Republishing my original post so it is overlooked among intervening posts.
refractorygod:
Did you check in Spybot > Recovery and see if the removed entries can be restored?
Last edited by md usa spybot fan; 2006-11-06 at 22:46.
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
From what I have read in news and Forums, a System Restore is required to recover from this F/P
Bummer for folks that barely know how to use SR...
Silj
Hello, I keep getting the same "Smitfraud-C.Toolbar888"
the only difference is the last part is "ddayy"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon|Notify\ddayy
SpyBot says it cannot remove it beacause it is in use and asks permission to run at next startup and then I reboot and it still finds it, is it the same false positive ?
Dell Dimension 8400
Windows XP Home
SP 2
Mitsubishiman:
Other similar detections have been classified as false positives. See the following post in the False Positives forum:
- Tablet PC functionality incorrectly labeled at Smitfraud-C
http://forums.spybot.info/showthread.php?t=8668
I suggest that you do not attempt to fix that detection until the detection signatures are updated.
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
Mitsubishiman ....
That looks like a vundo key...
It wont do any harm to run vundofix and see if it removes it...
Please download VundoFix.exe to your desktop.
1. Double-click VundoFix.exe to run it.
2. When VundoFix re-opens, click the Scan for Vundo button.
3. Once it's done scanning, click the Remove Vundo button.
4. You will receive a prompt asking if you want to remove the files, click "YES".
5. Once you click yes, your desktop will go blank as it starts removing Vundo.
6. When completed, it will prompt that it will reboot your computer, click "OK".
7. Keep the C:\vundofix.txt log & if you are having problems ... post in the malware removal forum
malware removal forum >
http://forums.spybot.info/forumdisplay.php?f=22
steam
MICROSOFT MVP - Security 2004/9 .member of ASAP since 2004 - member of U.N.I.T.E
I purged the recovery and had System Restore disabled, because I was trying to remove an insidious NSIS Media infection. How can I get the tablet button functionality back? Is there a tablet program I can reinstall? Thanks.
I am having this same problem...long story made as short as possible
Spybot found Smitfraud on my Sony UX 180P handheld on Friday
- It would/could not remove both files
- Spysweeper, Ad-Aware, and Norton never saw it and I never experienced the pop-ups described with this threat
- I paid Norton to remotely access my computer to remove it, but they were unsuccessful
- I completed a system recovery on the C drive from the D drive behind the partition
- Spybot found the virus again after the recovery. Norton 2007 still does not see it, and Sony thinks it may have jumped the partition to the recovery side
- Before I send this computer back to Sony for reimaging, does this sound like a virus? or is the same issue posted by other users? <<I am a novice at this but also keep my computers 100% spyware free>>
This is what Spybot is seeing
1) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Windows\system32\netsh.exe
2) HKEY_USERS\DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Windows\system32\netsh.exe
Spybot please help ASAP before I send this handheld back!
Thanks
Hello,
Please wait for the next detection update which will be released today (2006/11/10) - this should fix it.
Beginning with the release of Spybot - Search and Destroy 1.4 there should be updates once a week. So normally the beta public update and the official update is out on fridays.
Best regards
Sandra
Teeam Spybot
I can confirm that today's definitions do not label anything as Smitfraud on a Tablet PC that was flagged as having such a problem using last week's definitions.