Good morning -
I've got a weird problem, complicated by the fact that it's not technically my problem. Well, it's not on my computer anyway. A friend (Jerry) got smitfraud. He took it to a local repair shop. It came back and was behaving but Spybot kept insisting Smitfraud-c was still present. Unable to remove. Thinking that I could help, I went over, we googled around, came up with some instructions off of various forums.
One of the steps was downloading and installing spyaxefix.exe. What I didn't catch was some posts warning that AVG would freak. It did as soon as we tried to expand the download. If it was my computer I prob'ly would have just continued, but it wasn't so we backed out and deleted the download and the expanded program, and just followed the other steps such as using Ewido, smitrem, etc.
Now AVG is still detecting spyaxefix as a virus, Spybot is still insisting that smitfraud-c is lurking inside the machine, Jerry and the guys at the repair shop are mad at me; oh why did I have to stick my nose into it?
To add to the confusion, Jerry says that googling "spyaxefix" brought up news that the program is a hoax. I looked around and couldn't find anything indicating this. What's the deal w/ spyaxefix? Legit or not? How to remove?
I can ask Jerry to send me a fresh HJT log if anyone wants to see it.

Hi

Both spyaxefix and smitrem are lagitamat programs, avg is definatly wrong.

Use this for the remnants of Smitfraud-c
winhelp2002's DelDomains.inf , found here
http://www.mvps.org/winhelp2002/restricted.htm
Afterward's you will need to immunize again in SpyBot and re-protect again with SpywareBlaster. or re-install iespyadds if you use it.

Hi, LonnyR -
Thanks very much. The link you provided appears to offer many solid ideas. I'll print it out and march thru all the steps for my own machine as well.
However, I'm confused as to what you want me to do with my friend's machine. Do you want me to follow the "DelDomains" link and execute? I guess I need to read the whole webpage thru & thru but I don't understand how clearing out the Restricted Zone is going to make him safer nor get rid of the remnants that are causing trouble?
If you know what you're doing, feel free to tell me "I know what I'm doing" and I'll just obey without trying to analyze ;)
Jerry took his machine back to the repair shop. Supposedly they found 40 viruses on the machine already. That doesn't seem right to me - he only had it home for a day or two and he doesn't browse recklessly. I think one of the things we're going to do is get away from IE and on to Firefox. He's using AVG, ZA, SpywareBlaster, Spybot, & AAW. Updates regularly. Do you have any other suggestions for beefing up basic security levels?
Oh, one more thing - IE-Spyadds - I've never done this. Do you recommend? I'd always thought this was useful for people who wander widely on the net, not for those of us with a fairly limited circle of sites that we frequent. I do go off the beaten path every once in a while...

Hi
If smitrem was ran and ssd still detects Smitfraud-c use that INF at winhelp2002's

If winhelps hosts file was on that pc, SpywareBlaster (by javacool) and
iespyadds (yes i recommend it highly) the pc probaly would have never been infected.

Remind them to keep IE up to date even if they use an alternative broswer.

Regards

This topic will now be archived.
If you need the thread reopened please pm me.