SmitFraud

SmitFraud

SmitFraud or "W32/SmitFraud.A" is a type of spyware that installs itself into a computer via adware, without the user's knowledge. Most of the time, it installs itself after a computer user installs a spurious codec, such as BrainCodec, PCodec or VideoKeyCodec. It is also embedded in certain programs, such as iVideo, and much downloadable music files from music sharing programs and torrents. [ [http://www.pchell.com/support/smitfraud.shtml PC Hell: How to Remove SmitFraud variants like WinAntivirus Pro 2007, PestCapture, and more ] ] . SmitFraud infects a Windows DLL with a computer virus [ [http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=77495 Encyclopedia. Panda Security ] ] , and typically changes the infected computer's desktop background into a Blue Screen of Death.SmitFraud is now being used to term [ [http://www.bleepingcomputer.com/forums/topic17258.html How To Remove The Smitfraud / Generic Zlob / Quicknavigate / Virtual Maid ] ] infections wherein users receive fake alerts from software luring the user into installing some affiliated Fake / Rogue AntiSpyware with or without user's knowledge.

Removal and protection

Spybot detects but cannot remove another variant of SmitFraud. In this variant, the files core.sys and core.cache.dsk are found in the C:WindowsSystem32Drivers folder. There are also two corresponding registry keys. This variant produces pop-up ads that pop-up blockers cannot suppress. Ad-Aware and regular antivirus cannot remove these files or registry keys because they load into RAM early in the boot process. Once a file containing a Smitfraud virus is in RAM, the virus program code is executed along with the file it is attached to, makes copies of itself, and the copies attach themselves to other files in Physical Memory RAM. A prime target for self proliferation by Smitfraud viruses are often the files that reside in the boot sector of the hard disk. The newly infected files are then saved (written) to the hard disk, diskette or anything else, in the normal course of the taking of the computer, and the attached virus program code remains a part of them. One solution is to boot with DOS, Linux, or a bootable Windows disc using a BartPE solution such as UBCD4Win, then remove the files, then afterwards remove the registry keys. Another solution is to reformat your computer.

[http://siri.urz.free.fr/Fix/SmitfraudFix_En.php SmitFraudFix] is a popular tool which can be employed in the complex removal process [ [http://securityticker.blogspot.com/2006/05/easy-fix-for-spyware-and-virus-alert.html Security Ticker: Easy Fix For Spyware and Virus Alert ] ] but with care [ [http://www.2-viruses.com/smitfraudfix-tutorial.html SmitFraudFix Tutorial ] ] . It covers a wide variety of Smitfraud variants.

[http://download.bleepingcomputer.com/sUBs/ComboFix.exe combofix] is another tool which is very efective at removing most variants of smitfraud. [ [http://www.bleepingcomputer.com/combofix/how-to-use-combofix combofix howto] ]

To protect against viruses, users should employ properly installed virus protection software, which scans RAM constantly and stops any procedure which may allow a virus to enter, and should write protect all diskettes, check all outside diskettes for viruses before trying to use them, and be cautious about where they download files from and accept files from on the Internet.

Example: ZTreeWin_1.5.zip contains a crack to register ZtreeWin 1.51 included files are: keygen.exe, one.nfo, file_id.diz and 'RUN.EXE'. It is the 'RUN.EXE' that contains the rogue program

ee also

*AntiVirGear
*MalwareWipe/MalwareWiped
*Rogue software
*SpyAxe
*Spydawn
*Spylocked/Spywarelocked
*SpySheriff
*VirusBurst/VirusBursters
*Virusheat

External links

* [http://siri.urz.free.fr/Fix/SmitfraudFix_En.php SmitFraudFix]
* [http://www.pandasecurity.com/enterprise/security-info/about-malware/encyclopedia/overview.aspx?idvirus=77495&sitepanda=empresas SmitFraud Info @ Panda Software]
* [http://www.safer-networking.org/ Spybot - Search & Destroy]

Notes


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • SmitFraud — o W32/SmitFraud.A es un programa espía que se instala en una computadora a través de un adware, sin el conocimiento del usuario. La mayoría del tiempo, se instala después de que el usuario de la computadora instala un códec falso, como BrainCodec …   Wikipedia Español

  • Kaspersky Lab — Infobox Company company name = Kaspersky Lab company company type = Private genre = foundation = 1997 [http://www.kaspersky.com/about About Us ] ] founder = Eugene Kaspersky location city = location country = location = Moscow, Russia origins =… …   Wikipedia

  • Scareware — Not to be confused with careware or shareware. Scareware comprises several classes of scam software with malicious payloads, or of limited or no benefit, that are sold to consumers via certain unethical marketing practices. The selling… …   Wikipedia

  • ContraVirus — is a Rogue Spyware application that poses as a legitimate anti spyware program.[1] The application uses a false scanner to force computer users to pay for the removal of non existent spyware items. It may also be known as ExpertAntivirus. [2][3]… …   Wikipedia

  • UltimateCleaner — Computer virus Fullname = UltimateCleaner.exe Common name = UltimateCleaner.exe Risk/Threat Level = Medium Affected System = Microsoft Windows (All) Classification = Virus Type = Spyware/Malware Subtype = Unknown IsolationDate = Unknown Isolation …   Wikipedia

  • Virusheat — Computer virus Fullname = VirusHeat Common name = VirusHeat Family = SmitFraud Technical name = VirusHeat Aliases = Virus Heat, VirusHeat 3.9 Classification = Rogue software Type = Microsoft Windows Origin = Russian Federation… …   Wikipedia

  • Liste de logiciels espions — La liste suivante (non exhaustive) de logiciels espions est classée en fonction de leurs effets. Sommaire 1 Génération de fenêtres intruses 2 Détournement de navigateur (hijackers) 3 Détournement de bureau (desktop hijackers) …   Wikipédia en Français

  • Копмьютерный шпион — Spyware (шпионское программное обеспечение) программа, которая скрытным образом устанавливается на компьютер с целью полного или частичного контроля за работой компьютера и пользователя без согласия последнего. В настоящий момент существует… …   Википедия

  • Программа-шпион — Spyware (шпионское программное обеспечение) программа, которая скрытным образом устанавливается на компьютер с целью полного или частичного контроля за работой компьютера и пользователя без согласия последнего. В настоящий момент существует… …   Википедия

  • Шпионское программное обеспечение — Spyware (шпионское программное обеспечение) программа, которая скрытным образом устанавливается на компьютер с целью полного или частичного контроля за работой компьютера и пользователя без согласия последнего. В настоящий момент существует… …   Википедия

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”