[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now



Posted on 2008-06-17
Medium Priority
Last Modified: 2012-06-22
I know that Smitfraud has been around a while. I just read about a variant with a red bio-hazard background, locks the user out of the Control Panel, etc.
Two requests for this post.
1) I would like to know if there is a one stop fix for ALL variants.
2) I would also like to know if anyone is familiar with this site.
http://smitfraud.org/ (I'm quite certain that the recommended XoftSpy isn't what it seems.)
Luckily I have avoided the Smitfraud experience. And I want as much information on this thing as possible. For instance, how do I KNOW that after a tool is run against it, that it is really gone and has not turned my system into a bot, etc.?
Thanks all.
And yes, RPGamerGirl I'm looking forward to your 2 cents. :-)

Question by:David-Howard
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
LVL 47

Accepted Solution

rpggamergirl earned 2000 total points
ID: 21808027
1. Siri, the author of smitfraudfix always updates the tool for new variants, but other tools also removes some variants of smitfraud like SDFix.exe and FixIEDef.exe. Some malware/viruses can also set policies similar to smitfraud, and smitfraudfix removes any policies put in by these nasties.
When it's smitfraud infection we're talking about then smitfraudfix is the best tool for it.

2. The ONLY download location that I will suggest to get smitfraudfix is from the author's site. I would NEVER recommend any other download links. I know there are many site who offers tools to fix smitfraud and people who claim credit for smitfraudfix tool.

3. Smitfraud infections shows up in hijackthis, so if you're infected and after using smitfraudfix the infection is gone and hijackthis comes out clean, and other scanners comes out clean, then the infection is gone. Smitfraudfix tool by Siri is a VERY trusted tool. Sometimes smitfraud comes with other infections as well so it's always a good idea to run other scanners but the Hijakcthis log should show whether infections are also present.
Just DO NOT download smitfraudfix.exe from anywhere else, download it from one site only and that's the author's site.

Hope that helps.
LVL 27

Author Comment

ID: 21808142
Thanks very much Rpggamergirl. My money was on you for clearing this up. :-)
#3 was the point I was most curious about. I'm always cautious after a system gets nailed that once it is cleaned there aren't any traces or such lying around. (Rootkits, etc.) I know the purest way to recover is to format the drive. Normally I do trust my tools for complete removal. But never having to deal with Smitfraud I wanted a little reassurance on the cleaning tool.
Thanks again.
LVL 47

Expert Comment

ID: 21808745
No problem. I know what you mean. It's easy to get infected these days and you can't be too careful as there are so many rogue programs around.
Not long ago I was infected just by checking a link an Asker had posted(I always check these links so I can delete them if they're bad) got infected twice doing this since I've been here at EE.
Yes, you can get infected just by visiting an infected webpage without even clicking anything on that page.
I had to reformat as none of the tools I've used have been helpful, I've tried so many scanners, Hijackthis, Avast, Kaspersky, Sdfix, Combofix, DrWebCureIt, Stinger, OTScanIt, the virus was also active in safe mode. And i couldn't do anything once it activates which was twice a day. After 2 days I reformatted.

More on your question,
I wouldn't trust any tool that claims to remove variants of smitfraud except Siri's Smitfraudfix.exe.
XofSpy's tool to remove smitfraud is not the same as smitfraudfix.exe, I don't think that's as reliable as Siri's tool to remove latest variants, the smitfraud files they mentioned in their page are very old variants(when smitfraud first came out). Their latest database updates is June 11, 2008,
whereas Siri's Smitfraudfix has been updated 3 times after that, smitfraudfix.exe's latest smitfraud updates is June 17, 2008

Also XoftSpy was an ex-rogue. I wouldn't waste time on their smitfraud removal tool.
Domains: paretologic.com

(Note: other domains associated with XoftSpy include: adware-destroyer.com, adware-elimination.com, adwarekillers.com, adware-real-free-scan.com, adwares.net, anti-adware.net, antispywares.com, deletespyware.net, nomorespyware.net, removespyware.net, softspy.net, softwho.com, spywarebest.com, spyware-detection.net, spywareprof.com, spywarepurge.com, spywarerem.com, spywareremoval.net)
LVL 47

Expert Comment

ID: 21808760
Thanks! :)

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question