PDA

View Full Version : SmitFraud .. just gimme a sledgehammer PLEASE



TheWildInside
2007-01-12, 20:03
Hey there folks,

I've spent the last WEEK messin' with my laptop, at the exclusion of prime jewelry bench time (with a load of orders awaiting my return). It was the result of SpyBot locating and being unable to clean SmitFraud-C.Toolbar888 that got me started; and in all fairness to this false positive glitch, I was able to work with some online techs at techspot.com and cleaned off some other pervasive things I couldn't possibly have cleaned on my own (and which none of my "guardian" devices picked up).

BUT .. here remains SmitFraud. After getting no where with techspot on this issue, I searched again and found this forum (didn't know it was out here!) and discovered the whole false positive thing .. and then posts on fixing SmitFraud, and then fixing the SmitFraud Fix, etc. Understandably (as my laptop has ALL my business and personal information resident on it), I'm a bit concerned at mucking up my laptop to the point where I cannot perform daily duties on it. I only just noticed that a "fix" was scheduled for today. So I open SpyBot, click on Search for Updates and see one with today's date on it!! Yeah, says I. But, when I tried to download it - and several other detection rules with it - I received those universal red circles with the line through it next to the green checkmarks, and a "!!! bad check sum !" in the "Info" column. Now granted, I've been updating with SpyBot everyday since this began a week ago .. so perhaps SpyBot's response was a sorta "you've already downloaded this update" ... except that wouldn't be the case with the 1/12/07 update.

Even knowing this annoying piece of mistaken computer speak is a false positive doesn't relieve my mind, it just makes me all the more anxious every time I scan and still see it there.

Anyone know what's going on with this SmitFraud thing, and why I can't download the update? How DO I take a sledge hammer to this thing?!?!?

Losing sleep, gaining weight, and heading for the Valium soon :red:

Karan

TheWildInside
2007-01-12, 20:24
Forgot to post the log .. I'm HOPING this is a false positive. Perhaps I really do have yet more to clean up?!?! Will anxiously await word (thank you!!)

Smitfraud-C.Toolbar888: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TabBtnWL

Smitfraud-C.Toolbar888: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring

Zenobia
2007-01-13, 01:36
Please see here,about Bad Checksum:
http://forums.spybot.info/showpost.php?p=51249&postcount=2

There was a false positive reported back in November here:
http://forums.spybot.info/showthread.php?t=8668&highlight=Sebring


The latest updates for Spybot (most dated 3 November) seem to recognize some key Tablet PC functionality as a threat and delete it. The damage can be undone with Windows XP System Restore.

Spybot detects what it refers to as "Smitfraud-C.Toolbar888", and flags the following registry entries as problems:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\TabBtnWL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\Sebring

Zenobia
2007-01-13, 12:13
Since I saw on techspot you were looking to upgrade from Spybot 1.3 to Spybot 1.4,I thought I'd put on some links for you in case you'd like to have a look.
How to Uninstall:
http://www.safer-networking.org/en/faq/27.html
Spybot download page:
http://www.spybot.info/en/download/index.html
Here's a tutorial:
http://www.spybot.info/en/tutorial/index.html

TheWildInside
2007-01-13, 23:27
Thanks Zenobia, I had actually gone out and snagged v1.4 before coming back here; but your link to the Bad CheckSum and the required fix for that made all the difference. I've been using SpyBot for ... well, a long time; and I'd never had a problem downloading updates before, and so was unaware that there are multiple sites from which to download updates. After installing v1.4 and finally getting the updates installed, I began to scan ... and I'm STILL scanning, three hours later!! Ei yi yi. But, I did happen to be watching when the SmitFraud piece went through, and it moved on to look for the next nasty with nothing reported for SmitFraud. So I'm assuming I'm now ALL clean. And the top's still on the Valium bottle, so I'm doin' OK.

Thank you so much for your response .. a donation is next on my "to do" list.

Karan, (who was actually able to get back to the jewelry bench today!) :D:

Zenobia
2007-01-13, 23:53
You're welcome. :)
I'd also meant to post this link,as I saw you used Teatimer,please see here for fixes/workarounds for the gui bug with Spybot 1.4's Teatimer:
http://forums.spybot.info/showpost.php?p=39159&postcount=2

That's quite a long scan time.If you want,a scan in safe mode might possibly help speed up Spybot a little the next time you do a scan.How to do a scan in safe mode is posted in the second half of this post:
http://forums.spybot.info/showpost.php?p=23629&postcount=2

How to run in Safe Mode:
Reboot your computer into SafeMode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, begin tapping F8.
* Instead of Windows loading as normal, a menu should appear.
* Select the first option, to run Windows in Safe Mode.


Open Spybot-S&D while still in safe mode.

* Close all browsers, check for problems and fix everything found in red
* Repeat until no more items are found in red
* Close Spybot-S&D
* Reboot back into Windows

TheWildInside
2007-01-14, 19:00
Oh, I'd been doin' a whole lotta scanning and cleaning in safe mode over the last week, so I'm pretty comfortable with gettin' there and doing the job. And I'm thinkin' that the extraordinarily long scan time was due to both the upgrade and the additional updates that I'd been unable to snag before. If it looks like it's going to be another long one next time I scan, I'll cancel and try it in safe mode. But most all scans prior to the upgrade/updates took only 5 or 10 minutes tops.

I had actually not ever enabled Teatimer before because I wasn't really sure how it worked and didn't have the time to explore. And now that I'm fully up to date AND have ZoneAlarm up and running to boot, I feel like I'm pretty well covered. If there's something that Teatimer offers that all the others don't, please let me know. Besides SpyBot, I'm now running and keeping up to date: Ad-Aware SE Personal, AVG Anti-Spyware, AVG Anti-Virus, ZoneAlarm and Ccleaner ('cuz I like its ability to delete junk better than my laptop's utilities for doing that).

I donated $40 to the cause .. wish it could've been more :red:

Karan

Zenobia
2007-01-15, 03:55
Oops,sorry about that.I'd saw your helper telling you to temporarily disable Teatimer in your thread on techspot,so just assumed you used it,that's why I'd posted about fixing Spybot 1.4's teatimer after you'd downloaded Spybot 1.4.Hope you didn't mind me reading your thread there,I saw it there and decided to read along,as I didn't want to post here too much until you and your Helper were done,to avoid me interfering in any way.

Looks like some people experienced an increased scan time after Spybot's updates Friday,and it looks like some of them have AVG antivirus,too.You could have a look if you like,though it is a long thread.
http://forums.spybot.info/showthread.php?t=10443
There's a suggestion by bitman here,where he says you could try temporarily disabling the AVG real-time protection while scanning with Spybot,then reenabling it once you are done.That might help speed things along next time ,if the scan is still slow,probably easier than booting to safe mode.
http://forums.spybot.info/showpost.php?p=63447&postcount=23

Glad you've gotten everything sorted out with the false positive,etc. :)