Posted on 2008-06-17
Last Modified: 2012-06-22
I know that Smitfraud has been around a while. I just read about a variant with a red bio-hazard background, locks the user out of the Control Panel, etc.
Two requests for this post.
1) I would like to know if there is a one stop fix for ALL variants.
2) I would also like to know if anyone is familiar with this site. (I'm quite certain that the recommended XoftSpy isn't what it seems.)
Luckily I have avoided the Smitfraud experience. And I want as much information on this thing as possible. For instance, how do I KNOW that after a tool is run against it, that it is really gone and has not turned my system into a bot, etc.?
Thanks all.
And yes, RPGamerGirl I'm looking forward to your 2 cents. :-)

Question by:David-Howard
  • 3
LVL 47

Accepted Solution

rpggamergirl earned 500 total points
ID: 21808027
1. Siri, the author of smitfraudfix always updates the tool for new variants, but other tools also removes some variants of smitfraud like SDFix.exe and FixIEDef.exe. Some malware/viruses can also set policies similar to smitfraud, and smitfraudfix removes any policies put in by these nasties.
When it's smitfraud infection we're talking about then smitfraudfix is the best tool for it.

2. The ONLY download location that I will suggest to get smitfraudfix is from the author's site. I would NEVER recommend any other download links. I know there are many site who offers tools to fix smitfraud and people who claim credit for smitfraudfix tool.

3. Smitfraud infections shows up in hijackthis, so if you're infected and after using smitfraudfix the infection is gone and hijackthis comes out clean, and other scanners comes out clean, then the infection is gone. Smitfraudfix tool by Siri is a VERY trusted tool. Sometimes smitfraud comes with other infections as well so it's always a good idea to run other scanners but the Hijakcthis log should show whether infections are also present.
Just DO NOT download smitfraudfix.exe from anywhere else, download it from one site only and that's the author's site.

Hope that helps.
LVL 27

Author Comment

ID: 21808142
Thanks very much Rpggamergirl. My money was on you for clearing this up. :-)
#3 was the point I was most curious about. I'm always cautious after a system gets nailed that once it is cleaned there aren't any traces or such lying around. (Rootkits, etc.) I know the purest way to recover is to format the drive. Normally I do trust my tools for complete removal. But never having to deal with Smitfraud I wanted a little reassurance on the cleaning tool.
Thanks again.
LVL 47

Expert Comment

ID: 21808745
No problem. I know what you mean. It's easy to get infected these days and you can't be too careful as there are so many rogue programs around.
Not long ago I was infected just by checking a link an Asker had posted(I always check these links so I can delete them if they're bad) got infected twice doing this since I've been here at EE.
Yes, you can get infected just by visiting an infected webpage without even clicking anything on that page.
I had to reformat as none of the tools I've used have been helpful, I've tried so many scanners, Hijackthis, Avast, Kaspersky, Sdfix, Combofix, DrWebCureIt, Stinger, OTScanIt, the virus was also active in safe mode. And i couldn't do anything once it activates which was twice a day. After 2 days I reformatted.

More on your question,
I wouldn't trust any tool that claims to remove variants of smitfraud except Siri's Smitfraudfix.exe.
XofSpy's tool to remove smitfraud is not the same as smitfraudfix.exe, I don't think that's as reliable as Siri's tool to remove latest variants, the smitfraud files they mentioned in their page are very old variants(when smitfraud first came out). Their latest database updates is June 11, 2008,
whereas Siri's Smitfraudfix has been updated 3 times after that, smitfraudfix.exe's latest smitfraud updates is June 17, 2008

Also XoftSpy was an ex-rogue. I wouldn't waste time on their smitfraud removal tool.

(Note: other domains associated with XoftSpy include:,,,,,,,,,,,,,,,,,
LVL 47

Expert Comment

ID: 21808760
Thanks! :)

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
OfficeMate Freezes on login or does not load after login credentials are input.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question