Know Your Malware: Smitfraud Removal

Smitfraud is a trojan, which changes the desktop wallpaper to a false alert or fake error message, which trick the user into downloading and purchasing corrupt anti-spyware software such as PSGuard, SpySheriff, AdwareDelete or Antivirus Gold. The parasite tracks user Internet activity and transfers gathered data to predefined web servers. It also changes Internet Explorer default home and search pages as well as some related settings and may redirect the web browser to malicious web sites. Furthermore, Smitfraud replaces some Windows critical components with own infected files. This may cause serious system instability issues. It is also known that Smitfraud drops some other parasites including a worm and several adware programs. The trojan automatically runs on every Windows startup.

Related files: bsw.exe, helper.exe, hookdump.exe, intmon.exe, intmonp.exe, msmsgs.exe, msole32.exe, ole32vbs.exe, popuper.exe, shnlog.exe, uninstiu.exe, winhook.exe, winstall.exe, wp.exe, zloader3.exe, hhk.dll, oleadm.dll, oleadm32.dll, param32.dll, wldr.dll, hp[X].tmp, perfcii.ini, sites.ini, wp.bmp

Smitfraud properties:
Changes browser settings
Connects itself to the internet
Hides from the user
Stays resident in background Remove Smitfraud, removal instructions

Linked by shanmuga Thursday, 29th December 2005 2:55AM