View Full Version : SmitFraudFix
NICK ADSL UK
August 10th, 2008, 05:04 PM
Changelog:
Version 2.334 (August 09, 2008
Update: 404Fix v1.2
O3 - Toolbar: Internet Service - {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program Files\Applications\iebr.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{254B87BB-510D-41FA-A887-52C5FA9BE585}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{254B87BB-510D-41FA-A887-52C5FA9BE585}"=-
%SYSTEM%\ieupdates.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ieupdate"=-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
please note this software is to be used under supervision only from a malware specialist
NICK ADSL UK
August 12th, 2008, 06:29 PM
Changelog:
Version 2.335 (August 11, 2008
tdssserv.sys Rootkit detection
%ProgramFiles%\IA\
%ProgramFiles%\Internet Antivirus\
%USERPROFILE%\Application Data\Internet Antivirus\
%ALLUSERPROFILE%\Desktop\Internet Antivirus.lnk
%ALLUSERPROFILE%\Start Menu\Programs\Internet Antivirus\
%USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
%USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
%USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
%USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Antivirus_is1]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"iv"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Internet Antivirus"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"3P_UDEC_IA"=-
%desktop%\GAY PORN.url
%desktop%\MASTURBATION VIDS.url
%ProgramFiles%\PCHealthCenter\
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\Win2.exe"=-
"\Win3.exe"=-
"\Win4.exe"=-
"\Win5.exe"=-
"\Win6.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"\Win2.exe"=-
"\Win3.exe"=-
"\Win4.exe"=-
"\Win5.exe"=-
"\Win6.exe"=-
%ProgramFiles%\VAV\
%desktop%\Vista Antivirus 2008.lnk
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
please note this software is to be used under supervision only from a malware specialist
NICK ADSL UK
August 14th, 2008, 07:55 AM
Changelog:
Version 2.336 (August 13, 2008
%WINDIR%\buritos.exe
%WINDIR%\karina.dat
%SYSTEM%\braviax.exe
%SYSTEM%\buritos.exe
%SYSTEM%\karina.dat
%SYSTEM%\winivstr.exe
Search and restore infected:
%SYSTEM%\drivers\beep.sys
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"braviax"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"braviax"=-
O20 - AppInit_DLLs: C:\WINDOWS\System32\karina.dat
%AllUserDesktop%\XPSecurityCenter.lnk
%ALLUSERPROFILE%\Start Menu\Programs\XPSecurityCenter\
%ProgramFiles%\XPSecurityCenter\
%SYSTEM%\_scui.cpl
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XP SecurityCenter"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"="0x00000000"
"FirewallDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
[-HKEY_LOCAL_MACHINE\SOFTWARE\XP_SecurityCenter\]
[HKEY_CURRENT_USER\Control Panel\don't load]
"scui.cpl"=-
"wscui.cpl"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceClassicControlPanel"=-
%desktop%\Antivirus Master.lnk
%ProgramFiles%\AVM\
%SYSTEM%\avm.cpl
[-HKEY_CURRENT_USER\Software\AntiVirus]
[-HKEY_CURRENT_USER\Software\AVM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-
%desktop%\TheSpyBot.lnk
%USERPROFILE%\Start Menu\Programs\TheSpyBot\
%ProgramFiles%\TheSpyBot\
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TheSpyBot]
[HKEY_CURRENT_USER\Software\TheSpyBot]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TheSpyBot"=-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
please note this software is to be used under supervision only from a malware specialist
NICK ADSL UK
August 18th, 2008, 10:25 AM
Changelog:
Version 2.337 (August 18, 2008
Update: 404Fix v1.3
%Desktop%\FETISH PICS.url
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"smile"=-
Version 2.337 (August 14, 2008
Update: IEDFix.C 1.1
O2 - BHO: (no name) - {300CF5C9-F02D-4CB8-ABED-9C229DA56825} - C:\Program Files\Applications\iebt.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300CF5C9-F02D-4CB8-ABED-9C229DA56825}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300CF5C9-F02D-4CB8-ABED-9C229DA56825}]
%SYSTEM%\scui.cpl
%ProgramFiles%\AV9\
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
%USERPROFILE%\Start Menu\Programs\Antivirus 2009\
%desktop%\Antivirus 2009.lnk
%SYSTEM%\winsrc.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}]
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
please note this software is to be used under supervision only from a malware specialist
NICK ADSL UK
August 22nd, 2008, 10:01 AM
Changelog:
Version 2.339 (August 21, 2008
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"buritos"=-
%ALLUSERPROFILE%\Start Menu\Programs\Antivirus XP 2008\
%ALLUSERPROFILE%\Start Menu\Programs\Antivirus XP 2008.lnk
%AllUserDesktop%\Antivirus XP 2008.lnk
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
please note this software is to be used under supervision only from a malware specialist
NICK ADSL UK
August 29th, 2008, 07:13 PM
Changelog:
Version 2.342 (August 28, 2008
%DESKTOP%\Total Secure 2009.lnk
%USERPROFILE%\Start Menu\Programs\Total Secure 2009.lnk
%ProgramFiles%\TotalSecure2009\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Total Secure 2009]
[-HKEY_CURRENT_USER\Software\TotalSecure2009]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TotalSecure2009"=-
[B] Version 2.341 (August 28, 2008[/B]
%ProgramFiles%\Power-Antivirus-2009\
%USERPROFILE%\Application Data\Power-Antivirus-2009\
%USERPROFILE%\Start Menu\Programs\Power-Antivirus-2009\
%desktop%\Power-Antivirus-2009.lnk
[-HKEY_CURRENT_USER\Software\Power-Antivirus-2009]
%ProgramFiles%\RichVideoCodec\ (Already removed)
%SYSTEM%\RichVideoCodec.dll (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\CodecBHO.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{e12b39a5-df4a-4f04-a85b-4ecf048e359f}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a37b3779-e4f3-424c-a495-a60ea8063476}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65c5ebd-0989-40b5-a2a0-84642539bf82}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E46194A9-C4B1-4C0F-A75E-E9C5BDED7874}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E7309FD6-0FD0-459D-A5E8-27D7A23215F1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B648A7F7-DD8F-4535-AFAD-CE5BA0E8320E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.CodecPlugin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.CodecPlugin.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.XMLDOMDocumentEventsSink]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.XMLDOMDocumentEventsSink.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a37b3779-e4f3-424c-a495-a60ea8063476}]
[-HKEY_CURRENT_USER\Software\RichVideoCodec] (Already removed)
[B] Version 2.340 (August 27, 2008[/B]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\VIE2.exe"=-
"\VIE3.exe"=-
"\VIE4.exe"=-
"\VIE5.exe"=-
"\VIEA.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"\VIE2.exe"=-
"\VIE3.exe"=-
"\VIE4.exe"=-
"\VIE5.exe"=-
"\VIEA.exe"=-
%DESKTOP%\EXTREME ****.url
%DESKTOP%\TITS AND ASS.url
%SYSTEM%\1.ico
%SYSTEM%\2.ico
%SYSTEM%\VIEA.exe
%SYSTEM%\VIE5.exe
%SYSTEM%\VIE4.exe
%SYSTEM%\VIE3.exe
%SYSTEM%\VIE2.exe
%WINDOWS%\rvoelbxt.exe
O2 - BHO: (no name) - {0BD44AB1-76A7-4E05-92F4-4B065FE72BD6} - C:\Program Files\Applications\iebt.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BD44AB1-76A7-4E05-92F4-4B065FE72BD6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BD44AB1-76A7-4E05-92F4-4B065FE72BD6}]
O3 - Toolbar: Internet Service - {3BEBF2FE-7248-40E2-9752-8163EB6C4038} - C:\Program Files\Applications\iebr.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BEBF2FE-7248-40E2-9752-8163EB6C4038}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3BEBF2FE-7248-40E2-9752-8163EB6C4038}"=-
[B]please note this software is to be used under supervision only from a malware specialist [/B]
[url]http://siri.urz.free.fr/Fix/SmitfraudFix_En.php[/url]
NICK ADSL UK
September 5th, 2008, 06:54 PM
Changelog:
Version 2.346 (September 05, 2008
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Antivirus-2009.lnk
%USERPROFILE%\Start Menu\Programs\Smart Antivirus 2009\
%DESKTOP%\Smart Antivirus-2009.lnk
%PROGRAMFILES%\Smart Antivirus 2009\
[-HKEY_CURRENT_USER\Software\Smart Antivirus 2009]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Smart Antivirus-2009.exe"=-
Version 2.345 (September 03, 2008
Update: some malwares definitions and reboot.exe counter.
%SYSTEM%\Cpl32ver.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpl32ver"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Somefox]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Somefox"=-
%DESKTOP%\System Antivirus 2008.lnk
%PROGRAMFILES%\sav\
[-HKEY_CURRENT_USER\Software\AntiVirus] (Already removed)
[-HKEY_CURRENT_USER\Software\SAV]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=- (Already removed)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=- (Already removed)
please note this software is to be used under supervision only from a malware specialist
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
September 9th, 2008, 07:37 PM
Changelog:
Version 2.347 (September 08, 2008
%SYSDIR%\c.ico
%STARTMENU%\VIP Casino.url
%FAVORITES%\VIP Casino.url
%DESKTOP%\VIP Casino.url
%WINDOWS%\mqgldfvo.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\YUR1.exe"=-
"\YUR2.exe"=-
"\YUR3.exe"=-
"\YUR4.exe"=-
"\YUR5.exe"=-
"\YUR6.exe"=-
"\YUR7.exe"=-
"\YUR8.exe"=-
"\YURA.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"\YUR1.exe"=-
"\YUR2.exe"=-
"\YUR3.exe"=-
"\YUR4.exe"=-
"\YUR5.exe"=-
"\YUR6.exe"=-
"\YUR7.exe"=-
"\YUR8.exe"=-
"\YURA.exe"=-
%DESKTOP%\BEST ZOO PORN.url
%DESKTOP%\QUALITY PORN.url
%SYSTEM%\YUR*.exe
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
September 16th, 2008, 08:15 AM
Changelog:
Version 2.352 (September 16, 2008)
%SYSTEM%\users64.dat
%SYSTEM%\sysppu?.dll
Version 2.351 (September 15, 2008)
O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{144A6B24-0EBC-4D89-BF09-A06A718E57B5}"=-
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusResponse Lab 2009 2.1.lnk
%STARTMENU%\VirusResponse Lab 2009 2.1.lnk
%STARTMENU%\Programs\VirusResponse Lab 2009 2.1\
%DESKTOP%\VirusResponse Lab 2009 2.1.lnk
%PROGRAMFILES%\VirusResponseLab2009\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO.1] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusResponseLab2009]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusResponseLab2009]
[-HKEY_CURRENT_USER\Software\VirusResponseLab2009]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirusResponseLab2009\VirusResponseLab2009.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirusResponseLab2009\VirusResponseLab2009.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VirusResponseLab2009"=-
Version 2.350 (September 14, 2008)
%SYSTEM%\algg.exe
O2 - BHO: (no name) - {CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - C:\Program Files\Applications\iebt.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFEE97A3-4911-444D-8BE8-E243A23D3DE2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CFEE97A3-4911-444D-8BE8-E243A23D3DE2}]
O3 - Toolbar: Internet Service - {0CF79C5F-22AB-4E2A-82A5-BC9F4F3D4F87} - C:\Program Files\Applications\iebr.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CF79C5F-22AB-4E2A-82A5-BC9F4F3D4F87}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0CF79C5F-22AB-4E2A-82A5-BC9F4F3D4F87}"=-
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Lab 2009 2.1.lnk
%STARTMENU%\AntiVirus Lab 2009 2.1.lnk
%STARTMENU%\Programs\AntiVirus Lab 2009 2.1\
%DESKTOP%\AntiVirus Lab 2009 2.1.lnk
%PROGRAMFILES%\AntiVirusLab2009\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2A9759D-210A-0253-D944-8B76AC2B0D92}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiVirusLab2009]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirusLab2009]
[-HKEY_CURRENT_USER\Software\AntiVirusLab2009]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AntiVirusLab2009"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AntiVirusLab2009\AntiVirusLab2009.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AntiVirusLab2009\AntiVirusLab2009.exe"=-
Version 2.349 (September 11, 2008)
Update: IEDFix.C 1.3
Version 2.348 (September 09, 2008)
[-HKEY_CURRENT_USER\Software\AntiVirus]
[-HKEY_CURRENT_USER\Software\MicroAV]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-
%SYSTEM%\MicroAV.cpl
%DESKTOP%\MicroAntivirus.lnk
%PROGRAMFILES%\MicroAntivirus\
[-HKEY_CURRENT_USER\Software\AntiVirus]
[-HKEY_CURRENT_USER\Software\XPA]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-
%SYSTEM%\XPA.cpl
%DESKTOP%\XPert Antivirus.lnk
%PROGRAMFILES%\XPA\
[-HKEY_CURRENT_USER\Software\AntiVirus]
[-HKEY_CURRENT_USER\Software\PWA]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-
%SYSTEM%\PWA.cpl
%DESKTOP%\Power Antivirus.lnk
%PROGRAMFILES%\PWA\
[-HKEY_CURRENT_USER\Software\AntiVirus]
[-HKEY_CURRENT_USER\Software\AAV]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-
%SYSTEM%\aav.cpl
%DESKTOP%\Advanced Antivirus.lnk
%PROGRAMFILES%\AAV\
[-HKEY_CURRENT_USER\Software\AntiVirus]
[-HKEY_CURRENT_USER\Software\MSx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANTIVIRUS"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANTIVIRUS"=-
%SYSTEM%\MSx.cpl
%DESKTOP%\MS Antivirus.lnk
%PROGRAMFILES%\MSX\
[url]http://siri.urz.free.fr/Fix/SmitfraudFix_En.php[/url]
NICK ADSL UK
October 1st, 2008, 04:58 PM
Changelog:
Version 2.356 (October 01, 2008
Update: VACFix definition
Version 2.355 (September 24, 2008
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cognac"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cognac"=-
Version 2.354 (September 23, 2008
%SYSDIR%\m.ico
%STARTMENU%\Free MP3 Search.url
%FAVORITES%\Free MP3 Search.url
%DESKTOP%\Free MP3 Search.url
%SYSDIR%\p.ico
%STARTMENU%\Free Porn.url
%FAVORITES%\Free Porn.url
%DESKTOP%\Free Porn.url
%WINDIR%\k.txt
%SYSTEM%\fbxrqtwn.exe
%SYSTEM%\MicroAV.cpl
%DESKTOP%\Micro Antivirus 2009.lnk
%PROGRAMFILES%\MicroAV\
[-HKEY_CURRENT_USER\Software\AntiVirus]
[-HKEY_CURRENT_USER\Software\uav]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-
%PROGRAMFILES%\uav\
%DESKTOP%\Ultimate Antivirus 2008.lnk
%SYSTEM%\uav.cpl
Version 2.353 (September 20, 2008
Added: o4Patch.exe tool to detect infected binaries.
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
October 11th, 2008, 03:29 PM
Changelog:
Version 2.359 (October 11, 2008
%WINDIR%\karna.dat
%SYSTEM%\brastk.exe
%SYSTEM%\karna.dat
O20 - AppInit_DLLs: C:\WINDOWS\System32\karna.dat
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"brastk"=-
Version 2.358 (October 10, 2008
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusResponse Lab 2009 2.1.lnk (Already removed)
%STARTMENU%\VirusResponse Lab 2009 2.1.lnk (Already removed)
%STARTMENU%\Programs\VirusResponse Lab 2009 2.1\ (Already removed)
%DESKTOP%\VirusResponse Lab 2009 2.1.lnk (Already removed)
%PROGRAMFILES%\virusrl2009\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DCD4F35-9FD5-420b-A9AA-FED0E2AECEE0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5734812-E6A1-8833-ECA9-949B5B8A88BF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VRLWarning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VRLWarning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusRL2009]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0DCD4F35-9FD5-420b-A9AA-FED0E2AECEE0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusRL2009]
[-HKEY_CURRENT_USER\Software\VirusRL2009]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirusRL2009\VirusRL2009.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirusRL2009\VirusRL2009.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VirusRL2009"=-
O2 - BHO: (no name) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}]
Version 2.357 (October 07, 2008
%STARTMENU%\Programs\av2010\
%DESKTOP%\av2010.lnk
%PROGRAMFILES%\av2010\
%SYSTEM%\IEDefender.dll
%SYSTEM%\wingamma.exe
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\IEDefender.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEDefender.IEDefenderBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEDefender.IEDefenderBHO.1]
[-HKEY_CURRENT_USER\Software\AV2010]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Gamma Display"=-
[url]http://siri.urz.free.fr/Fix/SmitfraudFix_En.php[/url]
NICK ADSL UK
October 14th, 2008, 12:07 PM
Changelog:
Version 2.360 (October 14, 2008
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusResponse Lab 2009 2.1.lnk (Already removed)
%STARTMENU%\VirusResponse Lab 2009 2.1.lnk (Already removed)
%STARTMENU%\Programs\VirusResponse Lab 2009 2.1\ (Already removed)
%DESKTOP%\VirusResponse Lab 2009 2.1.lnk (Already removed)
%PROGRAMFILES%\virrl2009\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5734812-E6A1-8833-ECA9-949B5B8A88BF}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirRLWarning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirRLWarning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirRL2009]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirRL2009]
[-HKEY_CURRENT_USER\Software\VirRL2009]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirRL2009\VirRL2009.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirRL2009\VirRL2009.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VirRL2009"=-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
October 19th, 2008, 08:51 AM
Changelog:
Version 2.365 (October 18, 2008
%USERPROFILE%\Application Data\spyprotector\
%USERPROFILE%\Application Data\install.exe
%USERPROFILE%\Application Data\shellex.dll
%USERPROFILE%\Application Data\srcss.exe
%ALLUSERSTARTMENU%\Programs\spy protector\
%DESKTOP%\spy protector.lnk
%PROGRAMFILES%\spy protector\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Spy Protector]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{107A1D63-2EAA-4694-8ABA-EC209C630D83}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CBE202A6-3B75-4189-B161-9B4DF370BEE9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Spy Protector]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Spy Protector]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shellex.TBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\srcss.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBE202A6-3B75-4189-B161-9B4DF370BEE9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SpyProtector]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spy Protector"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{107A1D63-2EAA-4694-8ABA-EC209C630D83}"=-
Version 2.364 (October 18, 2008
%HOMEDRIVE%\resycled
%HOMEDRIVE%\autorun.inf
Restoring infected %SYSTEM%\userinit.exe
%USERSTARTMENU%\Programs\Pornovid\
%PROGRAMFILES%\Pornovid
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pornovid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pornovid]
[-HKEY_CURRENT_USER\Software\Pornovid]
Version 2.363 (October 17, 2008
%ALLUSERSTARTMENU%\Programs\PC Protection Center 2008\
%ALLUSERDESKTOP%\PC Protection Center 2008.lnk
%PROGRAMFILES%\PC Protection Center 2008\
%SYSTEM%\vbzlib2.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Protection Center 2008]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Protection Center"=-
%WINDOWS%\ieguard.dll
%WINDOWS%\sysguard\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D032570A-5F63-4812-A094-87D007C23012}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ieguard.TIEAdvBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sysguard]
[-HKEY_CURRENT_USER\Software\sysguard]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-
Version 2.362 (October 16, 2008
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusRemover2008]
[-HKEY_LOCAL_MACHINE\SOFTWARE\VirusRemover2008]
[-HKEY_LOCAL_MACHINE\SOFTWARE\{5222008A-DD62-49c7-A735-7BD18ECC7350}]
[-HKEY_CURRENT_USER\Software\VirusRemover2008]
[-HKEY_CURRENT_USER\{5222008A-DD62-49c7-A735-7BD18ECC7350}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirusRemover2008"=-
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\virusremover2008.lnk
%USERPROFILE%\Application Data\virusremover2008\
%STARTMENU%\Programs\virusremover2008\
%DESKTOP%\virusremover2008.lnk
%PROGRAMFILES%\virusremover2008\
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
October 26th, 2008, 08:20 PM
Changelog:
Version 2.367 (October 26, 2008
%SYSTEM%\ntload.dll
%SYSTEM%\sex1.ico.tmp
%SYSTEM%\sex2.ico.tmp
%SYSTEM%\update32.exe.tmp
%SYSTEM%\winupdate.exe
%SYSTEM%\wscmp.dll.tmp
%DESKTOP%\Uncensored porn.url
%DESKTOP%\BDSM galleries.url
%SYSTEM%\winupdate.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"run"=-
%PROGRAMFILES%\VResLab\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B494E7BB-1E33-4922-A947-F74EFF4E714F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VResLabWarning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VResLabWarning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VResLab]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B494E7BB-1E33-4922-A947-F74EFF4E714F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VResLab]
[-HKEY_CURRENT_USER\Software\VResLab]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VResLab\VResLab.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VResLab\VResLab.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VResLab"=-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
October 28th, 2008, 07:32 PM
Changelog:
Version 2.368 (October 28, 2008
%DESKTOP%\SMS TRAP.url
%FAVORITES%\SMS TRAP.url
%STARTMENU%\SMS TRAP.url
%SYSTEM%\p.ico
%DESKTOP%\AntiVirus Sentry.lnk
%PROGRAMFILES%\AVS\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVS]
[-HKEY_CURRENT_USER\Software\AVS]
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
October 30th, 2008, 07:37 PM
Changelog:
Version 2.369 (October 30, 2008
%USERSTARTMENU%\Programs\WinDefender 2009.lnk
%DESKTOP%\WinDefender 2009.lnk
%PROGRAMFILES%\WinDefender
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDefender 2009]
[-HKEY_CURRENT_USER\Software\WinDefender2009]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WinDefender2009"
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
November 7th, 2008, 07:33 PM
Changelog:
Version 2.373 (November 06, 2008
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard]
[-HKEY_CURRENT_USER\Software\Spyware Guard]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"spywareguard"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"OLESys"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Explorer"=-
%USERSTARTMENU%\Programs\Spyware Guard 2008\
%PROGRAMFILES%\Spyware Guard 2008\
%allusersprofile%\Application Data\Microsoft\Internet Explorer\olesys.dll
%allusersprofile%\Application Data\Microsoft\Protect\conf.sys
%allusersprofile%\Application Data\Microsoft\Protect\ie.dll
%allusersprofile%\Application Data\Microsoft\Protect\svhost.exe
%allusersprofile%\Application Data\Microsoft\Protect\track.sys
%allusersprofile%\Application Data\winlogon.exe
%DESKTOP%\Spyware Guard 2008.lnk
%WINDOWS%\reged.exe
%WINDOWS%\spoolsystem.exe
%WINDOWS%\sys.com
%WINDOWS%\syscert.exe
%WINDOWS%\sysexplorer.exe
%WINDOWS%\vmreg.dll
%SYSTEM%\wsc32x.exe
Version 2.372 (November 06, 2008
Removed: AntiXPVSTFix tool
Version 2.371 (October 31, 2008
%USERSTARTMENU%\Programs\sexvid\
%PROGRAMFILES%\sexvid\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sexvid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sexvid]
[-HKEY_CURRENT_USER\Software\sexvid]
%TEMP%\winlogon.exe
%SYSTEM%\msansspc.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Firewall auto setup"
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
November 12th, 2008, 06:32 PM
Changelog:
Version 2.375 (November 12, 2008
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusTrigger 2.1.lnk
%STARTMENU%\VirusTrigger 2.1.lnk
%STARTMENU%\Programs\VirusTriggerBin\
%DESKTOP%\VirusTrigger 2.1.lnk
%PROGRAMFILES%\VirusTriggerBin\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{096CBA44-4A4C-49f7-8903-1E75550ABCB7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE8A3F7B-E4AB-5C41-4926-3FAED82759F5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirusTriggerBinWarning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirusTriggerBinWarning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusTriggerBin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{096CBA44-4A4C-49f7-8903-1E75550ABCB7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusTriggerBin]
[-HKEY_CURRENT_USER\Software\VirusTriggerBin]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirusTriggerBin\VirusTriggerBin.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirusTriggerBin\VirusTriggerBin.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VirusTriggerBin"=-
Version 2.374 (November 09, 2008
%PROGRAMFILES%\Google\googletoolbar1.dll
%PROGRAMFILES%\Google\setupcom.dat
%PROGRAMFILES%\Google\setupext.dat
%SYSTEM%\crypts.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt]
O2 - BHO: (no name) - {8710DF42-3171-4A3B-9079-3F7D7101552B} - C:\Program Files\Applications\iebt.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8710DF42-3171-4A3B-9079-3F7D7101552B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8710DF42-3171-4A3B-9079-3F7D7101552B}]
O3 - Toolbar: Internet Service - {E43B6656-814B-4839-8FF8-AFFDE0DA9A3F} - C:\Program Files\Applications\iebr.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43B6656-814B-4839-8FF8-AFFDE0DA9A3F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E43B6656-814B-4839-8FF8-AFFDE0DA9A3F}"=-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
November 20th, 2008, 05:39 PM
Changelog:
Version 2.376 (November 20, 2008
%PROGRAMFILES%\msvideoplugin\
%PROGRAMFILES%\homeview\
%STARTMENU%\Programs\homeview\
%SYSTEM%\mws55681.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6733C78-821F-3BBF-ADE6-3DB71CAD887A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6733C78-821F-3BBF-ADE6-3DB71CAD887A}]
%SYSTEM%\msiconf.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msiexec.exe"=-
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\antivirustrigger 2.1.lnk
%STARTMENU%\antivirustrigger 2.1.lnk
%STARTMENU%\Programs\antivirustrigger 2.1\
%DESKTOP%\antivirustrigger 2.1.lnk
%PROGRAMFILES%\virtrigger\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0088C75C-6361-4dfb-B2CF-576CACFA3C55}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22C447D3-73A8-E1C7-C391-21BE4338CEBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirTriggerWarning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirTriggerWarning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirTrigger]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0088C75C-6361-4dfb-B2CF-576CACFA3C55}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirTrigger]
[-HKEY_CURRENT_USER\Software\VirTrigger]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirTrigger\VirTrigger.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirTrigger\VirTrigger.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VirTrigger"=-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
December 11th, 2008, 07:06 PM
Changelog:
Version 2.383 (December 10, 2008
%PROGRAMFILES%\vrl32software\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E6615B5-A259-4e55-905F-7F9CE60B379D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{305043E5-F9D9-4B3A-A618-C4D0DA8031CE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{536CBA8A-9DB6-45CF-8D65-F486C49242D5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B3A0AA5C-9FA3-408D-8193-2A948EF51D2D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vrl32Warning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vrl32Warning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\vrl32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E6615B5-A259-4e55-905F-7F9CE60B379D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vrl32]
[-HKEY_CURRENT_USER\Software\vrl32]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\vrl32software\vrl32.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\vrl32software\vrl32.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"vrl32"=-
[B]Version 2.382 (December 9, 2008 [/B]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Smax4"=-
%USERPROFILE%\Application Data\Google\kjzna1562565.exe
%USERPROFILE%\Application Data\Google\spcffwl.dll
[B]Version 2.381 (December 3, 2008 [/B]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"QuickTime Task"=-
"VMware hptray"=-
%PROGRAMFILES%\avrlabs\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D695B871-8020-4041-A6D2-59F922E1B2E2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avrlabsWarning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avrlabsWarning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\avrlabs]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D695B871-8020-4041-A6D2-59F922E1B2E2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avrlabs]
[-HKEY_CURRENT_USER\Software\avrlabs]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\avrlabs\avrlabs.exe"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
"C:\Program Files\avrlabs\avrlabs.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"avrlabs"=-
[B]Version 2.380 (November 30, 2008 [/B]
%PROGRAMFILES%\WebMediaViewer\
O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]
O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3B8FB116-D358-48A3-A5C7-DB84F15CBB04}]
%PROGRAMFILES%\AnvTrgrsoftware\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E9BCC0-2E84-4500-8A9C-0B7A96769124}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C8B2A9C-24A0-4991-A74B-1E4931BD3A57}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF3F06C6-D443-48A8-BDF2-4E31F0554EBF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BAE92F67-539C-41CD-9183-162BB40AAA0C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnvTrgrWarning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnvTrgrWarning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AnvTrgrsoft]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95E9BCC0-2E84-4500-8A9C-0B7A96769124}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnvTrgrsoft]
[-HKEY_CURRENT_USER\Software\AnvTrgrsoft]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AnvTrgrsoftware\AnvTrgr.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AnvTrgrsoftware\AnvTrgr.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AnvTrgr"=-
[B]Version 2.379 (November 29, 2008 [/B]
Update: IEDFix.C 1.12
[B]Version 2.378 (November 24, 2008 [/B]
%PROGRAMFILES%\AvirTrsoftware\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A267370-076E-4af4-B986-77626B8E89DF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{764BC8B4-1159-4736-8AF1-F124A7C8C3A8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF3F06C6-D443-48A8-BDF2-4E31F0554EBF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3ED86073-2FA7-4CF4-810B-28B030671678}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvirTrWarning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvirTrWarning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AvirTrsoft]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A267370-076E-4af4-B986-77626B8E89DF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AvirTrsoft]
[-HKEY_CURRENT_USER\Software\AvirTrsoft]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AvirTrsoftware\AvirTr.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AvirTrsoftware\AvirTr.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AvirTr"=-
[B]Version 2.377 (November 21, 2008 [/B]
%PROGRAMFILES%\WMVideoPlugin\
%SYSTEM%\mws31209.dll
%SYSTEM%\ws31209.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC3081A6-AC0C-331D-860E-AEF4790E6B5B}]
[-HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{C77BD12E-4A3C-33E3-858C-F2D04591C6B5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0BB62EE8-3528-39F7-9070-F9F0C09329D5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC3081A6-AC0C-331D-860E-AEF4790E6B5B}]
[url]http://siri.urz.free.fr/Fix/SmitfraudFix_En.php[/url]
NICK ADSL UK
December 31st, 2008, 02:26 PM
Changelog:
Version 2.388 (December 31, 2008
%STARTMENU%\Programs\videosoft\
%PROGRAMFILES%\videosoft\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\videosoft]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videosoft]
[-HKEY_CURRENT_USER\Software\videosoft]
%PROGRAMFILES%\Total Protect 2009\
%ALLUSERPROFILE%\StartMenu\Programs\Total Protect 2009\
%ALLUSERPROFILE%\Desktop\Run Total Protect 2009.lnk
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\totalprotect]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\totalprotect]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Total Protect 2009]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Total Protect 2009"=-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
February 8th, 2009, 01:08 PM
Changelog:
Version 2.394 (February 8, 2009)
%PROGRAMFILES%\freshplay\
%STARTMENU%\Programs\freshplay
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\freshplay]
[-HKEY_CURRENT_USER\SOFTWARE\freshplay]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\freshplay]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFolderOptions"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFolderOptions"=-
%ALLUSERPROFILE%\Application Data\CrucialSoft Ltd\
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\uninstall\MS AntiSpyware 2009 5.7]
[-HKEY_CURRENT_USER\Software\CrucialSoft Ltd]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MS AntiSpyware 2009"=-
Version 2.393 (February 7, 2009)
%WINDOWS%\sysguard.exe
%SYSTEM%\iehelper.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9C42510-9B21-41c1-9DCD-8382A2D07C61}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B21-41c1-9DCD-8382A2D07C61}]
[-HKEY_CURRENT_USER\Software\AvScan]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"sysguard"=-
Version 2.392 (January 27, 2009)
%SYSTEM%\winsystems.dll
%STARTMENU%\Programs\IE-Security.lnk
%DESKTOP%\IE-Security.lnk
%PROGRAMFILES%\IE-Security\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE-Security]
[-HKEY_CURRENT_USER\Software\IE-Security]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IE-Security"=-
%STARTMENU%\XP Police Antivirus.lnk
%DESKTOP%\XP Police Antivirus.lnk
%PROGRAMFILES%\XPPoliceAntivirus\
[-HKEY_CURRENT_USER\Software\XP Police Antivirus]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PoliceAV"=-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
February 19th, 2009, 01:56 PM
Changelog:
Version 2.398 (February 19, 2009)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Internet Agent"=-
%SYSTEM%\winagent.exe
%PROGRAMFILES%\HDQuality\
%STARTMENU%\Programs\HDQuality\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HDQuality]
[-HKEY_CURRENT_USER\SOFTWARE\HDQuality]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDQuality]
[B] Version 2.397 (February 16, 2009)[/B]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"[IA3_]"=-
%WINDOWS%\iehost.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12c7290a-157b-4f43-b109-97e792c598ed}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8A10FC9B-8D76-4E95-A9BE-ACDA2F665C30}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinGDIApp.WinGDI]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinGDIApp.WinGDI.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12c7290a-157b-4f43-b109-97e792c598ed}]
[B] Version 2.396 (February 15, 2009)[/B]
%PROGRAMFILES%\CMVideoPlugin
%PROGRAMFILES%\SmitFraudFixTool\
%ALLUSERDESKTOP%\SmitFraudFixTool.lnk
%USERPROFILE%\\Application Data\SmitFraudFixTool\
%ALLUSERSTARTMENU%\Programs\SmitFraudFixTool\
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmitFraudFixTool"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EE433D-A290-4811-B562-8A1878AEE706}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{10EE433D-A290-4811-B562-8A1878AEE706}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB63BB6D-4A8A-4E69-9F4B-E099C874A2AA}]
[-HKEY_CURRENT_USER\Software\SmitFraudFixTool]
[B] Version 2.395 (February 9, 2009)[/B]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"systeminit.exe"=-
[B] Version 2.394 (February 8, 2009)[/B]
%PROGRAMFILES%\freshplay\
%STARTMENU%\Programs\freshplay
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\freshplay]
[-HKEY_CURRENT_USER\SOFTWARE\freshplay]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\freshplay]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFolderOptions"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFolderOptions"=-
%ALLUSERPROFILE%\Application Data\CrucialSoft Ltd\
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\uninstall\MS AntiSpyware 2009 5.7]
[-HKEY_CURRENT_USER\Software\CrucialSoft Ltd]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MS AntiSpyware 2009"=-
[url]http://siri.urz.free.fr/Fix/SmitfraudFix_En.php[/url]
NICK ADSL UK
March 4th, 2009, 07:04 PM
Changelog:
Version 2.399 (March 04, 2009)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\GenericMultiMedia]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WmpTray"=-
%PROGRAMFILES%\MediaSystem\
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
March 18th, 2009, 08:34 PM
Changelog:
Version 2.405 (March 18, 2009)
%WINDIR%\ieocx.dll
[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A54DC52D-7AAD-4D40-A126-337211631EDC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}]
%DESKTOP%\WinPC Defender.lnk
%STARTMENU%\WinPC Defender.lnk
[-HKEY_CURRENT_USER\Software\WinPC Defender]
%SYSTEM%\rs32net.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"rs32net"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"rs32net"=-
[-HKEY_CURRENT_USER\Software\renus2008]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"renus2008.exe"=-
Version 2.404 (March 16, 2009)
%USERPROFILE%\Application Data\sysrc32.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Win32load"=-
[B] Version 2.403 (March 12, 2009)[/B]
%ProgramFiles%\AntiSpyware Pro
%PROGRAMFILES%\RegistryFox\
%ALLUSERDESKTOP%\RegistryFox.lnk
%USERPROFILE%\Application Data\RegistryFox\
%ALLUSERSTARTMENU%\Programmes\RegistryFox\
[-HKEY_CURRENT_USER\SOFTWARE\RegistryFox]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\6B4F6929EB6FE0E458263EBA6AF2EB30]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6B4F6929EB6FE0E458263EBA6AF2EB30]
[-HKEY_LOCAL_MACHINE\SOFTWARE\RegistryFox]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9296F4B6-F6BE-4E0E-8562-E3ABA62FBE03}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryFox"=-
Version 2.402 (March 11, 2009)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe svchostw.exe"
%SYSTEM%\svchostw.exe
[B] Version 2.401 (March 09, 2009)[/B]
%WINDOWS%\ld01.exe
%WINDOWS%\ld02.exe
%WINDOWS%\pp2.exe
%SYSTEM%\dll32.exe
%SYSTEM%\dll32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dll"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sysldtray"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pp"=-
%STARTMENU%\Programs\Malware Defender 2009\
%DESKTOP%\Malware Defender 2009.lnk
%PROGRAMFILES%\Malware Defender 2009\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defender 2009]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defender 2009]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"malwaredef"=-
%STARTMENU%\Programs\System Guard 2009\
%DESKTOP%\System Guard 2009.lnk
%PROGRAMFILES%\System Guard 2009\
%ALLUSERSPROFILE%\Application Data\Microsoft\Network\DLLs\iemodule.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Guard 2009]
[-HKEY_LOCAL_MACHINE\SOFTWARE\System Guard 2009]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"systemguard"=-
Version 2.400 (March 05, 2009)
%WINDOWS%\iehost32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"system tool"=-
[url]http://siri.urz.free.fr/Fix/SmitfraudFix_En.php[/url]
NICK ADSL UK
April 6th, 2009, 01:19 PM
Changelog:
Version 2.406 (April 04, 2009)
Added: Option 6, ProxyDisable.exe
%WINDOWS%\ld03.exe
%WINDOWS%\pp06.exe
%SYSTEM%\winsource.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}]
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\TSC.lnk
%DESKTOP%\TSC.lnk
%STARTMENU%\Programs\TSC\
%PROGRAMFILES%\TSC\
%SYSTEM%\userload.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"restor"=-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
April 18th, 2009, 04:53 AM
Changelog:
Version 2.409 (April 17, 2009)
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\homeantivirus2009.lnk
%STARTMENU%\Programs\homeantivirus2009\
%DESKTOP%\homeantivirus2009.lnk
%PROGRAMFILES%\homeantivirus2009\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HomeAntivirus2009]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HomeAntivirus 2009"=-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
April 25th, 2009, 06:36 AM
Changelog:
Version 2.412 (April 20, 2009)
%HOMEDRIVE%\asasa.exe
%HOMEDRIVE%\syst.exe
%PROGRAMFILES%\Microsoft Security Adviser\
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msctrl.exe"=-
"msavsc.exe"=-
"msscan.exe"=-
"msiemon.exe"=-
"msfw.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msctrl.exe"=-
"msavsc.exe"=-
"msscan.exe"=-
"msiemon.exe"=-
"msfw.exe"=-
%ALLUSERS%\ApplicationData\Tally software LTD\
%STARTMENU%\Programs\Extra Antivirus\
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\uninstall\Extra Antivirus 3.0]
[-HKEY_CURRENT_USER\Software\Tally software LTD]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Extra Antivirus"=-
Version 2.411 (April 18, 2009)
%STARTMENU%\Programs\AV AntiSpyware\
%ALLUSERS%\ApplicationData\LastSun Ltd\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AV AntiSpyware 1.8]
[-HKEY_CURRENT_USER\Software\LastSun Ltd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AV AntiSpyware"=-
Version 2.410 (April 18, 2009)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{36DBC179-A19F-48F2-B16A-6A3E19B42A87}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36DBC179-A19F-48F2-B16A-6A3E19B42A87}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{36DBC179-A19F-48F2-B16A-6A3E19B42A87}]
%SYSTEM%\ipv6monl.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\WiniBlueSoft]
[-HKEY_CURRENT_USER\Software\WiniBlueSoft]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiniBlueSoft]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WiniBlueSoft"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"setup2.exe"=-
%SYSTEM%\setup2.exe
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\WiniBlueSoft.lnk
%ALLUSERSTARTMENU%\Programs\WiniBlueSoft\
%ALLUSERDESKTOP%\WiniBlueSoft.lnk
%PROGRAMFILES%\WiniBlueSoft Software\
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
April 30th, 2009, 02:25 PM
Changelog:
Version 2.413 (April 29, 2009)
Update: WS2Fix v1.2
%USER%\Application Data\pcdefender.exe
%USER%\Application Data\svchost_32.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"sysav"=-
"dll32"=-
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Coreguard 2009.lnk
%DESKTOP%\Coreguard 2009.lnk
%STARTMENU%\Programs\Coreguard Antivirus 2009\
%PROGRAMFILES%\Coreguard Antivirus 2009\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coreguard Antivirus 2009]
[-HKEY_CURRENT_USER\Software\CoreGuard]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Coreguard Antivirus 2009"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VShield.DocHostUIHandler]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Virus Shield 2009"=-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
May 23rd, 2009, 06:39 PM
Changelog:
Version 2.417 (May 23, 2009)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Presto TuneUp"=-
%WINDOWS%\pp10.exe
%SYSTEM%\SYSDLL.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SYSDLL"=-
Version 2.416 (May 06, 2009)
%SYSTEM%\SYS32DLL.exe
%PROGRAMFILES%\PCenter\
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SYS32DLL"=-
"agent.exe"=-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
June 2nd, 2009, 01:23 PM
Changelog:
Version 2.418 (June 2, 2009)
Update: WS2Fix v1.3
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\UnVirex.lnk
%ALLUSERSTARTMENU%\Programs\UnVirex\
%ALLUSERSTARTMENU%\Programs\UnVirex.lnk
%ALLUSERDESKTOP%\UnVirex.lnk
%PROGRAMFILES%\UnVirex\
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\IEAddon.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C0E56Ac2-9F72-436E-B6E7-Aec28Af9E4Eb}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3ED0E410-5C8E-47B6-A75D-D10B886E903C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEAddon.StatusBarPane]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEAddon.StatusBarPane.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnVirex]
[-HKEY_LOCAL_MACHINE\SOFTWARE\UnVirex]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DRVFLTIP]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DrvFltIp]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DRVFLTIP]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DrvFltIp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"UnVirex"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnVirex"=-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
June 4th, 2009, 11:49 AM
Changelog:
Version 2.419 (June 4, 2009)
%DESKTOP%\XP Deluxe Protector.lnk
%STARTMENU%\XP Deluxe Protector.lnk
%USERPROFILE%\XP Deluxe Protector\
[-HKEY_CURRENT_USER\Software\XP Deluxe Protector]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xpprotect "=-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
June 10th, 2009, 02:32 PM
Changelog:
Version 2.421 (June 10, 2009)
%WINDOWS%\ld09.exe
%PROGRAMFILES%\podmena
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PODMENA]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PODMENADRV]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\podmena]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\podmenadrv]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PODMENA]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PODMENADRV]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\podmena]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\podmenadrv]
Version 2.420 (June 10, 2009)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mediacodec.exe"=-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
June 20th, 2009, 07:06 PM
Changelog:
Version 2.422 (June 11, 2009)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B1D95A2-F547-4e5e-8902-622B08354622}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B1D95A2-F547-4e5e-8902-622B08354622}]
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
%STARTMENU%\Advanced Virus Remover.lnk
%DESKTOP%\Advanced Virus Remover.lnk
%PROGRAMFILES%\AdvancedVirusRemover\
[-HKEY_CURRENT_USER\Software\AVR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced Virus Remover"=-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
NICK ADSL UK
June 26th, 2009, 09:42 AM
Changelog:
Version 2.423 (June 24, 2009)
[-HKEY_CURRENT_USER\Software\ColdWare]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinProtect"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winupdate.exe"=-
"ColdWare"=-
%SYSTEM%\AVR09.exe
%SYSTEM%\msa.exe
http://siri.geekstogo.com/ChangeLog.php
vBulletin® Copyright ©2000-2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums