Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: Tablet PC functionality incorrectly labeled at Smitfraud-C

  1. #11
    Junior Member
    Join Date
    Nov 2006
    Posts
    7

    Default

    Quote Originally Posted by satrow View Post
    And have you tried System Restore?
    System Restore fixed the problem for me. I didn't know about Spybot > Recovery so I didn't try it, but now I know for next time.

  2. #12
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    Republishing my original post so it is overlooked among intervening posts.

    refractorygod:

    Did you check in Spybot > Recovery and see if the removed entries can be restored?
    Last edited by md usa spybot fan; 2006-11-06 at 23:46.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  3. #13
    Former Microsoft MVP (RIP) siljaline's Avatar
    Join Date
    Oct 2005
    Location
    Montréal, Canada
    Posts
    50

    Default

    From what I have read in news and Forums, a System Restore is required to recover from this F/P
    Bummer for folks that barely know how to use SR...

    Silj

  4. #14
    Junior Member
    Join Date
    Nov 2006
    Posts
    4

    Default

    Hello, I keep getting the same "Smitfraud-C.Toolbar888"

    the only difference is the last part is "ddayy"

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon|Notify\ddayy

    SpyBot says it cannot remove it beacause it is in use and asks permission to run at next startup and then I reboot and it still finds it, is it the same false positive ?

    Dell Dimension 8400
    Windows XP Home
    SP 2

  5. #15
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    Mitsubishiman:

    Other similar detections have been classified as false positives. See the following post in the False Positives forum:

    I suggest that you do not attempt to fix that detection until the detection signatures are updated.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  6. #16
    Security Expert-Emeritus steamwiz's Avatar
    Join Date
    Dec 2005
    Location
    Yorkshire. U.K.
    Posts
    1,313

    Default

    Mitsubishiman ....

    That looks like a vundo key...

    It wont do any harm to run vundofix and see if it removes it...

    Please download VundoFix.exe to your desktop.
    1. Double-click VundoFix.exe to run it.
    2. When VundoFix re-opens, click the Scan for Vundo button.
    3. Once it's done scanning, click the Remove Vundo button.
    4. You will receive a prompt asking if you want to remove the files, click "YES".
    5. Once you click yes, your desktop will go blank as it starts removing Vundo.
    6. When completed, it will prompt that it will reboot your computer, click "OK".

    7. Keep the C:\vundofix.txt log & if you are having problems ... post in the malware removal forum

    malware removal forum >
    http://forums.spybot.info/forumdisplay.php?f=22

    steam
    MICROSOFT MVP - Security 2004/9 .member of ASAP since 2004 - member of U.N.I.T.E

  7. #17
    Junior Member
    Join Date
    Nov 2006
    Posts
    6

    Default Manual Recovery?

    I purged the recovery and had System Restore disabled, because I was trying to remove an insidious NSIS Media infection. How can I get the tablet button functionality back? Is there a tablet program I can reinstall? Thanks.

  8. #18
    Junior Member
    Join Date
    Nov 2006
    Posts
    1

    Unhappy Smitfraud-C

    I am having this same problem...long story made as short as possible
    Spybot found Smitfraud on my Sony UX 180P handheld on Friday
    - It would/could not remove both files
    - Spysweeper, Ad-Aware, and Norton never saw it and I never experienced the pop-ups described with this threat
    - I paid Norton to remotely access my computer to remove it, but they were unsuccessful
    - I completed a system recovery on the C drive from the D drive behind the partition
    - Spybot found the virus again after the recovery. Norton 2007 still does not see it, and Sony thinks it may have jumped the partition to the recovery side
    - Before I send this computer back to Sony for reimaging, does this sound like a virus? or is the same issue posted by other users? <<I am a novice at this but also keep my computers 100% spyware free>>
    This is what Spybot is seeing
    1) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Windows\system32\netsh.exe
    2) HKEY_USERS\DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Windows\system32\netsh.exe

    Spybot please help ASAP before I send this handheld back!
    Thanks

  9. #19
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    Please wait for the next detection update which will be released today (2006/11/10) - this should fix it.
    Beginning with the release of Spybot - Search and Destroy 1.4 there should be updates once a week. So normally the beta public update and the official update is out on fridays.

    Best regards
    Sandra
    Teeam Spybot

  10. #20
    Junior Member
    Join Date
    Nov 2006
    Posts
    7

    Default

    I can confirm that today's definitions do not label anything as Smitfraud on a Tablet PC that was flagged as having such a problem using last week's definitions.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •