Smitfraudfix

Discussion in 'other anti-malware software' started by maxoblivion, Oct 8, 2007.

Thread Status:
Not open for further replies.
  1. maxoblivion

    maxoblivion Registered Member

    Joined:
    Feb 21, 2007
    Posts:
    65
    Has anyone used Smitfraudfix to remove malware? When I try to run it, I get the message "process.exe file is missing". That file is clearly in the folder I unzipped the Smitfraudfix files to. Bottom line is I can't get to the options menu to start a search. Anyone have experience with this?
     
  2. Get

    Get Guest

    After you see the message "process.exe file is missing" did you look in the folder again if the file is present? If it isn't present (maybe deleted by AV or whatever) and also when it is present you could extract the zipfile again in safe mode and use the tool in safe mode.
     
  3. coen99

    coen99 Registered Member

    Joined:
    Mar 23, 2007
    Posts:
    55
  4. maxoblivion

    maxoblivion Registered Member

    Joined:
    Feb 21, 2007
    Posts:
    65
    process.exe is still in the folder but I'll try it in safe mode.
     
  5. ASpace

    ASpace Guest

    Perhaps in normal mode your AV is active and it detects the file while it attempts to run but its settings allow the AV only to silently prohibit access to the file and this is why you get an error .
     
  6. maxoblivion

    maxoblivion Registered Member

    Joined:
    Feb 21, 2007
    Posts:
    65
    I haven't yet tried the Smitfraudfix in safemode. When I first tried downloading it, NOD32 alerted me and quarantined a file "win32/prcview". I had potentially unsafe applications checked in Amon setup so I unchecked it and was then able to complete the download of Smitfraudfix.
     
  7. ASpace

    ASpace Guest

    If you have NOD32 it is now clear . Do you use Blackspear's settings ?

    If so , what I said appears true:

    With BS's settings AMON is set to "Clean automatically" . Once you have allowed it to be saved on your machine (because of unchecking detection for these tools) , it is trojan type file , I mean it cannot be cleaned (deletion only) . AMON cannot clean it but can only prohibit access to it (because of the settings) . While the tools wants to run it cannot get access to the file process.exe because of NOD32 blocking it.

    If you want to use it . Uncheck Pottentially unsafe applications in both AMON and IMON , redownload the tool and run it :thumb:
     
  8. maxoblivion

    maxoblivion Registered Member

    Joined:
    Feb 21, 2007
    Posts:
    65
    I'm using the default settings for NOD32. Maybe I should disable NOD32 and the Counterspy I have running while I download Smitfraudfix. I'm having a problem running DropMyRights too. When I try to open it I get a quick flash of a window and it immediately closes. I don't know what's going on.
     
  9. ASpace

    ASpace Guest

    No , with NOD32 you only need to make sure Potentially unsafe application is uncheck in both AMON and IMON

    AMON_default_config_wil.PNG

    IMON_default_config_wil.PNG

    May be this is not related to the security programs you have .

    By the way , why do you want to run Smithfraudfix . It is supposed to be run only if needed . With NOD32 and Counterspy you are less likely to have something . I have seen many times NOD cleans well Zlob/Smithfraud
     
  10. maxoblivion

    maxoblivion Registered Member

    Joined:
    Feb 21, 2007
    Posts:
    65
    NOD32 detected trojandownloader.zlob.bfl during an in-depth analysis but offered no remedy so I manually deleted the file in Firefox Internet Cache that was detected. I found an entry in the registry and deleted that too. I installed Counterspy and did a scan and it found SC_Keylog. I had Counterspy delete it and its traces but the next day it reappeared in the same location during another scan. I figured the trojan had installed the keylogger and maybe remnants of the trojan I hadn't found were reinstalling it. I figured I would run Smitfraudfix to see what it found. I did another scan last night and Counterspy didn't detect a new appearance of SC_Keylog so maybe I'm clear.

    I did the Smitfraudfix download with "potentially unsafe applications" unchecked per your instructions on another thread. I was getting the missing file message after that. Since then I tried running Smitfraudfix in safe mode and got the same result.

    I should state that I may not have had "potentially unsafe applications" checked in AMON and IMON or the NOD32 module when I did my original NOD32 scans after Counterspy detected the SC-Keylog. Maybe that's why NOD32 didn't detect it.
     
    Last edited: Oct 9, 2007
  11. maxoblivion

    maxoblivion Registered Member

    Joined:
    Feb 21, 2007
    Posts:
    65
    I was finally able to run Smitfraudfix. First I changed out my hard drive with one I backed up to two weeks ago. I was able to download and run Smit with no problem using my usual browser, Firefox. I changed back to my usual hard drive and tried again to download Smit and when I would click the link to the download file I was getting a message stating that Firefox couldn't find that file. I then tried the download using IE6 and it worked. I then opened Smitfraudfix and got the options screen without the missing file message. The Smitfraud report was hard to interpret but there didn't seem to be an indication of a current infection.

    I don't know what the problem is but I think I'll just restore this hard drive with a two week old image and be done with it. I guess that's why I go to the trouble of doing a drive image backup. I couldn't get DropMyRights to run on the two week old hard drive either. I'd like to be able to try it but I guess that issue is for another thread. Thanks for the input.
     
Thread Status:
Not open for further replies.