Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.
Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
---------------------------------------------------------------------------------------------
Please print out or copy these instructions/tutorial to Notepad as the internet will not (while in Safe Mode) be available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
---------------------------------------------------------------------------------------------
Please download
SmitfraudFix (by
S!Ri)
Extract the content (a folder named
SmitfraudFix) to your Desktop.
Please download the trial version of
Ewido anti-malware from here:
http://www.ewido.net/en/download/- Install Ewido anti-malware.
- When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
- When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
- The program will prompt you to update. Click the Ok button.
- The program will now go to the main screen.
You will need to update Ewido to the latest definition files.
- On the left-hand side of the main screen click the Update Button.
- Click on Start.
- The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.
Download and install
CleanUp! but
do not run it yet. (Not Recommended for XP64).
*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
---------------------------------------------------------------------------------------------
Reboot your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
---------------------------------------------------------------------------------------------
Open the SmitfraudFix Folder, then double-click
smitfraudfix.cmd file to start the tool.
Select option
#2 - Clean by typing
2 and press
Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "
Registry cleaning - Do you want to clean the registry?" answer
Yes by typing
Y and hit
Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer
Yes to the question "
Replace infected file?" by typing
Y and hit
Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
Reboot in Safe Mode.
The tool will create a log named
rapport.txt in the root of your drive, eg: Local Disk C:
(C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
---------------------------------------------------------------------------------------------
Clean out your
Temporary Internet files.
Run
Cleanup! using the following configuration:
Open
Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "
Options..."
Move the arrow down to "
Custom CleanUp!"
Put a check next to the following (
Make sure nothing else is checked!):
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files (if present)
- Cleanup! All Users
- Click on the Temporary Files tab and uncheck the box for Scan drives for files matching if it’s checked.
Click
OK
Press the
CleanUp! button to start the program.. Do NOT Reboot/logoff when prompted.
* CleanUp! will not create any backups!!
---------------------------------------------------------------------------------------------
Next go to
Control Panel click Display>Desktop>Customize Desktop>Web> Now,
Uncheck Everything and delete if present:
- "Security Info"
- "Warning Message"
- "Security Desktop"
- "Warning Homepage"
- "Desktop Uninstall" or something similar
Also make sure the
'Lock desktop items' box is
unticked. Click
OK, and then Click
Apply, then
OK.
---------------------------------------------------------------------------------------------
Close
ALL open Windows / Programs / Folders. Please start
Ewido, and run a full scan.
- Click on Scanner
- Click on Settings
- Under How to scan all boxes should be checked
- Under Unwanted Software all boxes should be checked
- Under What to scan select Scan every file
- Click on Ok
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says
Perform action on all infections and put a checkmark in the box next to
Create encrypted backup, then choose clean and click Ok.
Once the scan has completed, there will be a button located on the bottom of the screen named
Save Report.
- Click Save Report button
- Save the report to your Desktop
Close Ewido and Reboot in Normal Mode.
---------------------------------------------------------------------------------------------
Open the SmitfraudFix folder and double-click
smitfraudfix.cmd
Select option
#3 - Delete Trusted zone by typing
3 and press
Enter
Note, if you use
SpywareBlaster and/or
IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
---------------------------------------------------------------------------------------------
Perform an online scan with Internet Explorer with
Panda ActiveScan
**
click on "Free use ActiveScan" located on the top right hand corner- Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
- Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting
My Computer- If it finds any malware, it will offer you a report.
- Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
- Click on see report. Then click Save report
---------------------------------------------------------------------------------------------
Run a new HijackThis scan. Save the log file and post it here.
---------------------------------------------------------------------------------------------
Then post the following logs in your next reply...
C:\rapport.txt (log from the tool)
Ewido log
Panda log
Hijackthis log