• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 778
  • Last Modified:

Smitfraud

History:
I know that Smitfraud has been around a while. I just read about a variant with a red bio-hazard background, locks the user out of the Control Panel, etc.
Two requests for this post.
1) I would like to know if there is a one stop fix for ALL variants.
2) I would also like to know if anyone is familiar with this site.
http://smitfraud.org/ (I'm quite certain that the recommended XoftSpy isn't what it seems.)
Luckily I have avoided the Smitfraud experience. And I want as much information on this thing as possible. For instance, how do I KNOW that after a tool is run against it, that it is really gone and has not turned my system into a bot, etc.?
Thanks all.
And yes, RPGamerGirl I'm looking forward to your 2 cents. :-)
David

0
David-Howard
Asked:
David-Howard
  • 3
1 Solution
 
rpggamergirlCommented:
1. Siri, the author of smitfraudfix always updates the tool for new variants, but other tools also removes some variants of smitfraud like SDFix.exe and FixIEDef.exe. Some malware/viruses can also set policies similar to smitfraud, and smitfraudfix removes any policies put in by these nasties.
When it's smitfraud infection we're talking about then smitfraudfix is the best tool for it.

2. The ONLY download location that I will suggest to get smitfraudfix is from the author's site. I would NEVER recommend any other download links. I know there are many site who offers tools to fix smitfraud and people who claim credit for smitfraudfix tool.
http://siri.geekstogo.com/SmitfraudFix.php

3. Smitfraud infections shows up in hijackthis, so if you're infected and after using smitfraudfix the infection is gone and hijackthis comes out clean, and other scanners comes out clean, then the infection is gone. Smitfraudfix tool by Siri is a VERY trusted tool. Sometimes smitfraud comes with other infections as well so it's always a good idea to run other scanners but the Hijakcthis log should show whether infections are also present.
Just DO NOT download smitfraudfix.exe from anywhere else, download it from one site only and that's the author's site.

Hope that helps.
0
 
David-HowardAuthor Commented:
Thanks very much Rpggamergirl. My money was on you for clearing this up. :-)
#3 was the point I was most curious about. I'm always cautious after a system gets nailed that once it is cleaned there aren't any traces or such lying around. (Rootkits, etc.) I know the purest way to recover is to format the drive. Normally I do trust my tools for complete removal. But never having to deal with Smitfraud I wanted a little reassurance on the cleaning tool.
Thanks again.
:-)
David
0
 
rpggamergirlCommented:
David,
No problem. I know what you mean. It's easy to get infected these days and you can't be too careful as there are so many rogue programs around.
Not long ago I was infected just by checking a link an Asker had posted(I always check these links so I can delete them if they're bad) got infected twice doing this since I've been here at EE.
Yes, you can get infected just by visiting an infected webpage without even clicking anything on that page.
I had to reformat as none of the tools I've used have been helpful, I've tried so many scanners, Hijackthis, Avast, Kaspersky, Sdfix, Combofix, DrWebCureIt, Stinger, OTScanIt, the virus was also active in safe mode. And i couldn't do anything once it activates which was twice a day. After 2 days I reformatted.

More on your question,
I wouldn't trust any tool that claims to remove variants of smitfraud except Siri's Smitfraudfix.exe.
XofSpy's tool to remove smitfraud is not the same as smitfraudfix.exe, I don't think that's as reliable as Siri's tool to remove latest variants, the smitfraud files they mentioned in their page are very old variants(when smitfraud first came out). Their latest database updates is June 11, 2008,
whereas Siri's Smitfraudfix has been updated 3 times after that, smitfraudfix.exe's latest smitfraud updates is June 17, 2008

Also XoftSpy was an ex-rogue. I wouldn't waste time on their smitfraud removal tool.
http://www.spywarewarrior.com/rogue_anti-spyware.htm#xos_note
Domains: paretologic.com

(Note: other domains associated with XoftSpy include: adware-destroyer.com, adware-elimination.com, adwarekillers.com, adware-real-free-scan.com, adwares.net, anti-adware.net, antispywares.com, deletespyware.net, nomorespyware.net, removespyware.net, softspy.net, softwho.com, spywarebest.com, spyware-detection.net, spywareprof.com, spywarepurge.com, spywarerem.com, spywareremoval.net)
0
 
rpggamergirlCommented:
Thanks! :)
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now