There are many ways that SmitFraud can enter your PC, and the easiest way to prevent infection is to ensure that you have adequate Anti-Virus/Anti-Spyware protection. I personally use ZoneAlarm Internet Security 7 which has excellent anti-spyware/anti-virus protection and a very tough firewall. I recommend it to anyone!SmitFraud
From Wikipedia, the free encyclopedia
(Redirected from Spyware Quake)
Jump to: navigation, searchSmitFraud variants often change a computer's background to a fake Blue Screen of Death (similar to the real one depicted above) to trick users into buying fake anti-spyware programs.
SmitFraud or W32/SmitFraud.A is a type of spyware that installs itself into a computer via adware, without the user's knowledge. Most of the time, it installs itself after the computer user installs a fake codec, such as BrainCodec, PCodec or VideoKeyCodec.[1]. SmitFraud infects a Windows DLL with a computer virus [2], and typically changes the infected computer's desktop background into a Blue Screen of Death.
SmitFraud is now being used to term [3] infections wherein users receive fake alerts from software luring the user into installing some affiliated Fake / Rogue AntiSpyware with or without user's knowledge.
Contents
[hide][edit] Removal and protection
Spybot detects but cannot remove another variant of SmitFraud. In this variant, the files core.sys and core.cache.dsk are found in the C:\Windows\System32\Drivers folder. There are also two corresponding registry keys. This variant produces pop-up ads that pop-up blockers cannot suppress. Ad-Aware and regular antivirus cannot remove these files or registry keys because they load into RAM early in the boot process. Once a file containing a Smitfraud virus is in RAM, the virus program code is executed along with the file it is attached to, makes copies of itself, and the copies attach themselves to other files in Physical Memory RAM. A prime target for self proliferation by Smitfraud viruses are often the files that reside in the boot sector of the hard disk. The newly infected files are then saved (written) to the hard disk, diskette or anything else, in the normal course of the taking of the computer, and the attached virus program code remains a part of them. One solution is to boot with DOS or Linux, then remove the files, then afterwards remove the registry keys. Another solution is to reformat your computer.
SmitFraudFix is a popular tool which can be employed in the complex removal process [4] but with care [5]. It covers a wide variety of Smitfraud variants.
To protect against viruses, users should employ properly installed virus protection software, which scans RAM constantly and stops any procedure which may allow a virus to enter, and should write protect all diskettes, check all outside diskettes for viruses before trying to use them, and be cautious about where they download files from and accept files from on the Internet.
Example: ZTreeWin_1.5.zip contains a crack to register ZtreeWin 1.51 included files are: keygen.exe, one.nfo, file_id.diz and 'RUN.EXE' Its the 'RUN.EXE' that contains the Rogue Program
There is a fixtool however that is very effective. Follow all instructions!
It is located at: http://siri.geekstogo.com/SmitfraudFix.php
Direct link to the download: http://downloads.securitycadets.com/SmitfraudFix.exe
No comments:
Post a Comment