SmitFraud rears its ugly head....again!

In my line of work, I see alot of crazy issues with Windows-based PCs, but SmitFraud, and its many variants, seems to be one of the more troubling ones that has cropped up within the past couple of months. Several months ago I was dealing with SmitFraud, and its common variant SpySheriff, on an almost daily basis. It is described quite well in the following article provided by Wikipedia: http://en.wikipedia.org/wiki/Spyware_Quake

SmitFraud

From Wikipedia, the free encyclopedia

(Redirected from Spyware Quake)
Jump to: navigation, search

SmitFraud variants often change a computer's background to a fake Blue Screen of Death (similar to the real one depicted above) to trick users into buying fake anti-spyware programs.
SmitFraud or W32/SmitFraud.A is a type of spyware that installs itself into a computer via adware, without the user's knowledge. Most of the time, it installs itself after the computer user installs a fake codec, such as BrainCodec, PCodec or VideoKeyCodec.^[1]. SmitFraud infects a Windows DLL with a computer virus ^[2], and typically changes the infected computer's desktop background into a Blue Screen of Death.
SmitFraud is now being used to term ^[3] infections wherein users receive fake alerts from software luring the user into installing some affiliated Fake / Rogue AntiSpyware with or without user's knowledge.

Contents [hide] 1 Removal and protection 2 See also 3 External links 4 Notes

[edit] Removal and protection

Spybot detects but cannot remove another variant of SmitFraud. In this variant, the files core.sys and core.cache.dsk are found in the C:\Windows\System32\Drivers folder. There are also two corresponding registry keys. This variant produces pop-up ads that pop-up blockers cannot suppress. Ad-Aware and regular antivirus cannot remove these files or registry keys because they load into RAM early in the boot process. Once a file containing a Smitfraud virus is in RAM, the virus program code is executed along with the file it is attached to, makes copies of itself, and the copies attach themselves to other files in Physical Memory RAM. A prime target for self proliferation by Smitfraud viruses are often the files that reside in the boot sector of the hard disk. The newly infected files are then saved (written) to the hard disk, diskette or anything else, in the normal course of the taking of the computer, and the attached virus program code remains a part of them. One solution is to boot with DOS or Linux, then remove the files, then afterwards remove the registry keys. Another solution is to reformat your computer.
SmitFraudFix is a popular tool which can be employed in the complex removal process ^[4] but with care ^[5]. It covers a wide variety of Smitfraud variants.
To protect against viruses, users should employ properly installed virus protection software, which scans RAM constantly and stops any procedure which may allow a virus to enter, and should write protect all diskettes, check all outside diskettes for viruses before trying to use them, and be cautious about where they download files from and accept files from on the Internet.
Example: ZTreeWin_1.5.zip contains a crack to register ZtreeWin 1.51 included files are: keygen.exe, one.nfo, file_id.diz and 'RUN.EXE' Its the 'RUN.EXE' that contains the Rogue Program

There are many ways that SmitFraud can enter your PC, and the easiest way to prevent infection is to ensure that you have adequate Anti-Virus/Anti-Spyware protection. I personally use ZoneAlarm Internet Security 7 which has excellent anti-spyware/anti-virus protection and a very tough firewall. I recommend it to anyone!

There is a fixtool however that is very effective. Follow all instructions!
It is located at: http://siri.geekstogo.com/SmitfraudFix.php
Direct link to the download: http://downloads.securitycadets.com/SmitfraudFix.exe

To Vista or not to Vista, that is indeed the question

Windows Vista, Microsoft's newest Operating System, is now well over one year old, but the rate at which it is being adopted by people is still nowhere near Microsoft's expectations. I have worked on some Vista based machines, and I must say that as far as performance goes, the average system that someone might buy off of the shelf at one of the Big Box stores is just not up to the task of running it. Windows Vista has some steep hardware requirements as well, and it also has quite a few issues with Driver compatibility. Even though you may currently be using Vista without issues at home, the business world seems to think that Vista is still not a good idea. Did you know that business customers of select computer manufacturers, who purchased Vista Business or Ultimate, have the option of "Downgrading" to Windows XP Professional? It doesn't cost a thing! I am just wondering if there is a real need to move "up" to Vista?

For those of you out there who truly enjoy XP, the deadline for new sales of Windows XP Home Edition has been extended beyond the June 30th deadline. The current deadline covers all other versions of Windows XP (Professional and Media Center Edition). The sales deadline for Windows XP Home was extended because of the fact that any version of Vista will not run on most entry-level PCs. For those of you that are reading this blog that still have XP, I would recommend that you do plenty of research before upgrading to Vista or purchasing a new computer with Vista preinstalled. Personally, I still use Windows XP Professional or MCE on all of my computers, and I for one am not switching to Vista until I am thoroughly convinced that it is either necessary or advantageous for me to do so. I arrived at my decision to remain on XP by testing some of the applications on a decent PC with Vista Ultimate installed. I was less than pleased with the result, therefore, XP remains as my OS of choice.

The bottom line here is, if you are looking into a new computer, do your research before you just go out and buy a PC preloaded with Windows Vista. I think that Vista has potential to be much better, but it seems to be taking its good old time to evolve into a great product. I hope that as time goes on Vista develops into a product that I can use effectively for my day-to-day tasks.

Until next time....

First Post!

Thank you for stopping by! This is my first blog, and I hope that you, the reader, will bear with me as I develop it. The purpose of "Bits and Bytes" is to help the average person understand the world of Technology as we know it, and especially the world of computers.
I am in the computer business, and in addition to my full-time duties I am a Computer Instructor. I teach the "ins and outs" of computing primarily to first-time buyers, and senior citizens who are all trying their best to make sense of the crazy world that they have stepped into. Therefore, it is my desire to help as many people as I can with the knowledge that I have accumulated through 10 years of combined personal and professional experience.
After reading my posts, please feel free to leave comments and/or questions, and I will do my best to answer them.