Page 1 of 2 12 LastLast
Results 1 to 10 of 23

Thread: Smitfraud-C False Positive

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Member
    Join Date
    Dec 2005
    Posts
    42

    Default Smitfraud-C False Positive

    My computer is deemed to be clean so I am also reporting the following.

    My computer is running Windows XP and when I scan with Spybot I get the following Smitfraud-C False Positive that can't be fixed:

    User settings

    HKEY_USERS\S-1-5-21-3631192919-4047014472-3028651874-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\ *!=W=4

    Registry change

  2. #2
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    Although your "computer is deemed to be clean" that may not be a false positive.

    Please go into Internet Explorer > Tools > Internet Options … > Security tab. One at a time click on each of the following buttons:
    • Internet
    • Local Internet
    • Trusted sites
    • Restricted sites

    While in each of those buttons, click the Sites button and inspect the lists for:
    • *.free-spy-cam.net

    Under which of the four buttons did you find the entry?

    Note: Hopefully you can find the entry because the detection is for a registry hive other than the current user hive.
    Last edited by md usa spybot fan; 2005-12-11 at 02:31.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  3. #3
    Member
    Join Date
    Dec 2005
    Posts
    42

    Default

    Hello md usa spybot fan,

    Thank you for replying to my post.

    This is what I found by following your instructions.

    I have NO Sites listed for:

    Internet *
    Local Intranet
    Trusted sites


    Under Restricted sites I have these which are similar:

    http:// *.free-spy-cam.net
    https:// *.free-spy-cam.net

    * Edit: I guess it should be noted that while the Internet description reads "This zone contains all Web sites you haven't placed in other zones" the button is inaccessible, as is the "Default Level" button. Could this be because of other Security Software?
    Last edited by Oppressed; 2005-12-11 at 19:07.

  4. #4
    Junior Member
    Join Date
    Dec 2005
    Posts
    4

    Default

    Oppressed and Spybot Helpers,

    I have the exact same problem as Oppressed. I was infected by Spyaxe. By running the smitrem.exe, many files were deleted and my PC became stable.

    I run Spyware Doctor, and Mcaffee and the report shows no virus or trojans. However, Spybot shows that I still have the Smithfraud trojan, and Spybot can not remove it. The detail of the Spybot is as follows:

    Smitfraud-C.: User settings (Registry change, fixing failed)
    HKEY_USERS\S-1-5-21-3834227258-2264835413-2960356022-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net\*!=W=4

    I also have the two websites listed in my Restricted Zone:

    http:// *.free-spy-cam.net
    https:// *.free-spy-cam.net

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,491

    Default

    I have brought this topic to Team's attention.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  6. #6
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    thanks for reporting,

    the issue has been found and corrected, and will be available with the next update scheduled for the end of the week.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  7. #7
    Junior Member
    Join Date
    Jan 2007
    Posts
    1

    Default

    Its jan 07 and ive updated spybot and i still have smitfraud showing when i run sb and it want remove it

  8. #8
    Junior Member
    Join Date
    Jan 2007
    Posts
    2

    Exclamation Smitfraud-C Reg Entry...False or not??

    Hi, Can someone please tell me if the Spybot result showing Smitfraud-C Toolbar888 as a Reg entry HKEY_USERS\S-1-5-21-4190550987-2138113849-4060233106-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}, is in fact a false positive or not? It has a 'value not set' in Reg Editor, and I have never had any pop-ups, page redirections, slow downs or virus. I have win XP Home and Zone Alarm Internet Security Suite.

    Thanks

  9. #9
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    vanderhoff:

    MisterW replied to your other query here:

    Quote Originally Posted by MisterW View Post

    I can confirm that it is a false positive that will be fixed with the next update scheduled for friday

    regards,
    Markus

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  10. #10
    Junior Member
    Join Date
    Jan 2007
    Location
    USA
    Posts
    8

    Default False positive to Smitfraud?

    A scan of my Windows XP pc with Spybot shows the following entry:

    Smitfraud.C-Toolbar888
    executable
    C:\Documents and Settings\User Name\Local Settings\Temp\removalfile.bat

    I use Spybot 1.4 and have downloaded the lastest updates (as of January 21, 2007)

    Am I infected or is this also a false positive??? Thanks so much in advance for any assitance.... this is my first post in here -

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •