Posted on 2008-06-17
Last Modified: 2012-06-22
I know that Smitfraud has been around a while. I just read about a variant with a red bio-hazard background, locks the user out of the Control Panel, etc.
Two requests for this post.
1) I would like to know if there is a one stop fix for ALL variants.
2) I would also like to know if anyone is familiar with this site. (I'm quite certain that the recommended XoftSpy isn't what it seems.)
Luckily I have avoided the Smitfraud experience. And I want as much information on this thing as possible. For instance, how do I KNOW that after a tool is run against it, that it is really gone and has not turned my system into a bot, etc.?
Thanks all.
And yes, RPGamerGirl I'm looking forward to your 2 cents. :-)

Question by:David-Howard
  • 3
LVL 47

Accepted Solution

rpggamergirl earned 500 total points
ID: 21808027
1. Siri, the author of smitfraudfix always updates the tool for new variants, but other tools also removes some variants of smitfraud like SDFix.exe and FixIEDef.exe. Some malware/viruses can also set policies similar to smitfraud, and smitfraudfix removes any policies put in by these nasties.
When it's smitfraud infection we're talking about then smitfraudfix is the best tool for it.

2. The ONLY download location that I will suggest to get smitfraudfix is from the author's site. I would NEVER recommend any other download links. I know there are many site who offers tools to fix smitfraud and people who claim credit for smitfraudfix tool.

3. Smitfraud infections shows up in hijackthis, so if you're infected and after using smitfraudfix the infection is gone and hijackthis comes out clean, and other scanners comes out clean, then the infection is gone. Smitfraudfix tool by Siri is a VERY trusted tool. Sometimes smitfraud comes with other infections as well so it's always a good idea to run other scanners but the Hijakcthis log should show whether infections are also present.
Just DO NOT download smitfraudfix.exe from anywhere else, download it from one site only and that's the author's site.

Hope that helps.
LVL 27

Author Comment

ID: 21808142
Thanks very much Rpggamergirl. My money was on you for clearing this up. :-)
#3 was the point I was most curious about. I'm always cautious after a system gets nailed that once it is cleaned there aren't any traces or such lying around. (Rootkits, etc.) I know the purest way to recover is to format the drive. Normally I do trust my tools for complete removal. But never having to deal with Smitfraud I wanted a little reassurance on the cleaning tool.
Thanks again.
LVL 47

Expert Comment

ID: 21808745
No problem. I know what you mean. It's easy to get infected these days and you can't be too careful as there are so many rogue programs around.
Not long ago I was infected just by checking a link an Asker had posted(I always check these links so I can delete them if they're bad) got infected twice doing this since I've been here at EE.
Yes, you can get infected just by visiting an infected webpage without even clicking anything on that page.
I had to reformat as none of the tools I've used have been helpful, I've tried so many scanners, Hijackthis, Avast, Kaspersky, Sdfix, Combofix, DrWebCureIt, Stinger, OTScanIt, the virus was also active in safe mode. And i couldn't do anything once it activates which was twice a day. After 2 days I reformatted.

More on your question,
I wouldn't trust any tool that claims to remove variants of smitfraud except Siri's Smitfraudfix.exe.
XofSpy's tool to remove smitfraud is not the same as smitfraudfix.exe, I don't think that's as reliable as Siri's tool to remove latest variants, the smitfraud files they mentioned in their page are very old variants(when smitfraud first came out). Their latest database updates is June 11, 2008,
whereas Siri's Smitfraudfix has been updated 3 times after that, smitfraudfix.exe's latest smitfraud updates is June 17, 2008

Also XoftSpy was an ex-rogue. I wouldn't waste time on their smitfraud removal tool.

(Note: other domains associated with XoftSpy include:,,,,,,,,,,,,,,,,,
LVL 47

Expert Comment

ID: 21808760
Thanks! :)

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Read about achieving the basic levels of HRIS security in the workplace.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now