Will also remove: PestTrap, Security IGuard, SearchMaid, Antivirus Gold (AVGold), PSGuard, VirtualMaid, SpyTrooper and others in the smitfraud family.
1. Download Smitrem.exe
and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.
2. Place a shortcut to Panda Active Scan
3. Please download the trial version of ewido anti-malware here:
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
4. If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Adware SE Setup
Don't run it yet!
5. Next, please reboot your computer in SafeMode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
6. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
7. Open Ad-aware and do a full scan. Remove all it finds.
8. Run Ewido:
Click on scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.
Close ewido anti-malware.
9. Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.
10. Reboot back into Windows and click the Panda ActiveScan shortcut.
Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When the download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
If anything suspicious is found, or any problems persist, please post the contents of the Panda scan report, along with HijackThis Log
the contents of smitfiles.txt and the Ewido Log in the virus and spyware detection
1. For 98/ME, add to the control panel instructions (step 11) as follows: Remove the check by "View my Active desktop as a web page".
Click OK then Apply and OK.
2. It could be possible, after reboot that the system is using the windows classic theme again.
To restore this and set it back to XP-theme, rightclick on your desktop > properties > tab Appearances and choose Windows XP style again under windows and buttons.
Click apply and OK.
3. Windows 98 users may get a sharing violation error and smitRem stops when trying to delete oleadm.dll (oleext.dll). This is because it's hooked by the infected wininet. Pressing F will allow the tool to complete
thanks for taking time and im sure those malicious software should be gone good luck