Welcome to noahdfearís page!
If you got a script notice on this page, itís because I use a
script to count the number of page loads here, as well as downloads of my tool. I use these
instead of the usual counters because I have no need for your browser version, screen res-
olution, where you came from, how long you are here, etc, etc. Thatís your business, not
mine. If you cannot see the number of times my tool has been downloaded, or the page load
counter, it may be due to a third party blocker, such as AdSubtract.
SmitRem is a tool I created to remove the Trojan-Spy.HTML.Smitfraud.c malware infection and itís
variants, AlfaCleaner, AntiVirusGold, BraveSentry, PSGuard, Search Maid,
Security IGuard, Security Toolbar, SpyAxe, SpyFalcon, SpyHeal.
SpySheriff, SpyTrooper, SpywareQuake, SpywareSheriff, SpywareStrike.
Trust Cleaner, Virtual Maid, VirusBurst and Winhound.
Click here for a full list of files removed by smitRem
Click here for a full list of registry keys altered by smitRem
These infections are known as Desktop Hijackers and make many unwanted changes to a userís computer.
†They are also difficult to remove. The effects of each of the above variants varies, in some cases infecting the
†system file wininet.dll and/or disabling the Task Manager in addition to taking over the desktop. I have
included the repair of all of the known registry changes made by these hijackers, as well as the removal of the
†associated files and folders created. Panda ActiveScan online should be run following the use of this tool,
†since it can detect and often repair anything not found and removed with the tool.
The tool also detects if the system file wininet.dll is infected, and
attempts to replace it with another copy on the system. In XP and 2000, if another copy of wininet.dll is
found in one of the locations the tool looks, the tool will replace the infected file. Windows 95, 98 and
Windows Millennium do not have copies, so itís necessary to try to clean it or replace it otherwise.
Panda ActiveScan online had been properly cleaning the infected wininet, but I recently noticed it was
instead deleting it. I hope they get this fixed, but in the meantime, if you have one of those operating
systems with an infected wininet.dll, I suggest you download the appropriate patch for your system from
Microsoft, which contains a copy of the file, before scanning with Panda, in case it does get deleted.
If youíre able to place a copy of the infected wininet.dll on the desktop in Windows 95/98/ME,
eTrust Online Antivirus scanner will clean it. You can then boot into the command prompt only
mode to delete the infected file in the system folder, and copy the clean desktop file to the system
†folder. Once replaced, the bad file(s) oleadm.dll or oleext.dll can be deleted in normal mode.
I do not recommend using the tool without guidance from a qualified malware removal specialist!
Download smitRem.exe, saving the file to your desktop. Double click it to extract the contents to a
folder of itís own. Restart your computer in safe mode, logon to the user account that is infected,
open the smitRem folder and double click the RunThis.bat file to start the tool.
Follow the prompts on screen and allow disk cleanup to complete.
Upon reboot, you can reset your desktop background. Note: XP users using the XP theme may ex-
perience a change to the Classic Windows theme. This can be changed on the themes tab of
Smitrem.exe†† version 3.2 ††††Downloaded †times
Some screen shots of a computer infected with PSGuard here
If you have comments or suggestions about this tool and wish to email me,
feel free to do so
if you would like to have your favorite forum added to this list, please contact me with a link
Thanks for visiting!