Smitfraudfix

Has anyone used Smitfraudfix to remove malware? When I try to run it, I get the message "process.exe file is missing". That file is clearly in the folder I unzipped the Smitfraudfix files to. Bottom line is I can't get to the options menu to start a search. Anyone have experience with this?

 

After you see the message "process.exe file is missing" did you look in the folder again if the file is present? If it isn't present (maybe deleted by AV or whatever) and also when it is present you could extract the zipfile again in safe mode and use the tool in safe mode.

 

Probably "process.exe" is deleted as GET assumed.

See: http://siri.geekstogo.com/SmitfraudFix.php

 

process.exe is still in the folder but I'll try it in safe mode.

 

Perhaps in normal mode your AV is active and it detects the file while it attempts to run but its settings allow the AV only to silently prohibit access to the file and this is why you get an error .

 

I haven't yet tried the Smitfraudfix in safemode. When I first tried downloading it, NOD32 alerted me and quarantined a file "win32/prcview". I had potentially unsafe applications checked in Amon setup so I unchecked it and was then able to complete the download of Smitfraudfix.

 

If you have NOD32 it is now clear . Do you use Blackspear's settings ?

If so , what I said appears true:

With BS's settings AMON is set to "Clean automatically" . Once you have allowed it to be saved on your machine (because of unchecking detection for these tools) , it is trojan type file , I mean it cannot be cleaned (deletion only) . AMON cannot clean it but can only prohibit access to it (because of the settings) . While the tools wants to run it cannot get access to the file process.exe because of NOD32 blocking it.

If you want to use it . Uncheck Pottentially unsafe applications in both AMON and IMON , redownload the tool and run it

 

I'm using the default settings for NOD32. Maybe I should disable NOD32 and the Counterspy I have running while I download Smitfraudfix. I'm having a problem running DropMyRights too. When I try to open it I get a quick flash of a window and it immediately closes. I don't know what's going on.

 

No , with NOD32 you only need to make sure Potentially unsafe application is uncheck in both AMON and IMON

May be this is not related to the security programs you have .

By the way , why do you want to run Smithfraudfix . It is supposed to be run only if needed . With NOD32 and Counterspy you are less likely to have something . I have seen many times NOD cleans well Zlob/Smithfraud

 

NOD32 detected trojandownloader.zlob.bfl during an in-depth analysis but offered no remedy so I manually deleted the file in Firefox Internet Cache that was detected. I found an entry in the registry and deleted that too. I installed Counterspy and did a scan and it found SC_Keylog. I had Counterspy delete it and its traces but the next day it reappeared in the same location during another scan. I figured the trojan had installed the keylogger and maybe remnants of the trojan I hadn't found were reinstalling it. I figured I would run Smitfraudfix to see what it found. I did another scan last night and Counterspy didn't detect a new appearance of SC_Keylog so maybe I'm clear.

I did the Smitfraudfix download with "potentially unsafe applications" unchecked per your instructions on another thread. I was getting the missing file message after that. Since then I tried running Smitfraudfix in safe mode and got the same result.

I should state that I may not have had "potentially unsafe applications" checked in AMON and IMON or the NOD32 module when I did my original NOD32 scans after Counterspy detected the SC-Keylog. Maybe that's why NOD32 didn't detect it.

 

I was finally able to run Smitfraudfix. First I changed out my hard drive with one I backed up to two weeks ago. I was able to download and run Smit with no problem using my usual browser, Firefox. I changed back to my usual hard drive and tried again to download Smit and when I would click the link to the download file I was getting a message stating that Firefox couldn't find that file. I then tried the download using IE6 and it worked. I then opened Smitfraudfix and got the options screen without the missing file message. The Smitfraud report was hard to interpret but there didn't seem to be an indication of a current infection.

I don't know what the problem is but I think I'll just restore this hard drive with a two week old image and be done with it. I guess that's why I go to the trouble of doing a drive image backup. I couldn't get DropMyRights to run on the two week old hard drive either. I'd like to be able to try it but I guess that issue is for another thread. Thanks for the input.