- SmitFraud
SmitFraud or "W32/SmitFraud.A" is a type of
spyware that installs itself into a computer viaadware , without the user's knowledge. Most of the time, it installs itself after a computer user installs a spuriouscodec , such as BrainCodec, PCodec or VideoKeyCodec. It is also embedded in certain programs, such as iVideo, and much downloadable music files from music sharing programs and torrents. [ [http://www.pchell.com/support/smitfraud.shtml PC Hell: How to Remove SmitFraud variants like WinAntivirus Pro 2007, PestCapture, and more ] ] . SmitFraud infects a WindowsDLL with acomputer virus [ [http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=77495 Encyclopedia. Panda Security ] ] , and typically changes the infected computer's desktop background into aBlue Screen of Death .SmitFraud is now being used to term [ [http://www.bleepingcomputer.com/forums/topic17258.html How To Remove The Smitfraud / Generic Zlob / Quicknavigate / Virtual Maid ] ] infections wherein users receive fake alerts from software luring the user into installing some affiliated Fake /Rogue AntiSpyware with or without user's knowledge.Removal and protection
Spybot detects but cannot remove another variant of SmitFraud. In this variant, the files core.sys and core.cache.dsk are found in the C:WindowsSystem32Drivers folder. There are also two corresponding registry keys. This variant produces pop-up ads that pop-up blockers cannot suppress.
Ad-Aware and regular antivirus cannot remove these files or registry keys because they load into RAM early in the boot process. Once a file containing a Smitfraud virus is in RAM, the virus program code is executed along with the file it is attached to, makes copies of itself, and the copies attach themselves to other files in Physical Memory RAM. A prime target for self proliferation by Smitfraud viruses are often the files that reside in the boot sector of the hard disk. The newly infected files are then saved (written) to the hard disk, diskette or anything else, in the normal course of the taking of the computer, and the attached virus program code remains a part of them. One solution is to boot with DOS, Linux, or a bootable Windows disc using aBartPE solution such as UBCD4Win, then remove the files, then afterwards remove the registry keys. Another solution is to reformat your computer.[http://siri.urz.free.fr/Fix/SmitfraudFix_En.php SmitFraudFix] is a popular tool which can be employed in the complex removal process [ [http://securityticker.blogspot.com/2006/05/easy-fix-for-spyware-and-virus-alert.html Security Ticker: Easy Fix For Spyware and Virus Alert ] ] but with care [ [http://www.2-viruses.com/smitfraudfix-tutorial.html SmitFraudFix Tutorial ] ] . It covers a wide variety of Smitfraud variants.
[http://download.bleepingcomputer.com/sUBs/ComboFix.exe combofix] is another tool which is very efective at removing most variants of smitfraud. [ [http://www.bleepingcomputer.com/combofix/how-to-use-combofix combofix howto] ]
To protect against viruses, users should employ properly installed virus protection software, which scans RAM constantly and stops any procedure which may allow a virus to enter, and should write protect all diskettes, check all outside diskettes for viruses before trying to use them, and be cautious about where they download files from and accept files from on the Internet.
Example: ZTreeWin_1.5.zip contains a crack to register ZtreeWin 1.51 included files are: keygen.exe, one.nfo, file_id.diz and 'RUN.EXE'. It is the 'RUN.EXE' that contains the rogue program
ee also
*
AntiVirGear
*MalwareWipe /MalwareWiped
*Rogue software
*SpyAxe
*Spydawn
*Spylocked /Spywarelocked
*SpySheriff
*VirusBurst /VirusBursters
*Virusheat External links
* [http://siri.urz.free.fr/Fix/SmitfraudFix_En.php SmitFraudFix]
* [http://www.pandasecurity.com/enterprise/security-info/about-malware/encyclopedia/overview.aspx?idvirus=77495&sitepanda=empresas SmitFraud Info @ Panda Software]
* [http://www.safer-networking.org/ Spybot - Search & Destroy]Notes
Wikimedia Foundation. 2010.
