• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 582
  • Last Modified:

Topsecuritysite and Guarduptodate

I am running Winxp Pro SP2 with all the latest updates.  Internet Explorer had been hijacked by Guarduptodate and or Topsecuritysite.  I could not find a fix for this so I restored a bacdkup that I made 6 months ago.  My operating system is on c: and most of my programs are stored on D:.  I only restored C drive.  All seemed well yesterday after the restore. Today its back.  I am using the firewall on my linksys router,  I have windows firewall turned on,  I am running Norton Anti Virus.  

How can I get rid of this and keep it from comming back.
  • 2
1 Solution
Greetings, tcassio !

1. You have a new version of Smitfraud. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

How to extract (decompress) zipped or compressed files

Note : process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky, Panda) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

2. Reboot into Safe Mode
How to start the computer in Safe mode

3. Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

Best wishes!
tcassioAuthor Commented:
That got rid of it.  How do I keep it from comming back ?

Glad SmitFraud is gone. It will not come back unless you download a file with the SmitFraud in it or click on a link that you should not.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now