Welcome
to noahdfear’s page!
2006
If you got a script notice on this page, it’s because I use a
script to count the number of page loads here, as well as downloads of
my tool. I use these
instead of the usual counters because I have no need for your browser
version, screen res-
olution, where you came from, how long you are here, etc, etc. That’s
your business, not
mine. If you cannot see the number of times my tool has been
downloaded, or the page load
counter, it may be due to a third party blocker, such as AdSubtract.
SmitRem
is a tool I created to remove the Trojan-Spy.HTML.Smitfraud.c malware infection and it’s
variants, AlfaCleaner, AntiVirusGold, BraveSentry, PSGuard, Search Maid,
Security IGuard, Security Toolbar, SpyAxe, SpyFalcon, SpyHeal.
SpySheriff, SpyTrooper, SpywareQuake, SpywareSheriff, SpywareStrike.
Trust Cleaner, Virtual Maid, VirusBurst and Winhound.
Click here for a full list of files removed by smitRem
Click here for a full list of registry keys altered by smitRem
These infections
are known as Desktop Hijackers and make many unwanted changes to a user’s
computer.
They are also difficult to remove. The
effects of each of the above variants varies, in some cases infecting the
system file wininet.dll and/or disabling the Task
Manager in addition to taking over the desktop. I have
included the
repair of all of the known registry changes made by these hijackers, as
well as the removal of the
associated files and folders created. Panda
ActiveScan online should be run following the use of this tool,
since it can detect and often repair anything
not found and removed with the tool.
The tool also
detects if the system file wininet.dll is infected, and
attempts to
replace it with another copy on the system. In XP and 2000, if another copy of
wininet.dll is
found in one of
the locations the tool looks, the tool will replace the infected file. Windows
95, 98 and
Windows
Millennium do not have copies, so it’s necessary to try to clean it or replace
it otherwise.
Panda ActiveScan
online had been properly cleaning the infected wininet, but I recently noticed
it was
instead deleting
it. I hope they get this fixed, but in the meantime, if you have one of those
operating
systems with an
infected wininet.dll, I suggest you download the appropriate patch for your
system from
Microsoft, which
contains a copy of the file, before scanning with Panda, in case it does get
deleted.
http://www.microsoft.com/technet/security/Bulletin/MS05-025.mspx
If you’re able
to place a copy of the infected wininet.dll on the desktop in Windows 95/98/ME,
eTrust Online
Antivirus scanner will clean it. You can then boot into the command prompt only
mode to delete
the infected file in the system folder, and copy the clean desktop file to the
system
folder. Once replaced, the bad file(s)
oleadm.dll or oleext.dll can be deleted in normal mode.
Click here to go to
the eTrust online scanner
I do not
recommend using the tool without guidance from a qualified malware removal
specialist!
Download
smitRem.exe, saving the file to your desktop. Double click it to extract the
contents to a
folder
of it’s own. Restart your computer in safe mode, logon to the user account
that is infected,
open
the smitRem folder and double click the RunThis.bat file to start the
tool.
Follow
the prompts on screen and allow disk cleanup to complete.
Upon
reboot, you can reset your desktop background. Note: XP users using the
XP theme may ex-
perience
a change to the Classic Windows theme. This can be changed on the themes tab of
desktop
properties.
Smitrem.exe version 3.2 Downloaded times
Some screen
shots of a computer infected with PSGuard here
If you
have comments or suggestions about this tool and wish to email me,
feel
free to do so
GeeksToGo SpywareInfo TomCoyote
Tech Support Guy Tech Support Forum
if you would like to have your favorite forum
added to this list, please contact me with a link
Thanks
for visiting!