SmitFraudFix

NICK ADSL UK · Aug 10, 2008

Changelog:

Version 2.334 (August 09, 2008

Update: 404Fix v1.2

O3 - Toolbar: Internet Service - {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program Files\Applications\iebr.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{254B87BB-510D-41FA-A887-52C5FA9BE585}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{254B87BB-510D-41FA-A887-52C5FA9BE585}"=-

%SYSTEM%\ieupdates.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ieupdate"=-

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

please note this software is to be used under supervision only from a malware specialist

NICK ADSL UK · Aug 12, 2008

Re: SmitFraudFix 2.334

Changelog:
Version 2.335 (August 11, 2008

tdssserv.sys Rootkit detection

%ProgramFiles%\IA\
%ProgramFiles%\Internet Antivirus\
%USERPROFILE%\Application Data\Internet Antivirus\
%ALLUSERPROFILE%\Desktop\Internet Antivirus.lnk
%ALLUSERPROFILE%\Start Menu\Programs\Internet Antivirus\

%USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
%USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
%USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
%USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Antivirus_is1]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"iv"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Internet Antivirus"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"3P_UDEC_IA"=-

%desktop%\GAY PORN.url
%desktop%\MASTURBATION VIDS.url
%ProgramFiles%\PCHealthCenter\

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\Win2.exe"=-
"\Win3.exe"=-
"\Win4.exe"=-
"\Win5.exe"=-
"\Win6.exe"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"\Win2.exe"=-
"\Win3.exe"=-
"\Win4.exe"=-
"\Win5.exe"=-
"\Win6.exe"=-

%ProgramFiles%\VAV\
%desktop%\Vista Antivirus 2008.lnk

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

please note this software is to be used under supervision only from a malware specialist

NICK ADSL UK · Aug 14, 2008

Changelog:

Version 2.336 (August 13, 2008

%WINDIR%\buritos.exe
%WINDIR%\karina.dat

%SYSTEM%\braviax.exe
%SYSTEM%\buritos.exe
%SYSTEM%\karina.dat
%SYSTEM%\winivstr.exe

Search and restore infected:
%SYSTEM%\drivers\beep.sys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"braviax"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"braviax"=-

O20 - AppInit_DLLs: C:\WINDOWS\System32\karina.dat

%AllUserDesktop%\XPSecurityCenter.lnk
%ALLUSERPROFILE%\Start Menu\Programs\XPSecurityCenter\
%ProgramFiles%\XPSecurityCenter\
%SYSTEM%\_scui.cpl

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XP SecurityCenter"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"="0x00000000"
"FirewallDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[-HKEY_LOCAL_MACHINE\SOFTWARE\XP_SecurityCenter\]

[HKEY_CURRENT_USER\Control Panel\don't load]
"scui.cpl"=-
"wscui.cpl"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceClassicControlPanel"=-

%desktop%\Antivirus Master.lnk
%ProgramFiles%\AVM\
%SYSTEM%\avm.cpl

[-HKEY_CURRENT_USER\Software\AntiVirus]
[-HKEY_CURRENT_USER\Software\AVM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-

%desktop%\TheSpyBot.lnk
%USERPROFILE%\Start Menu\Programs\TheSpyBot\
%ProgramFiles%\TheSpyBot\

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TheSpyBot]
[HKEY_CURRENT_USER\Software\TheSpyBot]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TheSpyBot"=-

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

please note this software is to be used under supervision only from a malware specialist

NICK ADSL UK · Aug 18, 2008

Changelog:

Version 2.337 (August 18, 2008

Update: 404Fix v1.3

%Desktop%\FETISH PICS.url

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"smile"=-

Version 2.337 (August 14, 2008

Update: IEDFix.C 1.1

O2 - BHO: (no name) - {300CF5C9-F02D-4CB8-ABED-9C229DA56825} - C:\Program Files\Applications\iebt.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300CF5C9-F02D-4CB8-ABED-9C229DA56825}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300CF5C9-F02D-4CB8-ABED-9C229DA56825}]

%SYSTEM%\scui.cpl
%ProgramFiles%\AV9\
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
%USERPROFILE%\Start Menu\Programs\Antivirus 2009\
%desktop%\Antivirus 2009.lnk

%SYSTEM%\winsrc.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}]

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

please note this software is to be used under supervision only from a malware specialist

NICK ADSL UK · Aug 22, 2008

Changelog:

Version 2.339 (August 21, 2008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"buritos"=-

%ALLUSERPROFILE%\Start Menu\Programs\Antivirus XP 2008\
%ALLUSERPROFILE%\Start Menu\Programs\Antivirus XP 2008.lnk
%AllUserDesktop%\Antivirus XP 2008.lnk
%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

please note this software is to be used under supervision only from a malware specialist

NICK ADSL UK · Aug 29, 2008

Changelog:

Version 2.342 (August 28, 2008

%DESKTOP%\Total Secure 2009.lnk
%USERPROFILE%\Start Menu\Programs\Total Secure 2009.lnk
%ProgramFiles%\TotalSecure2009\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Total Secure 2009]
[-HKEY_CURRENT_USER\Software\TotalSecure2009]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TotalSecure2009"=-

Version 2.341 (August 28, 2008

%ProgramFiles%\Power-Antivirus-2009\
%USERPROFILE%\Application Data\Power-Antivirus-2009\
%USERPROFILE%\Start Menu\Programs\Power-Antivirus-2009\
%desktop%\Power-Antivirus-2009.lnk

[-HKEY_CURRENT_USER\Software\Power-Antivirus-2009]

%ProgramFiles%\RichVideoCodec\ (Already removed)
%SYSTEM%\RichVideoCodec.dll (Already removed)

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\CodecBHO.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{e12b39a5-df4a-4f04-a85b-4ecf048e359f}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a37b3779-e4f3-424c-a495-a60ea8063476}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65c5ebd-0989-40b5-a2a0-84642539bf82}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E46194A9-C4B1-4C0F-A75E-E9C5BDED7874}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E7309FD6-0FD0-459D-A5E8-27D7A23215F1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B648A7F7-DD8F-4535-AFAD-CE5BA0E8320E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.CodecPlugin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.CodecPlugin.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.XMLDOMDocumentEventsSink]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.XMLDOMDocumentEventsSink.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a37b3779-e4f3-424c-a495-a60ea8063476}]

[-HKEY_CURRENT_USER\Software\RichVideoCodec] (Already removed)

Version 2.340 (August 27, 2008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\VIE2.exe"=-
"\VIE3.exe"=-
"\VIE4.exe"=-
"\VIE5.exe"=-
"\VIEA.exe"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"\VIE2.exe"=-
"\VIE3.exe"=-
"\VIE4.exe"=-
"\VIE5.exe"=-
"\VIEA.exe"=-

%DESKTOP%\EXTREME ****.url
%DESKTOP%\TITS AND ASS.url
%SYSTEM%\1.ico
%SYSTEM%\2.ico
%SYSTEM%\VIEA.exe
%SYSTEM%\VIE5.exe
%SYSTEM%\VIE4.exe
%SYSTEM%\VIE3.exe
%SYSTEM%\VIE2.exe

%WINDOWS%\rvoelbxt.exe

O2 - BHO: (no name) - {0BD44AB1-76A7-4E05-92F4-4B065FE72BD6} - C:\Program Files\Applications\iebt.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BD44AB1-76A7-4E05-92F4-4B065FE72BD6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BD44AB1-76A7-4E05-92F4-4B065FE72BD6}]

O3 - Toolbar: Internet Service - {3BEBF2FE-7248-40E2-9752-8163EB6C4038} - C:\Program Files\Applications\iebr.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BEBF2FE-7248-40E2-9752-8163EB6C4038}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3BEBF2FE-7248-40E2-9752-8163EB6C4038}"=-

please note this software is to be used under supervision only from a malware specialist

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

NICK ADSL UK · Sep 5, 2008

Changelog:

Version 2.346 (September 05, 2008

%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Antivirus-2009.lnk
%USERPROFILE%\Start Menu\Programs\Smart Antivirus 2009\
%DESKTOP%\Smart Antivirus-2009.lnk
%PROGRAMFILES%\Smart Antivirus 2009\

[-HKEY_CURRENT_USER\Software\Smart Antivirus 2009]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Smart Antivirus-2009.exe"=-

Version 2.345 (September 03, 2008

Update: some malwares definitions and reboot.exe counter.

%SYSTEM%\Cpl32ver.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpl32ver"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Somefox]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Somefox"=-

%DESKTOP%\System Antivirus 2008.lnk
%PROGRAMFILES%\sav\

[-HKEY_CURRENT_USER\Software\AntiVirus] (Already removed)
[-HKEY_CURRENT_USER\Software\SAV]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=- (Already removed)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=- (Already removed)

please note this software is to be used under supervision only from a malware specialist

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

NICK ADSL UK · Sep 9, 2008

Changelog:

Version 2.347 (September 08, 2008

%SYSDIR%\c.ico
%STARTMENU%\VIP Casino.url
%FAVORITES%\VIP Casino.url
%DESKTOP%\VIP Casino.url

%WINDOWS%\mqgldfvo.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\YUR1.exe"=-
"\YUR2.exe"=-
"\YUR3.exe"=-
"\YUR4.exe"=-
"\YUR5.exe"=-
"\YUR6.exe"=-
"\YUR7.exe"=-
"\YUR8.exe"=-
"\YURA.exe"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"\YUR1.exe"=-
"\YUR2.exe"=-
"\YUR3.exe"=-
"\YUR4.exe"=-
"\YUR5.exe"=-
"\YUR6.exe"=-
"\YUR7.exe"=-
"\YUR8.exe"=-
"\YURA.exe"=-

%DESKTOP%\BEST ZOO PORN.url
%DESKTOP%\QUALITY PORN.url
%SYSTEM%\YUR*.exe

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

NICK ADSL UK · Sep 16, 2008

Changelog:

Version 2.352 (September 16, 200

%SYSTEM%\users64.dat
%SYSTEM%\sysppu?.dll

Version 2.351 (September 15, 200

O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{144A6B24-0EBC-4D89-BF09-A06A718E57B5}"=-

%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusResponse Lab 2009 2.1.lnk
%STARTMENU%\VirusResponse Lab 2009 2.1.lnk
%STARTMENU%\Programs\VirusResponse Lab 2009 2.1\
%DESKTOP%\VirusResponse Lab 2009 2.1.lnk
%PROGRAMFILES%\VirusResponseLab2009\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO.1] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusResponseLab2009]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusResponseLab2009]
[-HKEY_CURRENT_USER\Software\VirusResponseLab2009]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirusResponseLab2009\VirusResponseLab2009.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirusResponseLab2009\VirusResponseLab2009.exe"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VirusResponseLab2009"=-

Version 2.350 (September 14, 200

%SYSTEM%\algg.exe

O2 - BHO: (no name) - {CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - C:\Program Files\Applications\iebt.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFEE97A3-4911-444D-8BE8-E243A23D3DE2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CFEE97A3-4911-444D-8BE8-E243A23D3DE2}]

O3 - Toolbar: Internet Service - {0CF79C5F-22AB-4E2A-82A5-BC9F4F3D4F87} - C:\Program Files\Applications\iebr.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CF79C5F-22AB-4E2A-82A5-BC9F4F3D4F87}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0CF79C5F-22AB-4E2A-82A5-BC9F4F3D4F87}"=-

%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Lab 2009 2.1.lnk
%STARTMENU%\AntiVirus Lab 2009 2.1.lnk
%STARTMENU%\Programs\AntiVirus Lab 2009 2.1\
%DESKTOP%\AntiVirus Lab 2009 2.1.lnk
%PROGRAMFILES%\AntiVirusLab2009\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2A9759D-210A-0253-D944-8B76AC2B0D92}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiVirusLab2009]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirusLab2009]
[-HKEY_CURRENT_USER\Software\AntiVirusLab2009]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AntiVirusLab2009"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AntiVirusLab2009\AntiVirusLab2009.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AntiVirusLab2009\AntiVirusLab2009.exe"=-

Version 2.349 (September 11, 200

Update: IEDFix.C 1.3

Version 2.348 (September 09, 200

[-HKEY_CURRENT_USER\Software\AntiVirus]
[-HKEY_CURRENT_USER\Software\MicroAV]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-

%SYSTEM%\MicroAV.cpl
%DESKTOP%\MicroAntivirus.lnk
%PROGRAMFILES%\MicroAntivirus\

[-HKEY_CURRENT_USER\Software\AntiVirus]
[-HKEY_CURRENT_USER\Software\XPA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-

%SYSTEM%\XPA.cpl
%DESKTOP%\XPert Antivirus.lnk
%PROGRAMFILES%\XPA\

[-HKEY_CURRENT_USER\Software\AntiVirus]
[-HKEY_CURRENT_USER\Software\PWA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-

%SYSTEM%\PWA.cpl
%DESKTOP%\Power Antivirus.lnk
%PROGRAMFILES%\PWA\

[-HKEY_CURRENT_USER\Software\AntiVirus]
[-HKEY_CURRENT_USER\Software\AAV]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-

%SYSTEM%\aav.cpl
%DESKTOP%\Advanced Antivirus.lnk
%PROGRAMFILES%\AAV\

[-HKEY_CURRENT_USER\Software\AntiVirus]
[-HKEY_CURRENT_USER\Software\MSx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANTIVIRUS"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANTIVIRUS"=-

%SYSTEM%\MSx.cpl
%DESKTOP%\MS Antivirus.lnk
%PROGRAMFILES%\MSX\

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

NICK ADSL UK · Oct 1, 2008

Changelog:
Version 2.356 (October 01, 2008

Update: VACFix definition

Version 2.355 (September 24, 2008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cognac"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cognac"=-

Version 2.354 (September 23, 2008

%SYSDIR%\m.ico
%STARTMENU%\Free MP3 Search.url
%FAVORITES%\Free MP3 Search.url
%DESKTOP%\Free MP3 Search.url

%SYSDIR%\p.ico
%STARTMENU%\Free Porn.url
%FAVORITES%\Free Porn.url
%DESKTOP%\Free Porn.url

%WINDIR%\k.txt

%SYSTEM%\fbxrqtwn.exe

%SYSTEM%\MicroAV.cpl
%DESKTOP%\Micro Antivirus 2009.lnk
%PROGRAMFILES%\MicroAV\

[-HKEY_CURRENT_USER\Software\AntiVirus]
[-HKEY_CURRENT_USER\Software\uav]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-

%PROGRAMFILES%\uav\
%DESKTOP%\Ultimate Antivirus 2008.lnk
%SYSTEM%\uav.cpl

Version 2.353 (September 20, 2008

Added: o4Patch.exe tool to detect infected binaries.

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

NICK ADSL UK · Oct 11, 2008

Changelog:

Version 2.359 (October 11, 2008

%WINDIR%\karna.dat
%SYSTEM%\brastk.exe
%SYSTEM%\karna.dat

O20 - AppInit_DLLs: C:\WINDOWS\System32\karna.dat

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"brastk"=-

Version 2.358 (October 10, 2008

%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusResponse Lab 2009 2.1.lnk (Already removed)
%STARTMENU%\VirusResponse Lab 2009 2.1.lnk (Already removed)
%STARTMENU%\Programs\VirusResponse Lab 2009 2.1\ (Already removed)
%DESKTOP%\VirusResponse Lab 2009 2.1.lnk (Already removed)
%PROGRAMFILES%\virusrl2009\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DCD4F35-9FD5-420b-A9AA-FED0E2AECEE0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5734812-E6A1-8833-ECA9-949B5B8A88BF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VRLWarning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VRLWarning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusRL2009]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0DCD4F35-9FD5-420b-A9AA-FED0E2AECEE0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusRL2009]
[-HKEY_CURRENT_USER\Software\VirusRL2009]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirusRL2009\VirusRL2009.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirusRL2009\VirusRL2009.exe"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VirusRL2009"=-

O2 - BHO: (no name) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}]

Version 2.357 (October 07, 2008

%STARTMENU%\Programs\av2010\
%DESKTOP%\av2010.lnk
%PROGRAMFILES%\av2010\

%SYSTEM%\IEDefender.dll
%SYSTEM%\wingamma.exe

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\IEDefender.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEDefender.IEDefenderBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEDefender.IEDefenderBHO.1]
[-HKEY_CURRENT_USER\Software\AV2010]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Gamma Display"=-

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

NICK ADSL UK · Oct 14, 2008

Changelog:

Version 2.360 (October 14, 2008

%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusResponse Lab 2009 2.1.lnk (Already removed)
%STARTMENU%\VirusResponse Lab 2009 2.1.lnk (Already removed)
%STARTMENU%\Programs\VirusResponse Lab 2009 2.1\ (Already removed)
%DESKTOP%\VirusResponse Lab 2009 2.1.lnk (Already removed)
%PROGRAMFILES%\virrl2009\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5734812-E6A1-8833-ECA9-949B5B8A88BF}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirRLWarning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirRLWarning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirRL2009]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirRL2009]
[-HKEY_CURRENT_USER\Software\VirRL2009]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirRL2009\VirRL2009.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirRL2009\VirRL2009.exe"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VirRL2009"=-

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

NICK ADSL UK · Oct 19, 2008

Changelog:

Version 2.365 (October 18, 2008

%USERPROFILE%\Application Data\spyprotector\
%USERPROFILE%\Application Data\install.exe
%USERPROFILE%\Application Data\shellex.dll
%USERPROFILE%\Application Data\srcss.exe
%ALLUSERSTARTMENU%\Programs\spy protector\
%DESKTOP%\spy protector.lnk
%PROGRAMFILES%\spy protector\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Spy Protector]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{107A1D63-2EAA-4694-8ABA-EC209C630D83}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CBE202A6-3B75-4189-B161-9B4DF370BEE9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Spy Protector]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Spy Protector]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shellex.TBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\srcss.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBE202A6-3B75-4189-B161-9B4DF370BEE9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SpyProtector]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spy Protector"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{107A1D63-2EAA-4694-8ABA-EC209C630D83}"=-

Version 2.364 (October 18, 2008

%HOMEDRIVE%\resycled
%HOMEDRIVE%\autorun.inf

Restoring infected %SYSTEM%\userinit.exe

%USERSTARTMENU%\Programs\Pornovid\
%PROGRAMFILES%\Pornovid
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pornovid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pornovid]
[-HKEY_CURRENT_USER\Software\Pornovid]

Version 2.363 (October 17, 2008

%ALLUSERSTARTMENU%\Programs\PC Protection Center 2008\
%ALLUSERDESKTOP%\PC Protection Center 2008.lnk
%PROGRAMFILES%\PC Protection Center 2008\
%SYSTEM%\vbzlib2.dll

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Protection Center 2008]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus Software]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Protection Center"=-

%WINDOWS%\ieguard.dll
%WINDOWS%\sysguard\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D032570A-5F63-4812-A094-87D007C23012}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ieguard.TIEAdvBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sysguard]
[-HKEY_CURRENT_USER\Software\sysguard]

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-

Version 2.362 (October 16, 2008

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusRemover2008]
[-HKEY_LOCAL_MACHINE\SOFTWARE\VirusRemover2008]
[-HKEY_LOCAL_MACHINE\SOFTWARE\{5222008A-DD62-49c7-A735-7BD18ECC7350}]
[-HKEY_CURRENT_USER\Software\VirusRemover2008]
[-HKEY_CURRENT_USER\{5222008A-DD62-49c7-A735-7BD18ECC7350}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirusRemover2008"=-

%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\virusremover2008.lnk
%USERPROFILE%\Application Data\virusremover2008\
%STARTMENU%\Programs\virusremover2008\
%DESKTOP%\virusremover2008.lnk
%PROGRAMFILES%\virusremover2008\

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

NICK ADSL UK · Oct 26, 2008

Changelog:

Version 2.367 (October 26, 2008

%SYSTEM%\ntload.dll
%SYSTEM%\sex1.ico.tmp
%SYSTEM%\sex2.ico.tmp
%SYSTEM%\update32.exe.tmp
%SYSTEM%\winupdate.exe
%SYSTEM%\wscmp.dll.tmp
%DESKTOP%\Uncensored porn.url
%DESKTOP%\BDSM galleries.url

%SYSTEM%\winupdate.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"run"=-

%PROGRAMFILES%\VResLab\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B494E7BB-1E33-4922-A947-F74EFF4E714F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VResLabWarning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VResLabWarning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VResLab]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B494E7BB-1E33-4922-A947-F74EFF4E714F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VResLab]
[-HKEY_CURRENT_USER\Software\VResLab]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VResLab\VResLab.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VResLab\VResLab.exe"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VResLab"=-

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

NICK ADSL UK · Oct 28, 2008

Changelog:

Version 2.368 (October 28, 2008

%DESKTOP%\SMS TRAP.url
%FAVORITES%\SMS TRAP.url
%STARTMENU%\SMS TRAP.url
%SYSTEM%\p.ico

%DESKTOP%\AntiVirus Sentry.lnk
%PROGRAMFILES%\AVS\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVS]
[-HKEY_CURRENT_USER\Software\AVS]
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

NICK ADSL UK · Oct 30, 2008

Changelog:

Version 2.369 (October 30, 2008

%USERSTARTMENU%\Programs\WinDefender 2009.lnk
%DESKTOP%\WinDefender 2009.lnk
%PROGRAMFILES%\WinDefender

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDefender 2009]
[-HKEY_CURRENT_USER\Software\WinDefender2009]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WinDefender2009"

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

NICK ADSL UK · Nov 7, 2008

Changelog:
Version 2.373 (November 06, 2008

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard]
[-HKEY_CURRENT_USER\Software\Spyware Guard]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"spywareguard"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"OLESys"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Explorer"=-

%USERSTARTMENU%\Programs\Spyware Guard 2008\
%PROGRAMFILES%\Spyware Guard 2008\

%allusersprofile%\Application Data\Microsoft\Internet Explorer\olesys.dll
%allusersprofile%\Application Data\Microsoft\Protect\conf.sys
%allusersprofile%\Application Data\Microsoft\Protect\ie.dll
%allusersprofile%\Application Data\Microsoft\Protect\svhost.exe
%allusersprofile%\Application Data\Microsoft\Protect\track.sys
%allusersprofile%\Application Data\winlogon.exe
%DESKTOP%\Spyware Guard 2008.lnk
%WINDOWS%\reged.exe
%WINDOWS%\spoolsystem.exe
%WINDOWS%\sys.com
%WINDOWS%\syscert.exe
%WINDOWS%\sysexplorer.exe
%WINDOWS%\vmreg.dll
%SYSTEM%\wsc32x.exe

Version 2.372 (November 06, 2008

Removed: AntiXPVSTFix tool

Version 2.371 (October 31, 2008

%USERSTARTMENU%\Programs\sexvid\
%PROGRAMFILES%\sexvid\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sexvid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sexvid]
[-HKEY_CURRENT_USER\Software\sexvid]

%TEMP%\winlogon.exe
%SYSTEM%\msansspc.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Firewall auto setup"

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

NICK ADSL UK · Nov 12, 2008

Changelog:

Version 2.375 (November 12, 2008

%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusTrigger 2.1.lnk
%STARTMENU%\VirusTrigger 2.1.lnk
%STARTMENU%\Programs\VirusTriggerBin\
%DESKTOP%\VirusTrigger 2.1.lnk
%PROGRAMFILES%\VirusTriggerBin\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{096CBA44-4A4C-49f7-8903-1E75550ABCB7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE8A3F7B-E4AB-5C41-4926-3FAED82759F5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirusTriggerBinWarning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirusTriggerBinWarning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusTriggerBin]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{096CBA44-4A4C-49f7-8903-1E75550ABCB7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusTriggerBin]
[-HKEY_CURRENT_USER\Software\VirusTriggerBin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirusTriggerBin\VirusTriggerBin.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirusTriggerBin\VirusTriggerBin.exe"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VirusTriggerBin"=-

Version 2.374 (November 09, 2008

%PROGRAMFILES%\Google\googletoolbar1.dll
%PROGRAMFILES%\Google\setupcom.dat
%PROGRAMFILES%\Google\setupext.dat
%SYSTEM%\crypts.dll

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt]

O2 - BHO: (no name) - {8710DF42-3171-4A3B-9079-3F7D7101552B} - C:\Program Files\Applications\iebt.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8710DF42-3171-4A3B-9079-3F7D7101552B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8710DF42-3171-4A3B-9079-3F7D7101552B}]

O3 - Toolbar: Internet Service - {E43B6656-814B-4839-8FF8-AFFDE0DA9A3F} - C:\Program Files\Applications\iebr.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43B6656-814B-4839-8FF8-AFFDE0DA9A3F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E43B6656-814B-4839-8FF8-AFFDE0DA9A3F}"=-

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

NICK ADSL UK · Nov 20, 2008

Changelog:

Version 2.376 (November 20, 2008

%PROGRAMFILES%\msvideoplugin\
%PROGRAMFILES%\homeview\
%STARTMENU%\Programs\homeview\

%SYSTEM%\mws55681.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6733C78-821F-3BBF-ADE6-3DB71CAD887A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6733C78-821F-3BBF-ADE6-3DB71CAD887A}]

%SYSTEM%\msiconf.exe
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msiexec.exe"=-

%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\antivirustrigger 2.1.lnk
%STARTMENU%\antivirustrigger 2.1.lnk
%STARTMENU%\Programs\antivirustrigger 2.1\
%DESKTOP%\antivirustrigger 2.1.lnk
%PROGRAMFILES%\virtrigger\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0088C75C-6361-4dfb-B2CF-576CACFA3C55}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22C447D3-73A8-E1C7-C391-21BE4338CEBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirTriggerWarning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirTriggerWarning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirTrigger]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0088C75C-6361-4dfb-B2CF-576CACFA3C55}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirTrigger]
[-HKEY_CURRENT_USER\Software\VirTrigger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirTrigger\VirTrigger.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VirTrigger\VirTrigger.exe"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VirTrigger"=-

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

NICK ADSL UK · Dec 11, 2008

Changelog:
Version 2.383 (December 10, 2008

%PROGRAMFILES%\vrl32software\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E6615B5-A259-4e55-905F-7F9CE60B379D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{305043E5-F9D9-4B3A-A618-C4D0DA8031CE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{536CBA8A-9DB6-45CF-8D65-F486C49242D5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B3A0AA5C-9FA3-408D-8193-2A948EF51D2D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vrl32Warning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vrl32Warning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\vrl32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E6615B5-A259-4e55-905F-7F9CE60B379D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vrl32]
[-HKEY_CURRENT_USER\Software\vrl32]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\vrl32software\vrl32.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\vrl32software\vrl32.exe"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"vrl32"=-

Version 2.382 (December 9, 2008

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Smax4"=-

%USERPROFILE%\Application Data\Google\kjzna1562565.exe
%USERPROFILE%\Application Data\Google\spcffwl.dll

Version 2.381 (December 3, 2008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"QuickTime Task"=-
"VMware hptray"=-

%PROGRAMFILES%\avrlabs\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D695B871-8020-4041-A6D2-59F922E1B2E2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avrlabsWarning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avrlabsWarning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\avrlabs]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D695B871-8020-4041-A6D2-59F922E1B2E2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avrlabs]
[-HKEY_CURRENT_USER\Software\avrlabs]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\avrlabs\avrlabs.exe"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
"C:\Program Files\avrlabs\avrlabs.exe"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"avrlabs"=-

Version 2.380 (November 30, 2008

%PROGRAMFILES%\WebMediaViewer\

O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]

O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3B8FB116-D358-48A3-A5C7-DB84F15CBB04}]

%PROGRAMFILES%\AnvTrgrsoftware\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E9BCC0-2E84-4500-8A9C-0B7A96769124}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C8B2A9C-24A0-4991-A74B-1E4931BD3A57}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF3F06C6-D443-48A8-BDF2-4E31F0554EBF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BAE92F67-539C-41CD-9183-162BB40AAA0C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnvTrgrWarning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnvTrgrWarning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AnvTrgrsoft]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95E9BCC0-2E84-4500-8A9C-0B7A96769124}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnvTrgrsoft]
[-HKEY_CURRENT_USER\Software\AnvTrgrsoft]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AnvTrgrsoftware\AnvTrgr.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AnvTrgrsoftware\AnvTrgr.exe"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AnvTrgr"=-

Version 2.379 (November 29, 2008

Update: IEDFix.C 1.12

Version 2.378 (November 24, 2008

%PROGRAMFILES%\AvirTrsoftware\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A267370-076E-4af4-B986-77626B8E89DF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{764BC8B4-1159-4736-8AF1-F124A7C8C3A8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF3F06C6-D443-48A8-BDF2-4E31F0554EBF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3ED86073-2FA7-4CF4-810B-28B030671678}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvirTrWarning.WarningBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvirTrWarning.WarningBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AvirTrsoft]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A267370-076E-4af4-B986-77626B8E89DF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AvirTrsoft]
[-HKEY_CURRENT_USER\Software\AvirTrsoft]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AvirTrsoftware\AvirTr.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AvirTrsoftware\AvirTr.exe"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AvirTr"=-

Version 2.377 (November 21, 2008

%PROGRAMFILES%\WMVideoPlugin\
%SYSTEM%\mws31209.dll
%SYSTEM%\ws31209.dll

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC3081A6-AC0C-331D-860E-AEF4790E6B5B}]
[-HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{C77BD12E-4A3C-33E3-858C-F2D04591C6B5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0BB62EE8-3528-39F7-9070-F9F0C09329D5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC3081A6-AC0C-331D-860E-AEF4790E6B5B}]

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

NICK ADSL UK · Dec 31, 2008

Changelog:

Version 2.388 (December 31, 2008

%STARTMENU%\Programs\videosoft\
%PROGRAMFILES%\videosoft\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\videosoft]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videosoft]
[-HKEY_CURRENT_USER\Software\videosoft]

%PROGRAMFILES%\Total Protect 2009\
%ALLUSERPROFILE%\StartMenu\Programs\Total Protect 2009\
%ALLUSERPROFILE%\Desktop\Run Total Protect 2009.lnk

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\totalprotect]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\totalprotect]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Total Protect 2009]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus Software]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Total Protect 2009"=-

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

NICK ADSL UK · Feb 8, 2009

Changelog:

Version 2.394 (February 8, 2009)

%PROGRAMFILES%\freshplay\
%STARTMENU%\Programs\freshplay

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\freshplay]
[-HKEY_CURRENT_USER\SOFTWARE\freshplay]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\freshplay]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFolderOptions"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFolderOptions"=-

%ALLUSERPROFILE%\Application Data\CrucialSoft Ltd\

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\uninstall\MS AntiSpyware 2009 5.7]
[-HKEY_CURRENT_USER\Software\CrucialSoft Ltd]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MS AntiSpyware 2009"=-

Version 2.393 (February 7, 2009)

%WINDOWS%\sysguard.exe
%SYSTEM%\iehelper.dll

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9C42510-9B21-41c1-9DCD-8382A2D07C61}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B21-41c1-9DCD-8382A2D07C61}]
[-HKEY_CURRENT_USER\Software\AvScan]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"sysguard"=-

Version 2.392 (January 27, 2009)

%SYSTEM%\winsystems.dll

%STARTMENU%\Programs\IE-Security.lnk
%DESKTOP%\IE-Security.lnk
%PROGRAMFILES%\IE-Security\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE-Security]
[-HKEY_CURRENT_USER\Software\IE-Security]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IE-Security"=-

%STARTMENU%\XP Police Antivirus.lnk
%DESKTOP%\XP Police Antivirus.lnk
%PROGRAMFILES%\XPPoliceAntivirus\

[-HKEY_CURRENT_USER\Software\XP Police Antivirus]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PoliceAV"=-

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

NICK ADSL UK · Feb 19, 2009

Changelog:

Version 2.398 (February 19, 2009)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Internet Agent"=-
%SYSTEM%\winagent.exe

%PROGRAMFILES%\HDQuality\
%STARTMENU%\Programs\HDQuality\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HDQuality]
[-HKEY_CURRENT_USER\SOFTWARE\HDQuality]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDQuality]

Version 2.397 (February 16, 2009)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"[IA3_]"=-

%WINDOWS%\iehost.dll

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12c7290a-157b-4f43-b109-97e792c598ed}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8A10FC9B-8D76-4E95-A9BE-ACDA2F665C30}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinGDIApp.WinGDI]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinGDIApp.WinGDI.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12c7290a-157b-4f43-b109-97e792c598ed}]

Version 2.396 (February 15, 2009)

%PROGRAMFILES%\CMVideoPlugin

%PROGRAMFILES%\SmitFraudFixTool\
%ALLUSERDESKTOP%\SmitFraudFixTool.lnk
%USERPROFILE%\\Application Data\SmitFraudFixTool\
%ALLUSERSTARTMENU%\Programs\SmitFraudFixTool\

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmitFraudFixTool"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EE433D-A290-4811-B562-8A1878AEE706}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{10EE433D-A290-4811-B562-8A1878AEE706}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB63BB6D-4A8A-4E69-9F4B-E099C874A2AA}]
[-HKEY_CURRENT_USER\Software\SmitFraudFixTool]

Version 2.395 (February 9, 2009)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"systeminit.exe"=-

Version 2.394 (February 8, 2009)

%PROGRAMFILES%\freshplay\
%STARTMENU%\Programs\freshplay

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\freshplay]
[-HKEY_CURRENT_USER\SOFTWARE\freshplay]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\freshplay]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFolderOptions"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFolderOptions"=-

%ALLUSERPROFILE%\Application Data\CrucialSoft Ltd\

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\uninstall\MS AntiSpyware 2009 5.7]
[-HKEY_CURRENT_USER\Software\CrucialSoft Ltd]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MS AntiSpyware 2009"=-

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

NICK ADSL UK · Mar 4, 2009

Changelog:

Version 2.399 (March 04, 2009)

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\GenericMultiMedia]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WmpTray"=-

%PROGRAMFILES%\MediaSystem\

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

NICK ADSL UK · Mar 18, 2009

Changelog:

Version 2.405 (March 18, 2009)

%WINDIR%\ieocx.dll
[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A54DC52D-7AAD-4D40-A126-337211631EDC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}]

%DESKTOP%\WinPC Defender.lnk
%STARTMENU%\WinPC Defender.lnk

[-HKEY_CURRENT_USER\Software\WinPC Defender]

%SYSTEM%\rs32net.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"rs32net"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"rs32net"=-

[-HKEY_CURRENT_USER\Software\renus2008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"renus2008.exe"=-

Version 2.404 (March 16, 2009)

%USERPROFILE%\Application Data\sysrc32.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Win32load"=-

Version 2.403 (March 12, 2009)

%ProgramFiles%\AntiSpyware Pro

%PROGRAMFILES%\RegistryFox\
%ALLUSERDESKTOP%\RegistryFox.lnk
%USERPROFILE%\Application Data\RegistryFox\
%ALLUSERSTARTMENU%\Programmes\RegistryFox\

[-HKEY_CURRENT_USER\SOFTWARE\RegistryFox]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\6B4F6929EB6FE0E458263EBA6AF2EB30]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6B4F6929EB6FE0E458263EBA6AF2EB30]
[-HKEY_LOCAL_MACHINE\SOFTWARE\RegistryFox]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9296F4B6-F6BE-4E0E-8562-E3ABA62FBE03}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryFox"=-

Version 2.402 (March 11, 2009)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe svchostw.exe"

%SYSTEM%\svchostw.exe

Version 2.401 (March 09, 2009)

%WINDOWS%\ld01.exe
%WINDOWS%\ld02.exe
%WINDOWS%\pp2.exe
%SYSTEM%\dll32.exe
%SYSTEM%\dll32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dll"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sysldtray"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pp"=-

%STARTMENU%\Programs\Malware Defender 2009\
%DESKTOP%\Malware Defender 2009.lnk
%PROGRAMFILES%\Malware Defender 2009\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defender 2009]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defender 2009]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"malwaredef"=-

%STARTMENU%\Programs\System Guard 2009\
%DESKTOP%\System Guard 2009.lnk
%PROGRAMFILES%\System Guard 2009\
%ALLUSERSPROFILE%\Application Data\Microsoft\Network\DLLs\iemodule.dll

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Guard 2009]
[-HKEY_LOCAL_MACHINE\SOFTWARE\System Guard 2009]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"systemguard"=-

Version 2.400 (March 05, 2009)

%WINDOWS%\iehost32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"system tool"=-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

Log in or Sign up

SmitFraudFix

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

Log in or Sign up

SmitFraudFix

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

NICK ADSL UK Administrator

Useful Searches