Monday, September 03, 2007

SmitFraudFix and Zlob Removal

SmitFraud Removal
This tool will remove Desktop hijacking malware.

Firstly, download the removal tool from here:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Disconnect from the internet to stop it from trying to reload itself on to your system.

Double-click SmitfraudFix.exe to run the first stage of the program.

On the first screen select 1 and hit Enter, this will create a report of the infected files.

The report can be found at the root of the system drive, which is usually located at C:\rapport.txt

Secondly, reboot into Safe Mode, keep tapping F8 key before Windows splash screen.

Double click the Smitfraudfix.exe and on the screen that opens type in 2 the hit Enter to delete any infected files.

You will then be prompted with ‘Do you want to clean the registry?’ Type Y and again hit Enter to remove the Desktop background and clean any registry keys that are associated with this infection.

The tool will then check to see if winnet.exe is infected. If it is you will be asked if you want to replace infected file? Type Y and again hit Enter to restore a clean file entry to the registry.

You may be required to reboot after the cleaning process, and you can then reconnect to the internet. A full report can be found on your root drive, usually C:\rapport.txt

Another option is to restore Trusted and Restricted sites, type in 3, hit Enter.

You will then be prompted with ‘Restore Trusted Zone?’ Type Y, hit Enter.

Some anti-virus programs detect process.exe as a ‘risk’. It is NOT a virus, it is a program used to stop system processes.

Zlob Removal
Download this file to your desktop
http://www.mvps.org/winhelp2002/DelDomains.inf

Close all browsers, right-click and select: Install

Disconnect from the internet.

This program doesn’t really install, it just clears all sites in the Domains and Ranges keys.

Afterward’s you will need to immunize again in SpyBotS&D and re-protect again with SpywareBlaster or re-install iespyadds if it’s installed, then the file itself (DelDomains.inf) can be safely deleted.

Simply use the Search or Find utility to locate it and delete it.

When your machine is clean, ensure that your Anti-Virus is up to date, I recommend that you use SpyWareGuard, SpyWareBlaster, CCleaner, and AdAware.
Posted by at
Labels: , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)