Home > Threats > Smitfraud

What is Smitfraud

Posted on 1 June 2005 under Trojans and viruses

1. What is Smitfraud?

Smitfraud infection installs itself into a computer without any user notice. It can be noticed by Blue Screen of Death - error screen displayed by Microsoft Windows. Smitfraud will display fake system error or security alert messages to scare PC user forcing him to buy assumed spyware protection software. Some of Windows important files can be replaced with infected ones. It is recommended to remove Smitfraud infection as soon as it has been detected.

2. Smitfraud screen shot:


3. How to remove Smitfraud:

  1. Internet connection might be disabled or Internet browser might be blocked by Smitfraud, so it won't be possible to download any files to infected computer. In this case please download all files required for Smitfraud removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
  2. To remove Smitfraud download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
  3. After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:

  4. After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove Smitfraud.

  5. Restart the computer to complete Smitfraud removal procedure.

4. Smitfraud files:

advsort.dll, iereport.dll, mssms.dll, ossmart.dll, tlhelp.dll, vpnconfig.dll, wmpdev.dll, wmphost.dll
intel32.exe, intell321.exe, m00.exe, policyverifier.exe, printer.exe, PSGuard.exe, svchost.exe, SYSMONMS.EXE, wincrt.exe, winntify.exe, zloader3.exe

5. Hijackthis entries:

O4 Entries
O4 - HKCU\..\Run: [autoload] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [autorun] C:\Documents and Settings\[username]\svchost.exe
O4 - HKLM\..\Run: [bal] C:\Program Files\WinMsg\SYSMONMS.EXE
O4 - HKLM\..\Run: [FX] C:\Documents and Settings\[username]\Desktop\m00.exe
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\system32\intel32.exe
O4 - HKLM\..\Run: [intell321.exe] C:\WINDOWS\system32\intell321.exe
O4 - HKLM\..\Run: [P.S.Guard] C:\Program Files\P.S.Guard\PSGuard.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [PSGuard spyware remover] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [Windows Critical Alert] "C:\WINDOWS\system32\wincrt.exe"
O4 - HKLM\..\Run: [WindowsFZ] C:\WINDOWS\zloader3.exe
O21 Entries
O21 - SSODL: advsort - {Random CLSID} - C:\WINDOWS\advsort.dll
O21 - SSODL: iereport - {5A50E6E8-64AA-400D-BF2D-22A046F8A5A4} - C:\windows\iereport.dll
O21 - SSODL: mssms - {1427183A-8A2E-45B5-AA2A-D9228700B9C8} - C:\WINDOWS\mssms.dll
O21 - SSODL: ossmart - {Random CLSID} - C:\WINDOWS\ossmart.dll
O21 - SSODL: tlhelp - {Random CLSID} - C:\WINDOWS\tlhelp.dll
O21 - SSODL: vpnconfig - {Random CLSID} - C:\WINDOWS\vpnconfig.dll
O21 - SSODL: wmpdev - {Random CLSID} - C:\WINDOWS\wmpdev.dll
O21 - SSODL: wmphost - {Random CLSID} - C:\WINDOWS\wmphost.dll
O23 Entries
O23 - Service: Windows Notification Service (Winnotify) - Unknown owner - C:\WINDOWS\System32\winntify.exe
Other Entries