GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Computer Gurus...I need your help! (Virus problem)

eroticsexxx · 08-21-2008, 12:06 AM

Sounds like your PC has been infected by a Smithfraud variant. I deal with those nasty buggers all the time. Those are tough to get rid of because they embed themselves in system processes. You can remove the core, but a benign process simply copies it back into place when you reboot.

Here's what you do to remove them -

Download the smithfraud fix from here:
http://www.bleepingcomputer.com/files/smitfraudfix.php

Download ATF cleaner from here:
http://www.atribune.org/index.php?op...25&Itemi d=25

Download spybot search and destroy from here:
http://www.safer-networking.org

Fully install the spybot search and destroy program FIRST, downloading all updates.

Boot into safe mode and run the "clean" option (#2) of the Smithfruadfix. It will stop all processes while it does its scan, including explorer, so your taskbar and desktop will disappear. It shuts down everything so that the virus doesn't leave any processes to monitors that the core virus was removed.

When it asks to clean the registry, enter "Y".

This will reset your wallpaper, browser search pages, and other elements that these variants target.

Disk cleanup will be started automatically when the clean is done. If you have a lot of time on your hands, let it run. Otherwise, cancel it and run the ATF cleaner, which is much faster. Clear EVERYTHING using ATF cleaner, then run Spybot Search and destroy to clean up the leftovers that may still be present. You can run a viruscan in safe mode while you're at it for good measure.

Reboot and you will be just fine.

08-21-2008, 12:06 AM
eroticsexxx Confirmed User Industry Role: Join Date: Aug 2006 Location: Nassau, Bahamas Posts: 3,133	Sounds like your PC has been infected by a Smithfraud variant. I deal with those nasty buggers all the time. Those are tough to get rid of because they embed themselves in system processes. You can remove the core, but a benign process simply copies it back into place when you reboot. Here's what you do to remove them - Download the smithfraud fix from here: http://www.bleepingcomputer.com/files/smitfraudfix.php Download ATF cleaner from here: http://www.atribune.org/index.php?op...25&Itemi d=25 Download spybot search and destroy from here: http://www.safer-networking.org Fully install the spybot search and destroy program FIRST, downloading all updates. Boot into safe mode and run the "clean" option (#2) of the Smithfruadfix. It will stop all processes while it does its scan, including explorer, so your taskbar and desktop will disappear. It shuts down everything so that the virus doesn't leave any processes to monitors that the core virus was removed. When it asks to clean the registry, enter "Y". This will reset your wallpaper, browser search pages, and other elements that these variants target. Disk cleanup will be started automatically when the clean is done. If you have a lot of time on your hands, let it run. Otherwise, cancel it and run the ATF cleaner, which is much faster. Clear EVERYTHING using ATF cleaner, then run Spybot Search and destroy to clean up the leftovers that may still be present. You can run a viruscan in safe mode while you're at it for good measure. Reboot and you will be just fine. __________________