Smit Fraud Virus

Posted on 2005-05-09
Last Modified: 2013-12-04
My laptop has been infected with the Smit Fraud virus and I believe I have the virus removed but I can no longer get to my desktop.  I just get a blue window.  I can get to the task manager and manually execute some windo commands.  I can not execute Windows Explorer or Browser but I can run word.   Can someone please help!!!!!!
Question by:Hojoformo
    LVL 12

    Expert Comment

    Use F8 at powerup and boot safe mode with networking.

    Get out your OS CD and Run from a command prompt (DOS windows)



    I also suggest you download and run spyware software (like SpySweeper from
    LVL 38

    Expert Comment

    by:Rich Rumble
    If your unable to see icon's and or the start bar, then explorer.exe is likely not running. Open task manager and go to File... new task and type
    explorer.exe  or if you need the full path try C:\WINDOWS\Explorer.exe
    Iexplore.exe will open IE, and you can use it to browse your HD as well if explorer is being killed.

    You can actually use word to browse the internet also, go to file and open, and type and word will load google as a page, and if you type in the search line and click search, you should see a google page.
    LVL 1

    Accepted Solution

    How did you remove the virus?  Smitfraud is pretty difficult, and involves repairing the registry.  I just got done compiling a removal protocol from several sources - this is what I found worked best:

    Before you start, get deldomains.inf from
    and a registry fix from

    * First of all, set the system to view hidden/system files

    ** Disable System Restore

    *** If you see the following in HijackThis!, it's most likely Smitfraud.c  Other symptoms include weird display settings, and only having two tabs available in display properties.

    1.)  In Add/Remove Programs, remove the following (If possible)

          Security IGuard
          Virtual Maid
          Search Maid

    2.)  Try to end the following processes:

          (These may not all be in there at the same time, but they seem to take turns)

    3.)  Grab Killbox, and set it to the Delete on Reboot option, and delete the following:


    4.) Reboot into safe mode, then kill the following folders:

                C:\Program Files\Search Maid
                C:\Program Files\Virtual Maid
                C:\Windows\System32\Log Files
                C:\Program Files\Security IGuard

          Reboot into normal mode.

    5.) Add the SMITFRAUD reg file into the registry by doubleclick and accepting.

          Reboot again.

    6.) Fire up HOSTER (from and hit "Restore Original Hosts".  Then hit the make this "read only" button.  (You could also just remove the 100 or so pieces of junk that are in the LMHOSTS file and write protect that badboy yourself.)

    7.) Install DELDOMAINS.INF to remove all the domains the bug puts in the "Trusted Zones" area

    8.) Run a cleanup program to get rid of temp files and directories where things like to hide.

    Do a remote virus scan (Trend micro has a good one at and when everything comes up all clear, enable the System Restore and set a restore point.

    I'm not sure if it's specific to smitfraud, but the LAN connection was disabled in the instance I saw,  Re-enable the LAN Connection, and you should be good to go.

    You may have deleted the files and directories already, if your only sign of infection is the screen settings.  Merge the smitfraud.reg with your registry and that should do it.  Don't neglect that hosts file though!


    Author Comment

    thanks everyone for your help!  I was able to recover from this virus with your help.  THanks again!!!!
    LVL 3

    Expert Comment

    Additional comment may help someone, maybe.

    Using the above Experts's recipe I was able to get rid of smitfraud and lots of other malware, it took ages but thanks.
    If you want an Anti-Virus tool that will get rid of it quickly and you don't mind paying for it, the only one I found that could remove it was Xoftspy, do a google search to find download site. It will scan your system for free, but you can't remove unless you register, costs about $40 ??? If you do register, remember that you must install it to your hard drive in order to use the Remove Button as part of Xoftspy Application.

    It does seem the best on the market at the moment.

    Frankie (the wordthe)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
    As a Mac user and former AppleCare AHA & Senior Advisor, I'm constantly bombarded with questions about Macs and if they need Antivirus. This short article is my response to those questions.
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now