Posted on 2008-06-17
Last Modified: 2012-06-22
I know that Smitfraud has been around a while. I just read about a variant with a red bio-hazard background, locks the user out of the Control Panel, etc.
Two requests for this post.
1) I would like to know if there is a one stop fix for ALL variants.
2) I would also like to know if anyone is familiar with this site. (I'm quite certain that the recommended XoftSpy isn't what it seems.)
Luckily I have avoided the Smitfraud experience. And I want as much information on this thing as possible. For instance, how do I KNOW that after a tool is run against it, that it is really gone and has not turned my system into a bot, etc.?
Thanks all.
And yes, RPGamerGirl I'm looking forward to your 2 cents. :-)

Question by:David-Howard
  • 3
LVL 47

Accepted Solution

rpggamergirl earned 500 total points
ID: 21808027
1. Siri, the author of smitfraudfix always updates the tool for new variants, but other tools also removes some variants of smitfraud like SDFix.exe and FixIEDef.exe. Some malware/viruses can also set policies similar to smitfraud, and smitfraudfix removes any policies put in by these nasties.
When it's smitfraud infection we're talking about then smitfraudfix is the best tool for it.

2. The ONLY download location that I will suggest to get smitfraudfix is from the author's site. I would NEVER recommend any other download links. I know there are many site who offers tools to fix smitfraud and people who claim credit for smitfraudfix tool.

3. Smitfraud infections shows up in hijackthis, so if you're infected and after using smitfraudfix the infection is gone and hijackthis comes out clean, and other scanners comes out clean, then the infection is gone. Smitfraudfix tool by Siri is a VERY trusted tool. Sometimes smitfraud comes with other infections as well so it's always a good idea to run other scanners but the Hijakcthis log should show whether infections are also present.
Just DO NOT download smitfraudfix.exe from anywhere else, download it from one site only and that's the author's site.

Hope that helps.
LVL 27

Author Comment

ID: 21808142
Thanks very much Rpggamergirl. My money was on you for clearing this up. :-)
#3 was the point I was most curious about. I'm always cautious after a system gets nailed that once it is cleaned there aren't any traces or such lying around. (Rootkits, etc.) I know the purest way to recover is to format the drive. Normally I do trust my tools for complete removal. But never having to deal with Smitfraud I wanted a little reassurance on the cleaning tool.
Thanks again.
LVL 47

Expert Comment

ID: 21808745
No problem. I know what you mean. It's easy to get infected these days and you can't be too careful as there are so many rogue programs around.
Not long ago I was infected just by checking a link an Asker had posted(I always check these links so I can delete them if they're bad) got infected twice doing this since I've been here at EE.
Yes, you can get infected just by visiting an infected webpage without even clicking anything on that page.
I had to reformat as none of the tools I've used have been helpful, I've tried so many scanners, Hijackthis, Avast, Kaspersky, Sdfix, Combofix, DrWebCureIt, Stinger, OTScanIt, the virus was also active in safe mode. And i couldn't do anything once it activates which was twice a day. After 2 days I reformatted.

More on your question,
I wouldn't trust any tool that claims to remove variants of smitfraud except Siri's Smitfraudfix.exe.
XofSpy's tool to remove smitfraud is not the same as smitfraudfix.exe, I don't think that's as reliable as Siri's tool to remove latest variants, the smitfraud files they mentioned in their page are very old variants(when smitfraud first came out). Their latest database updates is June 11, 2008,
whereas Siri's Smitfraudfix has been updated 3 times after that, smitfraudfix.exe's latest smitfraud updates is June 17, 2008

Also XoftSpy was an ex-rogue. I wouldn't waste time on their smitfraud removal tool.

(Note: other domains associated with XoftSpy include:,,,,,,,,,,,,,,,,,
LVL 47

Expert Comment

ID: 21808760
Thanks! :)

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now