PDA

View Full Version : SmitFraud



pizarro
2007-06-12, 18:53
Ok, This is probably in the wrong place, but I have no idea where it should go.

My computer was infected with SmitFraud, but spybot couldn't keep it removed. I tryied the SmitFraudFix tool, but that didn't work either. I have managed to remove it and thought the info on how I got rid of the last bit of it might help.


looking through the posts on this forum helped me to remove most of it, but the last bit that the anti-virus and anti-spyware tools I used couldn't remove was located as follows.


I noticed in my HijackThis log after renaming the HijackThis program to Scanner.exe (don't know if this helped or not) this line


O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\kijvirxw.dll",realset



I removed this, and quickly booted into safe mode, rerun spybot, which removed the registry entry that kept coming back along with some cookies, and now the problem seems fixed.

If the actual dll would help someone, it can be downloaded from

pskelley
2007-06-13, 01:25
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information. "BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

That: C:\WINDOWS\system32\kijvirxw.dl Is an item most folks don't recognize as part of the infection and Vundofix does not kill it. If you want me to take a look to make sure you got it all, then read the direction I posted and let me see a HJT log. I would prefer this HJT version:

Download Trend Micro Hijack This™
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=download
Download it to your Program Files folder.
Doubleclick the HijackThis_V2.exe to start it.
Click "Do a System Scan and save a logfile"
This will create a HijackThislog.
Copy and paste the contents of the log in your next reply

Thanks