(NOTE: this is a long post, but PLEASE read through this, as i have no clue what's happening right now)

Hey guys, i'm new to this forum. I have spybot-sd installed, as well as a portable version of it. I do need some help here, as i've read other threads on Smitfraud-C. as a false positive. Unfortunately, mine isn't logged in a registry file, it's in \Windows\system\svchost.exe. Teatimer is warning me that this is a malicious program. So, being a guy who's smart, i scanned my computer with spybot sd. It found smitfraud-c. again, so i deleted it. Thank god it made a system restore point, because after i deleted it, my computer lagged a bit,and i had to restart my computer.

Unforuntately, a restart didn't fix anything, because now not only spybot bugged me about global start up changes, Gogodata toolbar tray didn't start up, ad-watch was bugging me about registry changes and my winpatrol wouldn't display it's main menu. To top it off, all my .exe extensions were opening with folder lock. So i attempted to go right to the source in my program files to open my antivirus software. No go, as my shortcuts didn't work either. So i tried to scan the computer with the 2 remaining that were open, AVG Antivirus with firewall and AVG Anti-Spyware. Antivirus found 3 trojans, but they were previously there 2-3 weeks ago, and i didn't realize that, but i haven't had any problems with my computer a while back. It also reported a dll32 change and a host change in (i think) WINDOWS\system\drivers\hosts. So, seeing that i couldnt' do anything else, i booted up my computer again in safe mode with networking. I did a system restore, and started my computer normally again. I thought everything was OK, but then immediately after startup spybot started bugging me about smitfraud-c. again (i restored till right up before spybot removed smitfraud-c.). Adaware was warning me about something trying to delete a registry value (AVG-Antivirus from startup) and winpatrol was warning me about a possible hi-jack in my IE home page. My GoGoData Tray also popped up about 50 windows (literally) saying that AVG-Antispyware was trying to be removed from global startup. At that point, i was hoping to run a portable version of spybot/adware and scan my ccomputer, but because my flash drive was flashing non-stop, i had to pull it out and replug it back in. That only made matters worse, cause now all my files were being opened with folder lock. And to make matters worse, all of them ended in a .ink extension. I just gave up and shut down my computer, and went over to my parents comptuer to write this.

Basically, i have a system file infected (possibly) with a Smitfraud-c. virus (or w/e it is) and now i can't do anything without worrying that my computer may crash. Any help?

I know this was a long post, and if you made it to the bottom then congrats to you:bigthumb:

This is an urgent post. Any repliers/moderators help would be appreciated.

Please, any moderators out there? I'm really stuck, i tried a system restore, now i think the system restore's messed up. It's stuck.

EDIT: Nvm it's done ;)

ok, i'm done restoring, but i have no change. It's still the same thing and winpatrol keeps warning me about a change to a hosts file in C:\Windows\system32\etc\hosts

Alright, since i've had no help what so ever, and since no .exe's work i have to resort to the last possible way. I'm reformatting my computer, since nothing works and everything was screwed up. Somehow, my C:\Windows ended up in my recyling bin, and i think that was just a copy of it too.

A bit of help would've been appreciated :mad:

Apparently, there were many posts about this problem. Somehow, none of them related to mine. Smitfraud-c. lodges itself into the registry. I somehow got mine in a system folder. I would've run hijackthis and post a log, but unfortunately by the time i thought of that my computer already didn't allow me to open any .exe extensions. So i had to resort to formatting my computer.

Please read my other post for more details. I"m just asking now, was there anything i could've done before formatting? (i've tried downloading the remover for Smitfraud-c. It wouldn't install properly):sad:

Hello, sorry to hear of the problems you experienced.

We have a Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) to assist our members in the analysis and removal of infections that cannot be removed by normal means.

Sticky topic in that forum: "BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)

Once you posted, a helper would have advised and guided you through a cleanup as soon as possible.

If you could not immediately produce a hjt log they would have tried to find a way. :)

srry. I kinda didn't have time to read all the rules, but by the time i did it was when my computer was already messed up. I still dont know what happend, but i'm pretty srue it was smitfraud-c.

Some credit does go to my dad, as he searched ".exe to .lnk convert" or something like that. It brought up a link that told me to download a .reg file and merge it with my registry. But, that was .exe. Some other guy on the forum also formatted his computer, since he couldn't run anything. But, i found out how to add the.reg file to my registry. (Amazingly, the dude stated that he had 3 trojans horses on his computer + all his .exe's couldn't open and were converted in .lnk, which were EXACTLY my symptoms) I changed the program .reg was supposed to open with (from unknown application to regedit in Windows\regedit).

Just a heads up to the Spybot S-D team, i don't think the Smitfraud-C. was the cause of this, but could you please look into this Smitfraud-C.? I think it's a trojan horse.

Hello.

I was under the impression you reformatted as posted above. :spider:

We would have had to see logs before an analysis could have been made, but yes we are familiar with Smitfraud-C.

Glad it worked out for you. :)

I am so sorry, i was going to reformat. But then my dad took 10 seconds to do a bit of research, and that kinda saved my computer.

I'll try posting a hjt log later on in the malware section, before i remove all my keyloggers, win32.backdoor, downloader and a couple of other things.

Should i post anything else?

Hi there.

All the information for posting in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) is here: "BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)

Cheers. :)