Welcome to noahdfearís page!

†† 2006

If you got a script notice on this page, itís because I use a

script to count the number of page loads here, as well as downloads of my tool. I use these

instead of the usual counters because I have no need for your browser version, screen res-

olution, where you came from, how long you are here, etc, etc. Thatís your business, not

mine. If you cannot see the number of times my tool has been downloaded, or the page load

counter, it may be due to a third party blocker, such as AdSubtract.


SmitRem is a tool I created to remove the Trojan-Spy.HTML.Smitfraud.c malware infection and itís

variants, AlfaCleaner, AntiVirusGold, BraveSentry, PSGuard, Search Maid,

Security IGuard, Security Toolbar, SpyAxe, SpyFalcon, SpyHeal.

SpySheriff, SpyTrooper, SpywareQuake, SpywareSheriff, SpywareStrike.

Trust Cleaner, Virtual Maid, VirusBurst and Winhound.


Click here for a full list of files removed by smitRem


Click here for a full list of registry keys altered by smitRem


These infections are known as Desktop Hijackers and make many unwanted changes to a userís computer.

They are also difficult to remove. The effects of each of the above variants varies, in some cases infecting the

system file wininet.dll and/or disabling the Task Manager in addition to taking over the desktop. I have

included the repair of all of the known registry changes made by these hijackers, as well as the removal of the

associated files and folders created. Panda ActiveScan online should be run following the use of this tool,

since it can detect and often repair anything not found and removed with the tool.


The tool also detects if the system file wininet.dll is infected, and

attempts to replace it with another copy on the system. In XP and 2000, if another copy of wininet.dll is

found in one of the locations the tool looks, the tool will replace the infected file. Windows 95, 98 and

Windows Millennium do not have copies, so itís necessary to try to clean it or replace it otherwise.

Panda ActiveScan online had been properly cleaning the infected wininet, but I recently noticed it was

instead deleting it. I hope they get this fixed, but in the meantime, if you have one of those operating

systems with an infected wininet.dll, I suggest you download the appropriate patch for your system from

Microsoft, which contains a copy of the file, before scanning with Panda, in case it does get deleted.




If youíre able to place a copy of the infected wininet.dll on the desktop in Windows 95/98/ME,

eTrust Online Antivirus scanner will clean it. You can then boot into the command prompt only

mode to delete the infected file in the system folder, and copy the clean desktop file to the system

folder. Once replaced, the bad file(s) oleadm.dll or oleext.dll can be deleted in normal mode.


Click here to go to the eTrust online scanner



I do not recommend using the tool without guidance from a qualified malware removal specialist!


Download smitRem.exe, saving the file to your desktop. Double click it to extract the contents to a

folder of itís own. Restart your computer in safe mode, logon to the user account that is infected,

open the smitRem folder and double click the RunThis.bat file to start the tool.

Follow the prompts on screen and allow disk cleanup to complete.

Upon reboot, you can reset your desktop background. Note: XP users using the XP theme may ex-

perience a change to the Classic Windows theme. This can be changed on the themes tab of

desktop properties.


Smitrem.exe†† version 3.2 ††††Downloaded times



Some screen shots of a computer infected with PSGuard here

†††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††† ††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††††


If you have comments or suggestions about this tool and wish to email me,

feel free to do so



Recommended sites for help in their malware removal forums

GeeksToGo SpywareInfo TomCoyote

PCPitstop BleepingComputer

Tech Support Guy Tech Support Forum

Subratam.org Freedomlist

Atribune.org forospyware.com

Malware Removal CastleCops

Security Central


if you would like to have your favorite forum added to this list, please contact me with a link


Thanks for visiting!

Panda ActiveScan - Free Online Virus Check


Free PHP scripts by PHPJunkYard.com