Tablet PC functionality incorrectly labeled at Smitfraud-C

[segalsegal]

And have you tried System Restore?

System Restore fixed the problem for me. I didn't know about Spybot > Recovery so I didn't try it, but now I know for next time.

[md usa spybot fan]

Republishing my original post so it is overlooked among intervening posts.

refractorygod:

Did you check in Spybot > Recovery and see if the removed entries can be restored?

[siljaline]

From what I have read in news and Forums, a System Restore is required to recover from this F/P
Bummer for folks that barely know how to use SR...

Silj

[Mitsubishiman]

Hello, I keep getting the same "Smitfraud-C.Toolbar888"

the only difference is the last part is "ddayy"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon|Notify\ddayy

SpyBot says it cannot remove it beacause it is in use and asks permission to run at next startup and then I reboot and it still finds it, is it the same false positive ?

Dell Dimension 8400
Windows XP Home
SP 2

[md usa spybot fan]

Mitsubishiman:

Other similar detections have been classified as false positives. See the following post in the False Positives forum:

• Tablet PC functionality incorrectly labeled at Smitfraud-C
  http://forums.spybot.info/showthread.php?t=8668

I suggest that you do not attempt to fix that detection until the detection signatures are updated.

[steamwiz]

Mitsubishiman ....

That looks like a vundo key...

It wont do any harm to run vundofix and see if it removes it...

Please download VundoFix.exe to your desktop.
1. Double-click VundoFix.exe to run it.
2. When VundoFix re-opens, click the Scan for Vundo button.
3. Once it's done scanning, click the Remove Vundo button.
4. You will receive a prompt asking if you want to remove the files, click "YES".
5. Once you click yes, your desktop will go blank as it starts removing Vundo.
6. When completed, it will prompt that it will reboot your computer, click "OK".

7. Keep the C:\vundofix.txt log & if you are having problems ... post in the malware removal forum

malware removal forum >
http://forums.spybot.info/forumdisplay.php?f=22

steam

[instantrunoff]

I purged the recovery and had System Restore disabled, because I was trying to remove an insidious NSIS Media infection. How can I get the tablet button functionality back? Is there a tablet program I can reinstall? Thanks.

[VAIO UX User]

I am having this same problem...long story made as short as possible
Spybot found Smitfraud on my Sony UX 180P handheld on Friday
- It would/could not remove both files
- Spysweeper, Ad-Aware, and Norton never saw it and I never experienced the pop-ups described with this threat
- I paid Norton to remotely access my computer to remove it, but they were unsuccessful
- I completed a system recovery on the C drive from the D drive behind the partition
- Spybot found the virus again after the recovery. Norton 2007 still does not see it, and Sony thinks it may have jumped the partition to the recovery side
- Before I send this computer back to Sony for reimaging, does this sound like a virus? or is the same issue posted by other users? <<I am a novice at this but also keep my computers 100% spyware free>>
This is what Spybot is seeing
1) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Windows\system32\netsh.exe
2) HKEY_USERS\DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Windows\system32\netsh.exe

Spybot please help ASAP before I send this handheld back!
Thanks

[spybotsandra]

Hello,

Please wait for the next detection update which will be released today (2006/11/10) - this should fix it.
Beginning with the release of Spybot - Search and Destroy 1.4 there should be updates once a week. So normally the beta public update and the official update is out on fridays.

Best regards
Sandra
Teeam Spybot

[segalsegal]

I can confirm that today's definitions do not label anything as Smitfraud on a Tablet PC that was flagged as having such a problem using last week's definitions.