.) Reboot into safe mode, then kill the following folders:

            C:\Program Files\Search Maid
            C:\Program Files\Virtual Maid
            C:\Windows\System32\Log Files
            C:\Program Files\Security IGuard

      Reboot into normal mode.

5.) Add the SMITFRAUD reg file into the registry by doubleclick and accepting.

      Reboot again.

6.) Fire up HOSTER (from and hit "Restore Original Hosts".  Then hit the make this "read only" button.  (You could also just remove the 100 or so pieces of junk that are in the LMHOSTS file and write protect that badboy yourself.)

7.) Install DELDOMAINS.INF to remove all the domains the bug puts in the "Trusted Zones" area

8.) Run a cleanup program to get rid of temp files and directories where things like to hide.

Do a remote virus scan (Trend micro has a good one at and when everything comes up all clear, enable the System Restore and set a restore point.

I'm not sure if it's specific to smitfraud, but the LAN connection was disabled in the instance I saw,  Re-enable the LAN Connection, and you should be good to go.

You may have deleted the files and directories already, if your only sign of infection is the screen settings.  Merge the smitfraud.reg with your registry and that should do it.  Don't neglect that hosts file though!



thanks everyone for your help!  I was able to recover from this virus with your help.  THanks again!!!!
Additional comment may help someone, maybe.

Using the above Experts's recipe I was able to get rid of smitfraud and lots of other malware, it took ages but thanks.
If you want an Anti-Virus tool that will get rid of it quickly and you don't mind paying for it, the only one I found that could remove it was Xoftspy, do a google search to find download site. It will scan your system for free, but you can't remove unless you register, costs about $40 ??? If you do register, remember that you must install it to your hard drive in order to use the Remove Button as part of Xoftspy Application.

It does seem the best on the market at the moment.

Frankie (the wordthe)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial