Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: Smitfraud-C False Positive

  1. #11
    Junior Member
    Join Date
    Jan 2007
    Posts
    2

    Exclamation Smitfraud-C Reg Entry...False or not??

    Hi, Can someone please tell me if the Spybot result showing Smitfraud-C Toolbar888 as a Reg entry HKEY_USERS\S-1-5-21-4190550987-2138113849-4060233106-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}, is in fact a false positive or not? It has a 'value not set' in Reg Editor, and I have never had any pop-ups, page redirections, slow downs or virus. I have win XP Home and Zone Alarm Internet Security Suite.

    Thanks

  2. #12
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    vanderhoff:

    MisterW replied to your other query here:

    Quote Originally Posted by MisterW View Post

    I can confirm that it is a false positive that will be fixed with the next update scheduled for friday

    regards,
    Markus

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  3. #13
    Junior Member
    Join Date
    Jan 2007
    Location
    USA
    Posts
    8

    Default False positive to Smitfraud?

    A scan of my Windows XP pc with Spybot shows the following entry:

    Smitfraud.C-Toolbar888
    executable
    C:\Documents and Settings\User Name\Local Settings\Temp\removalfile.bat

    I use Spybot 1.4 and have downloaded the lastest updates (as of January 21, 2007)

    Am I infected or is this also a false positive??? Thanks so much in advance for any assitance.... this is my first post in here -

  4. #14
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Smitfraud.C-Toolbar888
    executable
    C:\Documents and Settings\User Name\Local Settings\Temp\removalfile.bat
    this is not a false positive, it is a part of Smitfraud-C.Toolbar888.
    It is used by Smitfraud-C.Toolbar888 to remove some of its files.

    You will most likely need to get help in the malware removal section of the forums.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  5. #15
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,487

    Default

    Thank you Yodama. Rinasaunce, please follow the procedure in this link: "BEFORE you POST" -Preliminary Steps

    Then start your own thread in the Malware Removal Forum

    Once you have posted a helper will advise you as soon as available.

    Cheers.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  6. #16
    Junior Member
    Join Date
    Oct 2008
    Posts
    1

    Default Fix

    So I found a fix for this problem. Least wise with XP OS. If you remove everything you can with spybot then do a system restore to an earlier point, "say two days before", the bug is gone. Hope this helps everyone out.

  7. #17
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,487

    Default

    Hello Proampedprocessor,

    System restore is not an option to ensure a computer is clean. If files are infected and not removed by security software they will still be present, however perhaps made more difficult to find.

    Also, everyone please note:
    Please do NOT turn off System Restore trying to remove an infection. Doing so would only serve to destroy a known restore point (not good) and won't remove the malware. Let your helper advise you as to when a System Restore flush is called for.
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Cheers.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  8. #18
    Junior Member
    Join Date
    Jan 2009
    Posts
    1

    Default 2 years later...

    still not fixed, I'm getting it now

  9. #19
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,487

    Default

    Hello,
    Quote Originally Posted by decurser View Post
    still not fixed, I'm getting it now
    What isn't fixed? Not sure which part of the thread you are referring to.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  10. #20
    Junior Member
    Join Date
    Feb 2009
    Posts
    3

    Default

    okay
    still doing some research but it seems like Smitfraud-C.gp was found by SSnD in an exe called autorun.exe that installs Diskeeper. I downloaded this copy of DK from the official website. This is the only instance found and DK is of course installed on my computer. Lets hope this is actually a false I don't really wanna deal with removal and password changes :/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •